(2010.04.22)
Introduction
The Ubuntu team is happy to bring you the latest and greatest software the Open Source community has to offer. Our newest release, the Ubuntu 10.04 LTS Release Candidate, brings a host of exciting new features for users.
Upgrading from Ubuntu 9.10 or Ubuntu 8.04 LTS
To upgrade from Ubuntu 9.10 on a desktop system, press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '10.04' is available. Click Upgrade and follow the on-screen instructions.
To upgrade from Ubuntu 9.10 on a server system: install the update-manager-core package if it is not already installed; edit /etc/update-manager/release-upgrades and set Prompt=normal; launch the upgrade tool with the command sudo do-release-upgrade -d; and follow the on-screen instructions.
To upgrade from Ubuntu 8.04 LTS: follow the same instructions as for the appropriate Ubuntu 9.10 upgrade, but set Prompt=lts instead of Prompt=normal.
Download
(Ubuntu Desktop, Netbook and Server)
(Ubuntu Server for UEC and EC2)
(Kubuntu Desktop and Netbook Remix)
(Xubuntu)
(Edubuntu)
(Mythbuntu)
(Ubuntu Studio)
Local mirrors are also available:
Asia
(Japan)
(Singapore)
(Kuwait)
(Cyprus)
Europe
(Ireland)
(Switzerland)
(Germany)
(Sweden)
(Netherlands)
(Germany)
North America
(Canada)
(United States)
Oceania/Australia
(New Zealand)
(New Zealand)
(Australia)
GNOME
Ubuntu 10.04 LTS RC includes the latest GNOME desktop environment with a number of great new features.
Linux kernel 2.6.32
Ubuntu 10.04 LTS RC includes the 2.6.32-21.32 kernel based on 2.6.32.11.
KDE SC 4.4
Kubuntu 10.04 LTS RC features the new KDE SC 4.4. For more information about new features in Kubuntu, see the Kubuntu technical overview.
HAL removal
This release fully removes HAL from the boot process, making Ubuntu faster to boot and faster to resume from suspend.
Major new version of likewise-open
The likewise-open package, which provides Active Directory authentication and server support for Linux, has been updated to version 5.4. The package supports upgrades from both the officially supported versions 4.0 (Ubuntu 8.04 LTS) and 4.1 (Ubuntu 9.10), as well as the likewise-open5 packages from universe.
Since this upgrade involves a lot of configuration file changes and in-place database upgrades, testing and feedback is appreciated.
New default open source driver for nVidia hardware
The Nouveau video driver is now the default for nVidia hardware. This driver provides kernel mode setting, which will give improved resolution detection. This driver provides hardware accelerated 2D functionality, like the -nv driver it replaces. The nouveau driver is being actively developed upstream and we anticipate this will enable faster bug fixes for problems encountered.
Improved support for nVidia proprietary graphics drivers
Three different NVIDIA proprietary drivers are currently available: nvidia-current (190.53), nvidia-173, and nvidia-96. Thanks to a new alternatives system, it is now possible to install all three of these packages at the same time (although it is only possible to have one configured for use at a time).
Social from the Start
We now feature built-in integration with Twitter, identi.ca, Facebook, and other social networks with the MeMenu in the panel, which is built upon the Gwibber project, which has a completely new, more reliable backend built on top of desktopcouch. Gwibber now also supports a multi-column view for monitoring multiple feeds simultaneously.
New boot experience
Multiple changes to look, feel and speed of the boot experience have been included in the Ubuntu 10.04 LTS Release Candidate.
New Indicators
The notification area now features more consistent user experience and design for communication, session management, and many other tasks. See the application indicators page for information on this change.
New Themes
The desktop has been beautified with the addition of two brand new themes, Ambiance and Radiance. New wallpaper and icons are also included.
Ubuntu One File Syncing
Select any folder in your home directory for sync, pick from your existing contacts when sharing folders. An updated preferences application has been added, with more features.
Ubuntu One Music Store
Millions of songs are available for purchase from your Ubuntu desktop, integrated with the Rhythmbox Music Player and using Ubuntu One cloud storage for backup and easy sync.
New features for Ubuntu Enterprise Cloud (UEC)
The Ubuntu Enterprise Cloud installer has been vastly improved in order to support alternative installation topologies. UEC components are now automatically discovered and registered, including for complex topologies. Finally, UEC is now powered by Eucalyptus 1.6.2 codebase.
Security Issue when upgrading from Lucid Alpha 2
If you installed Lucid prior to Alpha 3, you may have libmysqlclient16 7.0.9-1 installed. This package was present in the Ubuntu archive by mistake and was retracted, but because it has a later version number than the real libmysqlclient16 package, the real package will not be installed automatically on upgrade. To ensure that you have the official package installed on your Lucid system and will receive security support for it throughout Ubuntu 10.04 LTS, it is important that you run sudo apt-get install libmysqlclient16/lucid and follow the instructions.
Known issues
There are a small number of known bugs that users may run into with Ubuntu 10.04 LTS RC which will be fixed before the final release. We have documented them here for your convenience along with any known workarounds.
For a full list of errata for Ubuntu 10.04 LTS, please see the Ubuntu 10.04 LTS release notes.
* LVM, RAID, or encrypted block devices are incorrectly limited to 2TiB. This issue will be resolved for the 10.04 LTS release. (543838)
* In some cases, the partitioner will fail with the error message "Unable to satisfy all constraints" when using previously existing partitions. This bug will be resolved for the 10.04 LTS release; users encountering it are advised to wait for the fix in the final release. (558382)
* Support for XFS and JFS is missing from the Ubuntu LiveCD. Users who need support for the XFS or JFS filesystems on their Ubuntu desktop at install time can install using one of the other installation media (Ubuntu alternate CD or Ubuntu DVD), or can wait for the final release of Ubuntu 10.04 LTS. (568024)
* A memory leak in the X server's handling of 3D rendering will cause systems that use the default compiz window manager to become sluggish over time. This bug is being actively investigated and a resolution is expected for the final release of Ubuntu 10.04 LTS. (565981)
Help Spread the Word About Ubuntu 10.04 LTS
New banners are available for counting down the days until the Ubuntu 10.04 LTS release:
http://www.ubuntu.com/getubuntu/countdown
You can add the countdown banner to your website to help build excitement for the new release as the date approaches.
Participate in Ubuntu
If you would like to help shape Ubuntu, take a look at the list of ways you can participate at
http://www.ubuntu.com/community/participate/
Showing posts with label rc. Show all posts
Showing posts with label rc. Show all posts
Thursday, April 22, 2010
Friday, October 23, 2009
Ubuntu 9.10 (Karmic Koala) Release Candidate
(2009.10.22)
Introduction
The Ubuntu team is happy to bring you the latest and greatest software the Open Source community has to offer. This is their latest result, the Ubuntu 9.10 Release Candidate, which brings a host of exciting new features.
Upgrading from Ubuntu 9.04
To upgrade from Ubuntu 9.04 on a desktop system, press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '9.10' is available. Click Upgrade and follow the on-screen instructions.
To upgrade from Ubuntu 9.04 on a server system: install the update-manager-core package if it is not already installed; edit /etc/update-manager/release-upgrades and set Prompt=normal; launch the upgrade tool with the command sudo do-release-upgrade -d; and follow the on-screen instructions.
Download
Get it while it's hot. ISOs and torrents are available at:
http://releases.ubuntu.com/releases/9.10/ (Ubuntu Desktop, Server, and Netbook Remix)
http://uec-images.ubuntu.com/releases/9.10/rc (Ubuntu Server for UEC and EC2 clouds)
http://releases.ubuntu.com/kubuntu/9.10/ (Kubuntu Desktop and Netbook)
http://cdimage.ubuntu.com/xubuntu/releases/9.10/rc/ (Xubuntu)
http://cdimage.ubuntu.com/ubuntustudio/releases/9.10/rc/ (UbuntuStudio)
http://cdimage.ubuntu.com/mythbuntu/releases/9.10/rc/ (Mythbuntu)
http://cdimage.ubuntu.com/edubuntu/releases/9.10/rc/ (Edubuntu)
Local mirrors are also available:
Asia
http://mirror.unej.ac.id/ubuntu-cd/ (Indonesia)
http://ftp.linux.org.tr/ubuntu-releases/ (Turkey)
http://ubuntu.qualitynet.net/releases/ (Kuwait)
Europe
http://ie.releases.ubuntu.com/ (Ireland)
http://mirror.switch.ch/ftp/mirror/ubuntu-cdimage/ (Switzerland)
http://se.releases.ubuntu.com/ (Sweden)
http://ubuntu.ipacct.com/releases/ (Bulgaria)
http://nl.releases.ubuntu.com/releases/ (Netherlands)
http://ftp.uni-kl.de/pub/linux/ubuntu.iso/ (Germany)
North America
http://mirror.anl.gov/pub/ubuntu-iso/CDs/ (United States)
http://mirror.csclub.uwaterloo.ca/ubuntu-releases/ (Canada)
http://mirrors.cat.pdx.edu/ubuntu-releases/ (United States)
http://mirrors.gigenet.com/ubuntu/ (United States)
http://ubuntu.cs.utah.edu/releases/ (United States)
http://ubuntu.media.mit.edu/ubuntu-releases/ (United States)
Oceania/Australia
http://ftp.citylink.co.nz/ubuntu-releases/ (New Zealand)
South America
http://mirrors.ucr.ac.cr/ubuntu-cd/ (Costa Rica)
New features since Ubuntu 9.04
Upstart
As part of our boot performance work, we have now transitioned to Upstart native jobs, to let users get to their desktop faster after boot. Upstart is written by Scott James Remnant.
Software Center
Ubuntu 9.10 RC includes the Ubuntu Software Center, developed by Michael Vogt, replacing 'Add/Remove' in the Applications menu.
GNOME
Ubuntu 9.10 RC includes the latest GNOME 2.28 desktop environment with a number of great new features:
* Empathy has replaced Pidgin as the default instant messaging client, introducing the Telepathy framework.
* The gdm 2.28 login manager by William Jon McCann is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience.
* Evince, the GNOME document viewer, now ships with an enforcing AppArmor profile. This greatly increases security by protecting you against flaws in the historically problematic PDF and image libraries. Users who use a non-standard location for their home directory will need to adjust the home tunable in /etc/apparmor.d/tunables/home. This profile has been developed by Jamie Strandboge.
Application development with Quickly
Quickly, by Rick Spencer and Didier Roche, makes it easy for developers to make new applications for Ubuntu, and to share those application with other Ubuntu users via .deb packages or personal package archives.
Kubuntu
Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest KDE packages. See the Kubuntu technical overview.
Ubuntu Enterprise Cloud Images
Ubuntu 9.10 RC includes images for common use on Ubuntu Enterprise Cloud (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the EC2 Starter's Guide.
Ubuntu One
Ubuntu 9.10 RC ships with Ubuntu One by default. Ubuntu One is your personal cloud. You can use it to back up, store, sync and share your data with other Ubuntu One users.
Ubuntu One gives all features and 2 GB of essential storage to everyone. Synchronize files, contacts, and Tomboy notes across all of your Ubuntu computers and to the cloud. More space is available with a monthly subscription.
Ubuntu One project information is available on Launchpad.
Linux kernel 2.6.31
Ubuntu 9.10 RC includes the 2.6.31-14.48 kernel based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). linux-restricted-modules is deprecated in favour of DKMS packages.
hal deprecation
Ubuntu 9.10 RC's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "DeviceKit-power", "DeviceKit-disks" and "udev".
New Intel video driver architecture
The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 RC also features kernel mode setting by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume.
ext4 by default
The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 RC; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded.
If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the Ext4 Howto. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 RC.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3.
GRUB 2 by default
GRUB 2 is the default boot loader for new installations with Ubuntu 9.10 RC, replacing the previous GRUB "Legacy" boot loader. Existing systems will not be upgraded to GRUB 2 at this time, as automatically reinstalling the boot loader is an inherently risky operation.
If you wish to upgrade your system to GRUB 2, then see the GRUB 2 testing page for instructions. See also the upstream draft manual.
Some features are still missing relative to GRUB Legacy. Notable among these are lock/password support, an equivalent of grub-reboot, and Xen handling.
iSCSI installation
The iSCSI installation process has been improved, and no longer requires iscsi=true as a boot parameter; the installer will offer you the option of logging into iSCSI targets if there are no local disks, or you can select "Configure iSCSI" in the manual partitioner.
Putting the root filesystem on iSCSI is now supported.
AppArmor
AppArmor in Ubuntu 9.10 RC features an improved parser that uses cache files, greatly speeding up AppArmor initialisation on boot. AppArmor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if one does not.
Please see the AppArmor documentation for information on using AppArmor in Ubuntu.
New profiles
In addition to the above changes to AppArmor itself, several profiles were added. Enforcing profiles for ntpd, evince, and libvirt are enabled by default. Complain mode profiles for Dovecot are now available in the apparmor-profiles package.
A new profile is provided for Firefox as well, though it is disabled by default. Users can enable AppArmor sandboxing of their browser by running:
$ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5
This profile can be disabled again by performing:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.bin.firefox-3.5
$ sudo ln -s /etc/apparmor.d/usr.bin.firefox-3.5 /etc/apparmor.d/disable/usr.bin.firefox-3.5
An AppArmor profile is now available for Apache in the libapache2-mod-apparmor package. When used in combination with the mod_apparmor Apache module, web applications can now be protected and isolated from each other. Instructions for enabling the profile are in the /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 file.
Please see the SecurityTeam/KnowledgeBase for a full listing of readily available profiles in Ubuntu.
Libvirt
Libvirt now contains AppArmor integration when using KVM or QEMU. Libvirtd is configured to launch virtual machines that are confined by uniquely restrictive AppArmor profiles. This feature significantly improves virtualisation in Ubuntu by providing user-space host protection as well as guest isolation.
Uncomplicated Firewall
The Uncomplicated Firewall now has support for filtering by interface and egress filtering when using the ufw command. Documentation for ufw is also improved to help users better utilise the ufw framework and take full advantage of Linux netfilter's power and flexibility. See UbuntuFirewall#Features for a full list of features.
Non-eXecutable Emulation
Non-eXecutable (NX) memory protection, also known as eXecute-Disable (XD), has always been available in Ubuntu for any systems that had the hardware to support it and ran the 64-bit kernel or the 32-bit server kernel. The 32-bit PAE desktop kernel (linux-image-generic-pae) now also provides the PAE mode needed for hardware with the NX CPU feature.
For systems that lack NX hardware, the 32-bit kernels now provide an approximation of the NX CPU feature via software emulation that can help block many exploits an attacker might run from stack or heap memory.
Blocking Module Loading
To block the loading of any further modules after boot (generally for servers with unchanging hardware), the /proc/sys/kernel/modules_disabled one-way sysctl flag now exists to add another layer of protections against attackers loading kernel rootkits.
Position-Independent Executables
Building on the work done in Ubuntu 8.10 and 9.04 to proactively protect Ubuntu from unknown threats by using strict compiler flags, more applications have been built as Position-Independent Executables (PIE) to take advantage of the Address Space Layout Randomisation (ASLR) available in the Ubuntu kernel.
In addition to the growing program list, PIE programs are now also built with the BIND_NOW linker flag to take full advantage of the existing RELRO linker flag. This results in PIE programs having fewer places in their memory that can be controlled to redirect program flow when an attacker attempts memory-corruption exploits.
Known issues
There are a small number of known bugs that users may run into with Ubuntu 9.10 RC which will be fixed before the final release. We have documented them here for your convenience along with any known workarounds.
For a full list of errata for Ubuntu 9.10, please see the Ubuntu 9.10 release notes.
* When creating LUKS encrypted partitions, some earlier versions of cryptsetup did not wipe out any pre-existing filesystem metadata on the partition. The current version of blkid used in the Ubuntu 9.10 RC will refuse to export a UUID for a partition containing more than one type of metadata signature. This means that encrypted disks may fail to be decrypted at boot time, possibly preventing the system from booting at all. Users of LUKS system-level disk encryption are advised to wait until the Ubuntu 9.10 final release before upgrading. (428435)
* Empathy's MSN messaging support is provided by telepathy-butterfly, the version included in karmic advertises it supports Audio/Video chat however for stability reasons it has been disabled in Karmic. If you wish to test MSN AV support in Empathy, please install telepathy-butterfly from https://edge.launchpad.net/~telepathy/+archive/ppa and report bugs so we can make it as solid as possible in Lucid. (437828)
* Installing on Marvell Dove boards requires a network connection. This will be fixed immediately after RC. (457536)
Introduction
The Ubuntu team is happy to bring you the latest and greatest software the Open Source community has to offer. This is their latest result, the Ubuntu 9.10 Release Candidate, which brings a host of exciting new features.
Upgrading from Ubuntu 9.04
To upgrade from Ubuntu 9.04 on a desktop system, press Alt+F2 and type in "update-manager -d" (without the quotes) into the command box. Update Manager should open up and tell you: New distribution release '9.10' is available. Click Upgrade and follow the on-screen instructions.
To upgrade from Ubuntu 9.04 on a server system: install the update-manager-core package if it is not already installed; edit /etc/update-manager/release-upgrades and set Prompt=normal; launch the upgrade tool with the command sudo do-release-upgrade -d; and follow the on-screen instructions.
Download
Get it while it's hot. ISOs and torrents are available at:
http://releases.ubuntu.com/releases/9.10/ (Ubuntu Desktop, Server, and Netbook Remix)
http://uec-images.ubuntu.com/releases/9.10/rc (Ubuntu Server for UEC and EC2 clouds)
http://releases.ubuntu.com/kubuntu/9.10/ (Kubuntu Desktop and Netbook)
http://cdimage.ubuntu.com/xubuntu/releases/9.10/rc/ (Xubuntu)
http://cdimage.ubuntu.com/ubuntustudio/releases/9.10/rc/ (UbuntuStudio)
http://cdimage.ubuntu.com/mythbuntu/releases/9.10/rc/ (Mythbuntu)
http://cdimage.ubuntu.com/edubuntu/releases/9.10/rc/ (Edubuntu)
Local mirrors are also available:
Asia
http://mirror.unej.ac.id/ubuntu-cd/ (Indonesia)
http://ftp.linux.org.tr/ubuntu-releases/ (Turkey)
http://ubuntu.qualitynet.net/releases/ (Kuwait)
Europe
http://ie.releases.ubuntu.com/ (Ireland)
http://mirror.switch.ch/ftp/mirror/ubuntu-cdimage/ (Switzerland)
http://se.releases.ubuntu.com/ (Sweden)
http://ubuntu.ipacct.com/releases/ (Bulgaria)
http://nl.releases.ubuntu.com/releases/ (Netherlands)
http://ftp.uni-kl.de/pub/linux/ubuntu.iso/ (Germany)
North America
http://mirror.anl.gov/pub/ubuntu-iso/CDs/ (United States)
http://mirror.csclub.uwaterloo.ca/ubuntu-releases/ (Canada)
http://mirrors.cat.pdx.edu/ubuntu-releases/ (United States)
http://mirrors.gigenet.com/ubuntu/ (United States)
http://ubuntu.cs.utah.edu/releases/ (United States)
http://ubuntu.media.mit.edu/ubuntu-releases/ (United States)
Oceania/Australia
http://ftp.citylink.co.nz/ubuntu-releases/ (New Zealand)
South America
http://mirrors.ucr.ac.cr/ubuntu-cd/ (Costa Rica)
New features since Ubuntu 9.04
Upstart
As part of our boot performance work, we have now transitioned to Upstart native jobs, to let users get to their desktop faster after boot. Upstart is written by Scott James Remnant.
Software Center
Ubuntu 9.10 RC includes the Ubuntu Software Center, developed by Michael Vogt, replacing 'Add/Remove' in the Applications menu.
GNOME
Ubuntu 9.10 RC includes the latest GNOME 2.28 desktop environment with a number of great new features:
* Empathy has replaced Pidgin as the default instant messaging client, introducing the Telepathy framework.
* The gdm 2.28 login manager by William Jon McCann is a complete rewrite compared to the version in earlier Ubuntu releases, permitting a more integrated login experience.
* Evince, the GNOME document viewer, now ships with an enforcing AppArmor profile. This greatly increases security by protecting you against flaws in the historically problematic PDF and image libraries. Users who use a non-standard location for their home directory will need to adjust the home tunable in /etc/apparmor.d/tunables/home. This profile has been developed by Jamie Strandboge.
Application development with Quickly
Quickly, by Rick Spencer and Didier Roche, makes it easy for developers to make new applications for Ubuntu, and to share those application with other Ubuntu users via .deb packages or personal package archives.
Kubuntu
Kubuntu 9.10 includes the first Kubuntu Netbook release, Social from the Start and the latest KDE packages. See the Kubuntu technical overview.
Ubuntu Enterprise Cloud Images
Ubuntu 9.10 RC includes images for common use on Ubuntu Enterprise Cloud (UEC) and Amazon's EC2. You can try out the latest Ubuntu 9.10 server image instantly on EC2 using a preconfigured AMI, or download an image and put it into your own Ubuntu Enterprise Cloud. For information on using UEC images on Amazon EC2, see the EC2 Starter's Guide.
Ubuntu One
Ubuntu 9.10 RC ships with Ubuntu One by default. Ubuntu One is your personal cloud. You can use it to back up, store, sync and share your data with other Ubuntu One users.
Ubuntu One gives all features and 2 GB of essential storage to everyone. Synchronize files, contacts, and Tomboy notes across all of your Ubuntu computers and to the cloud. More space is available with a monthly subscription.
Ubuntu One project information is available on Launchpad.
Linux kernel 2.6.31
Ubuntu 9.10 RC includes the 2.6.31-14.48 kernel based on 2.6.31.1. The kernel ships with Kernel Mode Setting enabled for Intel graphics (see below). linux-restricted-modules is deprecated in favour of DKMS packages.
hal deprecation
Ubuntu 9.10 RC's underlying technology for power management, laptop hotkeys, and handling of storage devices and cameras maps has moved from "hal" (which is in the process of being deprecated) to "DeviceKit-power", "DeviceKit-disks" and "udev".
New Intel video driver architecture
The Intel video driver has switched from the "EXA" acceleration method to the new "UXA", solving major performance problems of Ubuntu 9.04. Ubuntu 9.10 RC also features kernel mode setting by default on Intel hardware, which reduces boot-time flickering and dramatically speeds up suspend/resume.
ext4 by default
The new "ext4" filesystem is used by default for new installations with Ubuntu 9.10 RC; of course, other filesystems are still available via the manual partitioner. Existing filesystems will not be upgraded.
If you have full backups and are confident, you can upgrade an existing ext3 filesystem to ext4 by following directions in the Ext4 Howto. (Note that the comments on that page at the time of writing about Ubuntu's use of vol_id vs. blkid are out of date and are not applicable to Ubuntu 9.10 RC.) Maximum performance will typically only be achieved on new filesystems, not on filesystems that have been upgraded from ext3.
GRUB 2 by default
GRUB 2 is the default boot loader for new installations with Ubuntu 9.10 RC, replacing the previous GRUB "Legacy" boot loader. Existing systems will not be upgraded to GRUB 2 at this time, as automatically reinstalling the boot loader is an inherently risky operation.
If you wish to upgrade your system to GRUB 2, then see the GRUB 2 testing page for instructions. See also the upstream draft manual.
Some features are still missing relative to GRUB Legacy. Notable among these are lock/password support, an equivalent of grub-reboot, and Xen handling.
iSCSI installation
The iSCSI installation process has been improved, and no longer requires iscsi=true as a boot parameter; the installer will offer you the option of logging into iSCSI targets if there are no local disks, or you can select "Configure iSCSI" in the manual partitioner.
Putting the root filesystem on iSCSI is now supported.
AppArmor
AppArmor in Ubuntu 9.10 RC features an improved parser that uses cache files, greatly speeding up AppArmor initialisation on boot. AppArmor also now supports 'pux' which, when specified, means a process can transition to an existing profile if one exists or simply run unconfined if one does not.
Please see the AppArmor documentation for information on using AppArmor in Ubuntu.
New profiles
In addition to the above changes to AppArmor itself, several profiles were added. Enforcing profiles for ntpd, evince, and libvirt are enabled by default. Complain mode profiles for Dovecot are now available in the apparmor-profiles package.
A new profile is provided for Firefox as well, though it is disabled by default. Users can enable AppArmor sandboxing of their browser by running:
$ sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5
This profile can be disabled again by performing:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.bin.firefox-3.5
$ sudo ln -s /etc/apparmor.d/usr.bin.firefox-3.5 /etc/apparmor.d/disable/usr.bin.firefox-3.5
An AppArmor profile is now available for Apache in the libapache2-mod-apparmor package. When used in combination with the mod_apparmor Apache module, web applications can now be protected and isolated from each other. Instructions for enabling the profile are in the /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 file.
Please see the SecurityTeam/KnowledgeBase for a full listing of readily available profiles in Ubuntu.
Libvirt
Libvirt now contains AppArmor integration when using KVM or QEMU. Libvirtd is configured to launch virtual machines that are confined by uniquely restrictive AppArmor profiles. This feature significantly improves virtualisation in Ubuntu by providing user-space host protection as well as guest isolation.
Uncomplicated Firewall
The Uncomplicated Firewall now has support for filtering by interface and egress filtering when using the ufw command. Documentation for ufw is also improved to help users better utilise the ufw framework and take full advantage of Linux netfilter's power and flexibility. See UbuntuFirewall#Features for a full list of features.
Non-eXecutable Emulation
Non-eXecutable (NX) memory protection, also known as eXecute-Disable (XD), has always been available in Ubuntu for any systems that had the hardware to support it and ran the 64-bit kernel or the 32-bit server kernel. The 32-bit PAE desktop kernel (linux-image-generic-pae) now also provides the PAE mode needed for hardware with the NX CPU feature.
For systems that lack NX hardware, the 32-bit kernels now provide an approximation of the NX CPU feature via software emulation that can help block many exploits an attacker might run from stack or heap memory.
Blocking Module Loading
To block the loading of any further modules after boot (generally for servers with unchanging hardware), the /proc/sys/kernel/modules_disabled one-way sysctl flag now exists to add another layer of protections against attackers loading kernel rootkits.
Position-Independent Executables
Building on the work done in Ubuntu 8.10 and 9.04 to proactively protect Ubuntu from unknown threats by using strict compiler flags, more applications have been built as Position-Independent Executables (PIE) to take advantage of the Address Space Layout Randomisation (ASLR) available in the Ubuntu kernel.
In addition to the growing program list, PIE programs are now also built with the BIND_NOW linker flag to take full advantage of the existing RELRO linker flag. This results in PIE programs having fewer places in their memory that can be controlled to redirect program flow when an attacker attempts memory-corruption exploits.
Known issues
There are a small number of known bugs that users may run into with Ubuntu 9.10 RC which will be fixed before the final release. We have documented them here for your convenience along with any known workarounds.
For a full list of errata for Ubuntu 9.10, please see the Ubuntu 9.10 release notes.
* When creating LUKS encrypted partitions, some earlier versions of cryptsetup did not wipe out any pre-existing filesystem metadata on the partition. The current version of blkid used in the Ubuntu 9.10 RC will refuse to export a UUID for a partition containing more than one type of metadata signature. This means that encrypted disks may fail to be decrypted at boot time, possibly preventing the system from booting at all. Users of LUKS system-level disk encryption are advised to wait until the Ubuntu 9.10 final release before upgrading. (428435)
* Empathy's MSN messaging support is provided by telepathy-butterfly, the version included in karmic advertises it supports Audio/Video chat however for stability reasons it has been disabled in Karmic. If you wish to test MSN AV support in Empathy, please install telepathy-butterfly from https://edge.launchpad.net/~telepathy/+archive/ppa and report bugs so we can make it as solid as possible in Lucid. (437828)
* Installing on Marvell Dove boards requires a network connection. This will be fixed immediately after RC. (457536)
Subscribe to:
Posts (Atom)
