Major package updates for Apache
The Gentoo Apache Team is pleased to announce the stabilizing of package updates that have been in the works for over a year. Some of the major changes include:
These changes will stabilized on Sunday, September 18th. These changes have been throughly tested and given a thumbs up by many many users. They also allow you to use the new php (including support for php5) ebuilds when they become fully available.
Because of these changes and improvements, when you upgrade to the new revision of Apache, you will need to take care of some things. These are fully documented in our Upgrading Apache document, but in summary, this is what you will need to do:
We have done our best to make it easy to migrate, but if you have problems, feel free to visit us in #gentoo-apache on irc.freenode.net or on our mailing list gentoo-web-user@gentoo.org and we'll be glad to help.
USE="minimal" for kernel sources
The kernel sources are rather large, but carry "unneeded" things like assembler sources for all arches you don't have. So why not strip down the kernel sources to be as small as possible, saving important diskspace in the process? This thread discusses why Gentoo won't offer such a kernel and why it's in general a bad idea to strip down the kernel sources.
[Summary] tentative x86 arch team glep
Chris White has done it again and offers a summary of one of those horrifically long threads that make reading the -dev mailinglist so time-consuming. Thanks Chris!
ComputerWorld (9 September 2005)
"One of the open-source movement's most visible boosters" Eric S. Raymond seems to have had a narrow escape from being lured into the same sort of position that Gentoo founder Daniel Robbins now occupies with Microsoft, writes Robert McMillan in a ComputerWorld article. Given the fact that the publisher of the Halloween documents might feel more than just a little out of place at the company he's been fighting quite eagerly for years, it may have been oversight on behalf of a recruiter who just didn't know exactly who he was trying to hire...
REBOL website (9 September 2005)
Carl Sassenroth, head of REBOL Technologies, has extended the reach of his programming language/operating environment to a new platform, as he explains in a short notice about REBOL for Linux on PPC, tested on the PegasosPPC in both Gentoo and Debian Linux, and ready for download to whoever would like to try it out.
Tweaking kernel options yet some more
Remember our rather concise tip about the search function in the kernel's make menuconfig last week? A related tip is particularly helpful whenever you're trying to do something like eradicate an unknown dependency. For example, let's say that you want to change your kernel configuration from modular to monolithic. But when you try to make that change, it is blocked because there are still features marked "M" somewhere.
An easy way to hunt these hidden dependencies down is to "Save Configuration to an Alternate File" first, picking something like .config.now (i.e. just type ".now" enter). Next, jump to another console and look at the file:
Code Listing 4.1: Read the config file |
less /usr/src/kernel/.config.now
|
Now have a look at the real product of menuconfig. Just search:
Code Listing 4.2: Search for modular options |
/=m
|
Once you've found where the offending area is, you can go back to make menuconfig and use last week's tip to search for its location in the hierarchy (if it's still not clear).
This tip is especially handy when trying to create a minimal system and you find that the kernel has been packed full of support for obsolete hardware that escaped your first review. By searching through the .config file while using menuconfig, you can really expand on its capabilities.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
OpenTTD: Format string vulnerabilities
OpenTTD is vulnerable to format string vulnerabilities which may result in remote execution of arbitrary code.
For more information, please see the GLSA Announcement
phpLDAPadmin: Authentication bypass
A flaw in phpLDAPadmin may allow attackers to bypass security restrictions and connect anonymously.
For more information, please see the GLSA Announcement
The Gentoo Net-SNMP package may provide Perl modules containing an insecure DT_RPATH, potentially allowing privilege escalation.
For more information, please see the GLSA Announcement
Squid: Denial of Service vulnerabilities
Squid contains several bugs when handling certain malformed requests resulting in a Denial of Service.
For more information, please see the GLSA Announcement
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 04 September 2005 and 11 September 2005, activity on the site has resulted in:
Of the 8269 currently open bugs: 97 are labeled 'blocker', 198 are labeled 'critical', and 543 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better.
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: