Gentoo Weekly Newsletter: 27 November 2006The Gentoo Release Engineering project is proud to announce that new stages for x86 have been released. These stages are currently only available via the Gentoo mirrors, but plans are underway to add them to the torrent tracker, also. These new stages include stages 2 and 3 for both the x86 (i386) and i586 subarchitectures built against the default-linux/x86/no-nptl profile, as well as stages 2 and 3 for i586 built against the default-linux/x86/2006.1 profile. You can find these new stages under /releases/x86/2006.1/stages on your local Gentoo mirror. Experimental LiveCD images for Alpha/PPC Along with the new stages for x86, Release Engineering has also released two experimental ISO images. These images are built in the same manner as the x86 and amd64 LiveCD for 2006.1, using the same snapshot. The images should be fully-functional LiveCDs for both platforms. If you're wanting to try these out, please grab them from your local mirror under /experimental and file bugs, as always, to the Gentoo bug tracker.
The Gentoo GNOME team is working to stabilize GNOME-2.16.2. This is an upgrade from the current 2.14 stable version of GNOME. Please consult the GNOME 2.16 Upgrade Guide before upgrading. If you wish to track the stabilization efforts, you can follow bug 156572 for gtk+-2.10 stabilization and bug 156662 for GNOME-2.16 stabilization. There are several major improvements in this upgrade:
To find out in detail what coolness you can expect from this major upgrade, head over to the GNOME 2.16 page and read the Release Notes. In order to adjust to changes in upstream release policies, the former dev-db/mysql has been split into dev-db/mysql-community and dev-db/mysql. The new virtual/mysql depends on the presence of either dev-db/mysql-community or dev-db/mysql. If emerge complains about needing virtual/mysql, just install it. Assuming you already have mysql or mysql-community installed, there's no compiling required. If you don't want the greatest stable version, but want to stay at mysql 4.x, for example, be sure to mask >=virtual/mysql-4.1, >=dev-db/mysql-4.1 and >=dev-db/mysql-community-4.1 in /etc/portage/package.mask. If you want to compile mysql client-only, you need to use the minimal USE flag. Coldplug deprecated by udev-103 update? / udev and coldplug blocking each other! Two different users found themselves concerned by the recent demise of coldplug, the package which formerly handled devices which are already connected at the time the system is booted. Peter K was assured that he'd read his emerge --sync output correctly and that, as of udev 103, coldplug was indeed gone. Hans de Hertog found himself more concerned by the mutual blocks that udev and coldplug seemed to have thrown up:
Hans was assured that the recently stabilized udev 103 was an entire replacement for coldplug. Plucking up his courage, he unmerged coldplug, merged udev 103 and cleaned up by deleting /etc/init.d/coldplug and running rc-update del coldplug. As a bonus, he discovered it was no longer necessary to edit /lib/rcscripts/addons/udev-start.sh to have udev handle coldplugging.
Where is DISPLAYMANAGER="gdm" now? Mark Knecht had just completed his GCC 4 upgrade and discovered that the DISPLAYMANAGER="gdm" statement was no longer in /etc/rc.conf. To what file it had been spirited away? To /etc/conf.d/xdm although (as noted in /etc/conf.d/xdm) setting DISPLAYMANAGER in /etc/rc.conf overrides /etc/conf.d/xdm. Mark thanked all the responders and noted that he'd be using /etc/conf.d/xdm as he wanted to do it the Gentoo way. Interrupting portage gracefully Peter Humphreys wanted to know if there was a command to make portage stop compiling at the end of the current package. He'd been running compiles overnight, but was bothered by the fan noise. Christoph Mende suggested terminating the compile with Control-C and running emerge --resume the next day. Various readers proposed using suspend to disk or suspend to RAM and picking up right where you left off the next morning. Peter Davoust uses emerge [package] && init 0, although conceding it leaves the machine running if the package fails to compile. Others suggested emerge [package] ; shutdown -h now. This has the opposite problem to Peter's solution, since the machine will shutdown even if the package fails to compile. It thus requires review of logs in the morning to know whether the package was built or not. The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
TikiWiki: Multiple vulnerabilities TikiWiki allows for the disclosure of MySQL database authentication credentials and for cross-site scripting attacks. For more information, please see the GLSA Announcement Ruby: Denial of Service vulnerability The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack. For more information, please see the GLSA Announcement Avahi: "netlink" message vulnerability Avahi fails to verify the origin of netlink messages, which could allow local users to spoof network changes. For more information, please see the GLSA Announcement TORQUE: Insecure temporary file creation TORQUE creates temporary files in an insecure manner which could lead to the execution of arbitrary code with elevated privileges. For more information, please see the GLSA Announcement qmailAdmin is vulnerable to a buffer overflow that could lead to the remote execution of arbitrary code. For more information, please see the GLSA Announcement Texinfo is vulnerable to a buffer overflow that could lead to the execution of arbitrary code. For more information, please see the GLSA Announcement fvwm: fvwm-menu-directory fvwm command injection A flaw in fvwm-menu-directory may permit a local attacker to execute arbitrary commands with the privileges of another user. For more information, please see the GLSA Announcement TIN: Multiple buffer overflows Multiple buffer overflows have been reported in TIN, possibly leading to the execution of arbitrary code. For more information, please see the GLSA Announcement ImageMagick: PALM and DCM buffer overflows ImageMagick improperly handles PALM and DCM images, potentially resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement GNU gv improperly handles user-supplied data possibly allowing for the execution of arbitrary code. For more information, please see the GLSA Announcement This is a list of packages that have been announced to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 19 November 2006 and 26 November 2006, activity on the site has resulted in:
Of the 10878 currently open bugs: 27 are labeled 'blocker', 107 are labeled 'critical', and 478 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better. 8. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|