Gentoo Logo

Gentoo Weekly Newsletter: 27 November 2006

Content:

1.  Gentoo News

x86/i586 stages available

The Gentoo Release Engineering project is proud to announce that new stages for x86 have been released. These stages are currently only available via the Gentoo mirrors, but plans are underway to add them to the torrent tracker, also. These new stages include stages 2 and 3 for both the x86 (i386) and i586 subarchitectures built against the default-linux/x86/no-nptl profile, as well as stages 2 and 3 for i586 built against the default-linux/x86/2006.1 profile.

You can find these new stages under /releases/x86/2006.1/stages on your local Gentoo mirror.

Experimental LiveCD images for Alpha/PPC

Along with the new stages for x86, Release Engineering has also released two experimental ISO images. These images are built in the same manner as the x86 and amd64 LiveCD for 2006.1, using the same snapshot. The images should be fully-functional LiveCDs for both platforms. If you're wanting to try these out, please grab them from your local mirror under /experimental and file bugs, as always, to the Gentoo bug tracker.

Note: We are aware that the Gentoo Linux Installer is not functional on these LiveCD images, as the Installer had not yet been ported to them. The main purpose of these images is as a testing ground and development platform for the Installer, as well as testing for the LiveCD process on new architectures.

GNOME 2.16 stable

The Gentoo GNOME team is working to stabilize GNOME-2.16.2. This is an upgrade from the current 2.14 stable version of GNOME. Please consult the GNOME 2.16 Upgrade Guide before upgrading. If you wish to track the stabilization efforts, you can follow bug 156572 for gtk+-2.10 stabilization and bug 156662 for GNOME-2.16 stabilization.

There are several major improvements in this upgrade:

  • powerful new note-taking application
  • enhanced menu editing
  • tool to get a better overview of your hard disk space
  • improved integrated power management support
  • improved media web browsing
  • improved themes
  • improved memory usage

To find out in detail what coolness you can expect from this major upgrade, head over to the GNOME 2.16 page and read the Release Notes.

virtual/mysql Introduced

In order to adjust to changes in upstream release policies, the former dev-db/mysql has been split into dev-db/mysql-community and dev-db/mysql. The new virtual/mysql depends on the presence of either dev-db/mysql-community or dev-db/mysql.

If emerge complains about needing virtual/mysql, just install it. Assuming you already have mysql or mysql-community installed, there's no compiling required.

If you don't want the greatest stable version, but want to stay at mysql 4.x, for example, be sure to mask >=virtual/mysql-4.1, >=dev-db/mysql-4.1 and >=dev-db/mysql-community-4.1 in /etc/portage/package.mask.

If you want to compile mysql client-only, you need to use the minimal USE flag.

2.  Heard in the community

gentoo-user

Coldplug deprecated by udev-103 update? / udev and coldplug blocking each other!

Two different users found themselves concerned by the recent demise of coldplug, the package which formerly handled devices which are already connected at the time the system is booted. Peter K was assured that he'd read his emerge --sync output correctly and that, as of udev 103, coldplug was indeed gone.

Hans de Hertog found himself more concerned by the mutual blocks that udev and coldplug seemed to have thrown up:

Code Listing 2.1: blocker output

[blocks B ] >=sys-fs/udev-089 (is blocking sys-apps/coldplug-20040920-r1)
[blocks B ] sys-apps/coldplug (is blocking sys-fs/udev-103)
[ebuild U ] sys-fs/udev-103 [087-r1] USE="(-selinux)" 195 kB

Hans was assured that the recently stabilized udev 103 was an entire replacement for coldplug. Plucking up his courage, he unmerged coldplug, merged udev 103 and cleaned up by deleting /etc/init.d/coldplug and running rc-update del coldplug. As a bonus, he discovered it was no longer necessary to edit /lib/rcscripts/addons/udev-start.sh to have udev handle coldplugging.

Where is DISPLAYMANAGER="gdm" now?

Mark Knecht had just completed his GCC 4 upgrade and discovered that the DISPLAYMANAGER="gdm" statement was no longer in /etc/rc.conf. To what file it had been spirited away?

To /etc/conf.d/xdm although (as noted in /etc/conf.d/xdm) setting DISPLAYMANAGER in /etc/rc.conf overrides /etc/conf.d/xdm.

Mark thanked all the responders and noted that he'd be using /etc/conf.d/xdm as he wanted to do it the Gentoo way.

gentoo-amd64

Interrupting portage gracefully

Peter Humphreys wanted to know if there was a command to make portage stop compiling at the end of the current package. He'd been running compiles overnight, but was bothered by the fan noise.

Christoph Mende suggested terminating the compile with Control-C and running emerge --resume the next day. Various readers proposed using suspend to disk or suspend to RAM and picking up right where you left off the next morning.

Peter Davoust uses emerge [package] && init 0, although conceding it leaves the machine running if the package fails to compile. Others suggested emerge [package] ; shutdown -h now. This has the opposite problem to Peter's solution, since the machine will shutdown even if the package fails to compile. It thus requires review of logs in the morning to know whether the package was built or not.

3.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • Anders Rune Jensen (arj)

Adds

The following developers recently joined the Gentoo project:

  • Charlie Shepherd (masterdriverz) kernel team

Changes

The following developers recently changed roles within the Gentoo project:

  • none this week

4.  Gentoo security

TikiWiki: Multiple vulnerabilities

TikiWiki allows for the disclosure of MySQL database authentication credentials and for cross-site scripting attacks.

For more information, please see the GLSA Announcement

Ruby: Denial of Service vulnerability

The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack.

For more information, please see the GLSA Announcement

Avahi: "netlink" message vulnerability

Avahi fails to verify the origin of netlink messages, which could allow local users to spoof network changes.

For more information, please see the GLSA Announcement

TORQUE: Insecure temporary file creation

TORQUE creates temporary files in an insecure manner which could lead to the execution of arbitrary code with elevated privileges.

For more information, please see the GLSA Announcement

qmailAdmin: Buffer overflow

qmailAdmin is vulnerable to a buffer overflow that could lead to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Texinfo: Buffer overflow

Texinfo is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

fvwm: fvwm-menu-directory fvwm command injection

A flaw in fvwm-menu-directory may permit a local attacker to execute arbitrary commands with the privileges of another user.

For more information, please see the GLSA Announcement

TIN: Multiple buffer overflows

Multiple buffer overflows have been reported in TIN, possibly leading to the execution of arbitrary code.

For more information, please see the GLSA Announcement

ImageMagick: PALM and DCM buffer overflows

ImageMagick improperly handles PALM and DCM images, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

GNU gv: Stack overflow

GNU gv improperly handles user-supplied data possibly allowing for the execution of arbitrary code.

For more information, please see the GLSA Announcement

5.  Upcoming package removals

This is a list of packages that have been announced to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers.

Last Rites:

Package: Removal date: Contact:
dev-perl/Msql-Mysql-modules 20 Dec 06 Michael Cummings
net-nds/migrationtools 21 Dec 06 Robin H. Johnson
net-ftp/kbear 25 Dec 06 Charlie Shepherd

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 19 November 2006 and 26 November 2006, activity on the site has resulted in:

  • 632 new bugs during this period
  • 352 bugs closed or resolved during this period
  • 21 previously closed bugs were reopened this period
  • 114 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 172 bugs marked as duplicates during this period

Of the 10878 currently open bugs: 27 are labeled 'blocker', 107 are labeled 'critical', and 478 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated November 27, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 27 November 2006.

Ulrich Plate
Editor

Chris Atkinson
Author

Mart Raudsepp
Author

Chris Gianelloni
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.