Christmas came a little early this year for the Gentoo/PPC team and others. A number of developers received the EFIKA, an evaluation board from Genesi built around the MPC5200B PowerPC SoC (System on Chip) running at 400MHz. Also included on the board is 128MB of DDR memory, 10/100 ethernet, 2 USB 1.1 ports, 1 PCI/AGP slot, and sound with optical out.
The Gentoo/PPC team, along with Release Engineering, are working on both detailed instructions for installing Gentoo on the EFIKA, as well as CD media capable of booting the EFIKA from USB. Gentoo would like to thank Genesi for its continued support and Freescale for providing the funding to make this program possible.
For more information on the EFIKA, or to buy one yourself, visit Genesi's EFIKA page.
D-Bus 1.0.1 has been ~amd64'd
D-Bus, the inter-process communications program, has reached its 1.0 milestone and the resultant 1.0.2 ebuild is in testing. That is the good news. The bad news is that the ABI (application binary interface) was radically shifted from the prior 0.6x releases now stable in portage. Though the title mentions only amd64, it is in testing on multiple architectures.
Emopig issued a warning to his fellow users that when he followed the ebuild's instruction to run revdep-rebuild the resulting list of packages to be re-merged was non-trivial (54 packages for him). Others seconded that, particularly Gnome users. The damage on the KDE side seemed confined to the kde-kioslaves package.
6thpink suggested that users install the binding packages dbus-glib, dbus-python and dbus-qt3-old since the base dbus package no longer had USE flags for python, qt3 or the like. This seemed to help at least one user.
Goodbye, Gentoo
Forums user beazizo has returned after an 18 month absence and said "I must say, it [gentoo] is MUCH better than it was back then. It took me less than a day to get a system up to a point where I had all the apps installed that I was running in Ubuntu (and running much faster). I felt comfortable enough to blow away my Ubuntu install. Good work Gentoo team!"
Welcome back to Gentoo, beazizo.
gnome-screensaver requires emacs?
Chris Bare was trying to install gnome-screensaver, with the following result:
Code Listing 2.1: Trying to emerge gnome-screensaver |
# emerge emerge -pv --tree gnome-screensaver These are the packages that would be merged, in reverse order: Calculating dependencies... done! [ebuild N ] gnome-extra/gnome-screensaver-2.14.2 USE="pam xinerama -debug -doc" 1,872 kB [ebuild N ] app-xemacs/emerge-1.09 59 kB [ebuild N ] app-editors/xemacs-21.4.17 USE="X berkdb gpm jpeg png tiff -Xaw3d -athena -canna -dnd -freewnn -ldap -motif -mule -nas -neXt -postgres -xface" 10,377 kB |
He wanted to know why gnome-screensaver seemed, against all logic, to depend on xemacs.
Etaoin Shrdlu spotted the real problem. (Did you?) Chris had typed emerge emerge and portage thought he wanted to emerge the app-xemacs/emerge package and its dependencies.
This serves as a useful warning, since we all make such a mistakes sometimes.
CFLAGS for Intel Core 2 CPUs
The Core 2 Duo is the flagship chip of Intel's CPU line and the "it" processor of the moment. Any right-thinking Gentoo-er has only one question: "What CFLAGS should I use for that bad boy?"
Michael Weyershäuser provided a pointer to a dirtyepic blog post that answered that question based on information from Intel itself. For GCC 4.1, Core Solo/Duo uses -march=prescott while the Core 2 Duo/Solo gets -march=nocona. For GCC 4.2, the -march is the same, but a -mtune=generic flag is added.
Belgium: DonnaroomLAN, Arendonk
Dutch Documentation Lead Dimitry Bradt and other members of the Dutch community are organizing a LAN party event and are inviting the Dutch Gentoo community. The event takes place on Saturday 6 January 2007 and Sunday 7 January 2007 and is being held in Arendonk, Belgium, about half way between Antwerpen and Eindhoven.
For more information, please visit the home page.
Several developers were contacted from several distributions by the article's author, Mayank Sharma, about their distribution's security practices. Mayank spoke with developers from Red Hat, Novell, CentOS, Debian, and, of course, Gentoo. He explains the different methodologies used by the distributions, as well as points out some differences between the community and commercial distributions.
The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
wv library: Multiple integer overflows
The wv library is vulnerable to multiple integer overflows which could lead to the execution of arbitrary code.
For more information, please see the GLSA Announcement
xine-lib is vulnerable to a buffer overflow in the Real Media input plugin, which could lead to the execution of arbitrary code.
For more information, please see the GLSA Announcement
GnuPG: Multiple vulnerabilities
GnuPG is vulnerable to a buffer overflow and an erroneous function pointer dereference that can result in the execution of arbitrary code.
For more information, please see the GLSA Announcement
ModPlug: Multiple buffer overflows
ModPlug contains several boundary errors that could lead to buffer overflows resulting in the possible execution of arbitrary code.
For more information, please see the GLSA Announcement
KOffice shared libraries: Heap corruption
An integer overflow in koffice-libs allows for a Denial of Service and possibly the execution of arbitrary code when viewing malicious PowerPoint files.
For more information, please see the GLSA Announcement
Mozilla Thunderbird: Multiple vulnerabilities
Multiple vulnerabilities have been identified in Mozilla Thunderbird.
For more information, please see the GLSA Announcement
Mozilla Firefox: Multiple vulnerabilities
Multiple vulnerabilities have been reported in Mozilla Firefox.
For more information, please see the GLSA Announcement
SeaMonkey: Multiple vulnerabilities
Multiple vulnerabilities have been identified in the SeaMonkey project.
For more information, please see the GLSA Announcement
MadWifi: Kernel driver buffer overflow
MadWifi is vulnerable to a buffer overflow that could potentially lead to the remote execution of arbitrary code with root privileges.
For more information, please see the GLSA Announcement
This is a list of packages that have been announced to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers.
| Package: | Removal date: | Contact: |
| dev-lang/prothon | 03 Jan 07 | Bryan Østergaard |
| x11-themes/bmpx-themes | 04 Jan 07 | Patrick McLean |
| app-antivirus/vlnx | 09 Jan 07 | Timothy Redaelli |
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 03 December 2006 and 10 December 2006, activity on the site has resulted in:
Of the 10699 currently open bugs: 26 are labeled 'blocker', 104 are labeled 'critical', and 447 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: