Gentoo Weekly Newsletter: 15 October 2007Gentoo Arch Testing x86 team member Christian Faulhammer describes the methods that the Architecture teams take to ensure that stable packages are indeed, stable. He details each step, noting that many of them boring and repetative. GATT, the Gentoo Arch Testing Tool, developed by Matthias Langer is introduced as a utility to automatically deal with many of the tasks an Arch Tester would face. Its functions are examined and a screencast made showing GATT in action. Linux 2.6.23 To coincide with the new release of the kernel, Daniel Drake, the gentoo-sources maintainer, lists the the changes in this release over 2.6.22. This includes the replacement of vesafb-tng with uvesafb. Choice of Kernel A lighthearted thread with a poll sets to find out which variety of the kernel most Gentoo users prefer. gentoo-sources are the most popular, but a significant proportion use something else. What do you use? The Gospel of Blocked Packages A thread was started on the Gentoo Forums, with the common question of how to deal with blockers, in this instance kdebase-kioslaves. Its method of presentation however was more creative than usual, using a biblical dialog between an individual and Portage as the device to convey the difficulty faces in finding a solution. The style was continued by some responders to the thread, making for an entertaining read. ExtremeTech reviewed the fit-PC, a tiny AMD Geode-based system that consumes only 3-5W of power - and only costs $285. Despite its tiny size, it packs in a 40GB hard drive, two ethernet ports, two USB ports, a VGA connector, audio jacks, and 256MB memory, making it perfect for use as a dedicated web browser/email machine, a firewall/router, and other non-intensive tasks. The fit-PC supports either Linux or Windows, and is rumored to be available with Gentoo Linux. Although manufacturer CompuLab has already sold out of the fit-PC, more units should be available later in December. Apache Configs shortened -- mod_macro overview Many people have lengthy configs stating the same blocks over and over again just changed by domain name and home directory. A bit in the dark this problem has been adressed by Fabien Coelho.
I hate copy-paste. When configuring the apache server I often have to
copy-paste some parts, especially with virtual hosts to enable similar
features or options. In order to avoid this, I would need some kind of macro
capabilities in the server runtime configuration files. [...]
To stay with the philosophy of keeping simple, he just introduced two new "commands":
So let's get to a real-world example:
Another example would be locking some directories if applicable:
As you can see, you can easily overview what happens and you don't need any copy & paste sections :) To get it going on Gentoo, just do emerge mod_macro and enable it in etc/conf.d/apache with -D MACRO More information about the module can be found at its homepage The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
KDM: Local privilege escalation KDM allows logins without password under certain circumstances allowing a local user to gain elevated privileges. For more information, please see the GLSA Announcement X.Org X server: Composite local privilege escalation A vulnerability has been discovered in the Composite extension of the X.Org X server, allowing for a local privilege escalation. For more information, please see the GLSA Announcement Balsa is vulnerable to a buffer overflow allowing for the user-assisted execution of arbitrary code. For more information, please see the GLSA Announcement util-linux: Local privilege escalation The mount and umount programs might allow local attackers to gain root privileges. For more information, please see the GLSA Announcement The Sleuth Kit: Integer underflow An integer underflow vulnerability has been reported in The Sleuth Kit allowing for the user-assisted execution of arbitrary code. For more information, please see the GLSA Announcement PDFKit, ImageKits: Buffer overflow PDFKit and ImageKits are vulnerable to an integer overflow and a stack overflow allowing for the user-assisted execution of arbitrary code. For more information, please see the GLSA Announcement TikiWiki: Arbitrary command execution Tikiwiki contains a command injection vulnerability which may allow remote execution of arbitrary code. For more information, please see the GLSA Announcement TRAMP: Insecure temporary file creation The TRAMP package for GNU Emacs insecurely creates temporary files. For more information, please see the GLSA Announcement Star: Directory traversal vulnerability A directory traversal vulnerability has been discovered in Star. For more information, please see the GLSA Announcement OpenOffice.org: Heap-based buffer overflow A heap-based buffer overflow vulnerability has been discovered in OpenOffice.org, allowing for the remote execution of arbitrary code. For more information, please see the GLSA Announcement MLDonkey: Privilege escalation The Gentoo MLDonkey ebuild adds a user to the system with a valid login shell and no password. For more information, please see the GLSA Announcement The hpssd daemon might allow local attackers to execute arbitrary commands with root privileges. For more information, please see the GLSA Announcement ImageMagick: Multiple vulnerabilities Multiple vulnerabilities have been discovered in ImageMagick, possibly resulting in arbitrary code execution or a Denial of Service. For more information, please see the GLSA Announcement An off-by-one vulnerability has been discovered in Qt, possibly resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code A format string error has been discovered in Sylpheed and Claws Mail, potentially leading to the remote execution of arbitrary code. For more information, please see the GLSA Announcement This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 07 October 2007 and 13 October 2007, activity on the site has resulted in:
Of the 9617 currently open bugs: 11 are labeled 'blocker', 102 are labeled 'critical', and 331 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better. 9. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|