~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/20061127-newsletter.xml
This is the Gentoo Weekly Newsletter for the week of 27 November 2006.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
==============
1. Gentoo News
==============
x86/i586 stages available
-------------------------
The Gentoo Release Engineering[1] project is proud to announce that new
stages for x86 have been released. These stages are currently only available
via the Gentoo mirrors[2], but plans are underway to add them to the torrent
tracker, also. These new stages include stages 2 and 3 for both the x86
(i386) and i586 subarchitectures built against the default-linux/x86/no-nptl
profile, as well as stages 2 and 3 for i586 built against the
default-linux/x86/2006.1 profile.
1. http://www.gentoo.org/proj/en/releng
2. http://www.gentoo.org/main/en/mirrors.xml
You can find these new stages under /releases/x86/2006.1/stages on your
local Gentoo mirror.
Experimental LiveCD images for Alpha/PPC
----------------------------------------
Along with the new stages for x86, Release Engineering has also released two
experimental ISO images. These images are built in the same manner as the
x86 and amd64 LiveCD for 2006.1, using the same snapshot. The images should
be fully-functional LiveCDs for both platforms. If you're wanting to try
these out, please grab them from your local mirror under /experimental and
file bugs, as always, to the Gentoo bug tracker[3].
3. http://bugs.gentoo.org/enter_bug.cgi?product=Gentoo%20Release%20Media
Note: We are aware that the Gentoo Linux Installer is not functional on
these LiveCD images, as the Installer had not yet been ported to them. The
main purpose of these images is as a testing ground and development platform
for the Installer, as well as testing for the LiveCD process on new
architectures.
GNOME 2.16 stable
-----------------
The Gentoo GNOME team[4] is working to stabilize GNOME-2.16.2. This is an
upgrade from the current 2.14 stable version of GNOME. Please consult the
GNOME 2.16 Upgrade Guide[5] before upgrading. If you wish to track the
stabilization efforts, you can follow bug 156572[6] for gtk+-2.10
stabilization and bug 156662[7] for GNOME-2.16 stabilization.
4. http://www.gentoo.org/proj/en/desktop/gnome
5. http://www.gentoo.org/proj/en/desktop/gnome/howtos/gnome-2.16-upgrade.xml
6. http://bugs.gentoo.org/show_bug.cgi?id=156572
7. http://bugs.gentoo.org/show_bug.cgi?id=156662
There are several major improvements in this upgrade:
* powerful new note-taking application
* enhanced menu editing
* tool to get a better overview of your hard disk space
* improved integrated power management support
* improved media web browsing
* improved themes
* improved memory usage
To find out in detail what coolness you can expect from this major upgrade,
head over to the GNOME 2.16 page[8] and read the Release Notes.
8. http://www.gnome.org/start/2.16/
virtual/mysql Introduced
------------------------
In order to adjust to changes in upstream release policies, the former
dev-db/mysql has been split into dev-db/mysql-community and dev-db/mysql.
The new virtual/mysql depends on the presence of either
dev-db/mysql-community or dev-db/mysql.
If emerge complains about needing virtual/mysql, just install it. Assuming
you already have mysql or mysql-community installed, there's no compiling
required.
If you don't want the greatest stable version, but want to stay at mysql
4.x, for example, be sure to mask >=virtual/mysql-4.1, >=dev-db/mysql-4.1
and >=dev-db/mysql-community-4.1 in /etc/portage/package.mask.
If you want to compile mysql client-only, you need to use the minimal USE
flag.
=========================
2. Heard in the community
=========================
gentoo-user
-----------
Coldplug deprecated by udev-103 update? / udev and coldplug blocking each
other!
Two different users found themselves concerned by the recent demise of
coldplug, the package which formerly handled devices which are already
connected at the time the system is booted. Peter K was assured that he'd
read his emerge --sync output correctly and that, as of udev 103, coldplug
was indeed gone.
Hans de Hertog found himself more concerned by the mutual blocks that udev
and coldplug seemed to have thrown up:
+---------------------------------------------------------------------------+
| Code Listing 2.1 |
| blocker output |
+---------------------------------------------------------------------------+
| [blocks B ] >=sys-fs/udev-089 (is blocking sys-apps/coldplug-20040920-r1) |
| [blocks B ] sys-apps/coldplug (is blocking sys-fs/udev-103) |
| [ebuild U ] sys-fs/udev-103 [087-r1] USE="(-selinux)" 195 kB |
+---------------------------------------------------------------------------+
Hans was assured that the recently stabilized udev 103 was an entire
replacement for coldplug. Plucking up his courage, he unmerged coldplug,
merged udev 103 and cleaned up by deleting /etc/init.d/coldplug and running
rc-update del coldplug. As a bonus, he discovered it was no longer necessary
to edit /lib/rcscripts/addons/udev-start.sh to have udev handle
coldplugging.
* http://archives.gentoo.org/gentoo-user/msg_104287.xml
* http://archives.gentoo.org/gentoo-user/msg_104286.xml
Where is DISPLAYMANAGER="gdm" now?
Mark Knecht had just completed his GCC 4 upgrade and discovered that the
DISPLAYMANAGER="gdm" statement was no longer in /etc/rc.conf. To what file
it had been spirited away?
To /etc/conf.d/xdm although (as noted in /etc/conf.d/xdm) setting
DISPLAYMANAGER in /etc/rc.conf overrides /etc/conf.d/xdm.
Mark thanked all the responders and noted that he'd be using /etc/conf.d/xdm
as he wanted to do it the Gentoo way.
* http://archives.gentoo.org/gentoo-user/msg_104230.xml
gentoo-amd64
------------
Interrupting portage gracefully
Peter Humphreys wanted to know if there was a command to make portage stop
compiling at the end of the current package. He'd been running compiles
overnight, but was bothered by the fan noise.
Christoph Mende suggested terminating the compile with Control-C and running
emerge --resume the next day. Various readers proposed using suspend to disk
or suspend to RAM and picking up right where you left off the next morning.
Peter Davoust uses emerge [package] && init 0, although conceding it leaves
the machine running if the package fails to compile. Others suggested emerge
[package] ; shutdown -h now. This has the opposite problem to Peter's
solution, since the machine will shutdown even if the package fails to
compile. It thus requires review of logs in the morning to know whether the
package was built or not.
* http://archives.gentoo.org/gentoo-amd64/msg_14306.xml
=========================
3. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* Anders Rune Jensen (arj)
Adds
----
The following developers recently joined the Gentoo project:
* Charlie Shepherd (masterdriverz) kernel team
Changes
-------
The following developers recently changed roles within the Gentoo project:
* none this week
==================
4. Gentoo security
==================
TikiWiki: Multiple vulnerabilities
----------------------------------
TikiWiki allows for the disclosure of MySQL database authentication
credentials and for cross-site scripting attacks.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200611-11.xml
Ruby: Denial of Service vulnerability
-------------------------------------
The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200611-12.xml
Avahi: "netlink" message vulnerability
--------------------------------------
Avahi fails to verify the origin of netlink messages, which could allow
local users to spoof network changes.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml
TORQUE: Insecure temporary file creation
----------------------------------------
TORQUE creates temporary files in an insecure manner which could lead to the
execution of arbitrary code with elevated privileges.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200611-14.xml
qmailAdmin: Buffer overflow
---------------------------
qmailAdmin is vulnerable to a buffer overflow that could lead to the remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200611-15.xml
Texinfo: Buffer overflow
------------------------
Texinfo is vulnerable to a buffer overflow that could lead to the execution
of arbitrary code.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200611-16.xml
fvwm: fvwm-menu-directory fvwm command injection
------------------------------------------------
A flaw in fvwm-menu-directory may permit a local attacker to execute
arbitrary commands with the privileges of another user.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200611-17.xml
TIN: Multiple buffer overflows
------------------------------
Multiple buffer overflows have been reported in TIN, possibly leading to the
execution of arbitrary code.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200611-18.xml
ImageMagick: PALM and DCM buffer overflows
------------------------------------------
ImageMagick improperly handles PALM and DCM images, potentially resulting in
the execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200611-19.xml
GNU gv: Stack overflow
----------------------
GNU gv improperly handles user-supplied data possibly allowing for the
execution of arbitrary code.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200611-20.xml
============================
5. Upcoming package removals
============================
This is a list of packages that have been announced to be removed in the
future. The package removals come from many locations, including the
Treecleaners[19] and various developers.
19. http://www.gentoo.org/proj/en/qa/treecleaners
Last Rites:
-----------
Package: Removal date: Contact:
dev-perl/Msql-Mysql-modules 20 Dec 06 Michael Cummings[20]
net-nds/migrationtools 21 Dec 06 Robin H. Johnson[21]
net-ftp/kbear 25 Dec 06 Charlie Shepherd[22]
20. mcummings@gentoo.org
21. robbat2@gentoo.org
22. masterdriverz@gentoo.org
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[23]) to record and track
bugs, notifications, suggestions and other interactions with the development
team. Between 19 November 2006 and 26 November 2006, activity on the site
has resulted in:
23. http://bugs.gentoo.org
* 632 new bugs during this period
* 352 bugs closed or resolved during this period
* 21 previously closed bugs were reopened this period
* 114 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this
period
* 172 bugs marked as duplicates during this period
Of the 10878 currently open bugs: 27 are labeled 'blocker', 107 are labeled
'critical', and 478 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* AMD64 Project[24], with 28 closed bugs[25]
* Gentoo KDE team[26], with 25 closed bugs[27]
* Default Assignee for Orphaned Packages[28], with 19 closed bugs[29]
* Java team[30], with 18 closed bugs[31]
* Gentoo Security[32], with 16 closed bugs[33]
* Hanno Boeck[34], with 11 closed bugs[35]
* Gentoo Linux Gnome Desktop Team[36], with 11 closed bugs[37]
* PPC Porters[38], with 8 closed bugs[39]
24. amd64@gentoo.org
25. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=amd64@gentoo.org
26. kde@gentoo.org
27. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=kde@gentoo.org
28. maintainer-needed@gentoo.org
29. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=maintainer-needed@gentoo.org
30. java@gentoo.org
31. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=java@gentoo.org
32. security@gentoo.org
33. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=security@gentoo.org
34. hanno@gentoo.org
35. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=hanno@gentoo.org
36. gnome@gentoo.org
37. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=gnome@gentoo.org
38. ppc@gentoo.org
39. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=ppc@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[40], with 26 new bugs[41]
* AMD64 Project[24], with 10 new bugs[42]
* Gentoo Sound Team[43], with 8 new bugs[44]
* Gentoo Toolchain Maintainers[45], with 7 new bugs[46]
* Default Assignee for Orphaned Packages[28], with 7 new bugs[47]
* Gentoo Games[48], with 7 new bugs[49]
* Jan Kundrát[50], with 6 new bugs[51]
* Java team[30], with 6 new bugs[52]
24. amd64@gentoo.org
28. maintainer-needed@gentoo.org
30. java@gentoo.org
40. maintainer-wanted@gentoo.org
41. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=maintainer-wanted@gentoo.org
42. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=amd64@gentoo.org
43. sound@gentoo.org
44. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=sound@gentoo.org
45. toolchain@gentoo.org
46. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=toolchain@gentoo.org
47. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=maintainer-needed@gentoo.org
48. games@gentoo.org
49. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=games@gentoo.org
50. jkt@gentoo.org
51. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=jkt@gentoo.org
52. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=java@gentoo.org
===============
7. GWN feedback
===============
The GWN is staffed by volunteers and members of the community who submit
ideas and articles. If you are interested in writing for the GWN, have
feedback on an article that we have posted, or just have an idea or article
that you would like to submit to the GWN, please send us your feedback[53]
and help make the GWN better.
53. gwn-feedback@gentoo.org
===============================
8. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed
under.
==================
9. Other languages
==================
The Gentoo Weekly Newsletter is also available in the following languages:
* Chinese (Simplified)[54]
* Danish[55]
* Dutch[56]
* English[57]
* German[58]
* Greek[59]
* French[60]
* Korean[61]
* Japanese[62]
* Italian[63]
* Polish[64]
* Portuguese (Brazil)[65]
* Portuguese (Portugal)[66]
* Russian[67]
* Slovak[68]
* Spanish[69]
* Turkish[70]
54. http://www.gentoo.org/news/zh_cn/gwn/gwn.xml
55. http://www.gentoo.org/news/da/gwn/gwn.xml
56. http://www.gentoo.org/news/nl/gwn/gwn.xml
57. http://www.gentoo.org/news/en/gwn/gwn.xml
58. http://www.gentoo.org/news/de/gwn/gwn.xml
59. http://www.gentoo.org/news/el/gwn/gwn.xml
60. http://www.gentoo.org/news/fr/gwn/gwn.xml
61. http://www.gentoo.org/news/ko/gwn/gwn.xml
62. http://www.gentoo.org/news/ja/gwn/gwn.xml
63. http://www.gentoo.org/news/it/gwn/gwn.xml
64. http://www.gentoo.org/news/pl/gwn/gwn.xml
65. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
66. http://www.gentoo.org/news/pt/gwn/gwn.xml
67. http://www.gentoo.org/news/ru/gwn/gwn.xml
68. http://www.gentoo.org/news/sk/gwn/gwn.xml
69. http://www.gentoo.org/news/es/gwn/gwn.xml
70. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Chris Atkinson <thirtyyearswar@mindspring.com> - Author
Mart Raudsepp <leio@gentoo.org> - Author
Chris Gianelloni <wolf31o2@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/20061127-newsletter.xml
This is the Gentoo Weekly Newsletter for the week of 27 November 2006.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
==============
1. Gentoo News
==============
x86/i586 stages available
-------------------------
The Gentoo Release Engineering[1] project is proud to announce that new
stages for x86 have been released. These stages are currently only available
via the Gentoo mirrors[2], but plans are underway to add them to the torrent
tracker, also. These new stages include stages 2 and 3 for both the x86
(i386) and i586 subarchitectures built against the default-linux/x86/no-nptl
profile, as well as stages 2 and 3 for i586 built against the
default-linux/x86/2006.1 profile.
1. http://www.gentoo.org/proj/en/releng
2. http://www.gentoo.org/main/en/mirrors.xml
You can find these new stages under /releases/x86/2006.1/stages on your
local Gentoo mirror.
Experimental LiveCD images for Alpha/PPC
----------------------------------------
Along with the new stages for x86, Release Engineering has also released two
experimental ISO images. These images are built in the same manner as the
x86 and amd64 LiveCD for 2006.1, using the same snapshot. The images should
be fully-functional LiveCDs for both platforms. If you're wanting to try
these out, please grab them from your local mirror under /experimental and
file bugs, as always, to the Gentoo bug tracker[3].
3. http://bugs.gentoo.org/enter_bug.cgi?product=Gentoo%20Release%20Media
Note: We are aware that the Gentoo Linux Installer is not functional on
these LiveCD images, as the Installer had not yet been ported to them. The
main purpose of these images is as a testing ground and development platform
for the Installer, as well as testing for the LiveCD process on new
architectures.
GNOME 2.16 stable
-----------------
The Gentoo GNOME team[4] is working to stabilize GNOME-2.16.2. This is an
upgrade from the current 2.14 stable version of GNOME. Please consult the
GNOME 2.16 Upgrade Guide[5] before upgrading. If you wish to track the
stabilization efforts, you can follow bug 156572[6] for gtk+-2.10
stabilization and bug 156662[7] for GNOME-2.16 stabilization.
4. http://www.gentoo.org/proj/en/desktop/gnome
5. http://www.gentoo.org/proj/en/desktop/gnome/howtos/gnome-2.16-upgrade.xml
6. http://bugs.gentoo.org/show_bug.cgi?id=156572
7. http://bugs.gentoo.org/show_bug.cgi?id=156662
There are several major improvements in this upgrade:
* powerful new note-taking application
* enhanced menu editing
* tool to get a better overview of your hard disk space
* improved integrated power management support
* improved media web browsing
* improved themes
* improved memory usage
To find out in detail what coolness you can expect from this major upgrade,
head over to the GNOME 2.16 page[8] and read the Release Notes.
8. http://www.gnome.org/start/2.16/
virtual/mysql Introduced
------------------------
In order to adjust to changes in upstream release policies, the former
dev-db/mysql has been split into dev-db/mysql-community and dev-db/mysql.
The new virtual/mysql depends on the presence of either
dev-db/mysql-community or dev-db/mysql.
If emerge complains about needing virtual/mysql, just install it. Assuming
you already have mysql or mysql-community installed, there's no compiling
required.
If you don't want the greatest stable version, but want to stay at mysql
4.x, for example, be sure to mask >=virtual/mysql-4.1, >=dev-db/mysql-4.1
and >=dev-db/mysql-community-4.1 in /etc/portage/package.mask.
If you want to compile mysql client-only, you need to use the minimal USE
flag.
=========================
2. Heard in the community
=========================
gentoo-user
-----------
Coldplug deprecated by udev-103 update? / udev and coldplug blocking each
other!
Two different users found themselves concerned by the recent demise of
coldplug, the package which formerly handled devices which are already
connected at the time the system is booted. Peter K was assured that he'd
read his emerge --sync output correctly and that, as of udev 103, coldplug
was indeed gone.
Hans de Hertog found himself more concerned by the mutual blocks that udev
and coldplug seemed to have thrown up:
+---------------------------------------------------------------------------+
| Code Listing 2.1 |
| blocker output |
+---------------------------------------------------------------------------+
| [blocks B ] >=sys-fs/udev-089 (is blocking sys-apps/coldplug-20040920-r1) |
| [blocks B ] sys-apps/coldplug (is blocking sys-fs/udev-103) |
| [ebuild U ] sys-fs/udev-103 [087-r1] USE="(-selinux)" 195 kB |
+---------------------------------------------------------------------------+
Hans was assured that the recently stabilized udev 103 was an entire
replacement for coldplug. Plucking up his courage, he unmerged coldplug,
merged udev 103 and cleaned up by deleting /etc/init.d/coldplug and running
rc-update del coldplug. As a bonus, he discovered it was no longer necessary
to edit /lib/rcscripts/addons/udev-start.sh to have udev handle
coldplugging.
* http://archives.gentoo.org/gentoo-user/msg_104287.xml
* http://archives.gentoo.org/gentoo-user/msg_104286.xml
Where is DISPLAYMANAGER="gdm" now?
Mark Knecht had just completed his GCC 4 upgrade and discovered that the
DISPLAYMANAGER="gdm" statement was no longer in /etc/rc.conf. To what file
it had been spirited away?
To /etc/conf.d/xdm although (as noted in /etc/conf.d/xdm) setting
DISPLAYMANAGER in /etc/rc.conf overrides /etc/conf.d/xdm.
Mark thanked all the responders and noted that he'd be using /etc/conf.d/xdm
as he wanted to do it the Gentoo way.
* http://archives.gentoo.org/gentoo-user/msg_104230.xml
gentoo-amd64
------------
Interrupting portage gracefully
Peter Humphreys wanted to know if there was a command to make portage stop
compiling at the end of the current package. He'd been running compiles
overnight, but was bothered by the fan noise.
Christoph Mende suggested terminating the compile with Control-C and running
emerge --resume the next day. Various readers proposed using suspend to disk
or suspend to RAM and picking up right where you left off the next morning.
Peter Davoust uses emerge [package] && init 0, although conceding it leaves
the machine running if the package fails to compile. Others suggested emerge
[package] ; shutdown -h now. This has the opposite problem to Peter's
solution, since the machine will shutdown even if the package fails to
compile. It thus requires review of logs in the morning to know whether the
package was built or not.
* http://archives.gentoo.org/gentoo-amd64/msg_14306.xml
=========================
3. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* Anders Rune Jensen (arj)
Adds
----
The following developers recently joined the Gentoo project:
* Charlie Shepherd (masterdriverz) kernel team
Changes
-------
The following developers recently changed roles within the Gentoo project:
* none this week
==================
4. Gentoo security
==================
TikiWiki: Multiple vulnerabilities
----------------------------------
TikiWiki allows for the disclosure of MySQL database authentication
credentials and for cross-site scripting attacks.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200611-11.xml
Ruby: Denial of Service vulnerability
-------------------------------------
The Ruby cgi.rb CGI library is vulnerable to a Denial of Service attack.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200611-12.xml
Avahi: "netlink" message vulnerability
--------------------------------------
Avahi fails to verify the origin of netlink messages, which could allow
local users to spoof network changes.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200611-13.xml
TORQUE: Insecure temporary file creation
----------------------------------------
TORQUE creates temporary files in an insecure manner which could lead to the
execution of arbitrary code with elevated privileges.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200611-14.xml
qmailAdmin: Buffer overflow
---------------------------
qmailAdmin is vulnerable to a buffer overflow that could lead to the remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200611-15.xml
Texinfo: Buffer overflow
------------------------
Texinfo is vulnerable to a buffer overflow that could lead to the execution
of arbitrary code.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200611-16.xml
fvwm: fvwm-menu-directory fvwm command injection
------------------------------------------------
A flaw in fvwm-menu-directory may permit a local attacker to execute
arbitrary commands with the privileges of another user.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200611-17.xml
TIN: Multiple buffer overflows
------------------------------
Multiple buffer overflows have been reported in TIN, possibly leading to the
execution of arbitrary code.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200611-18.xml
ImageMagick: PALM and DCM buffer overflows
------------------------------------------
ImageMagick improperly handles PALM and DCM images, potentially resulting in
the execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200611-19.xml
GNU gv: Stack overflow
----------------------
GNU gv improperly handles user-supplied data possibly allowing for the
execution of arbitrary code.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200611-20.xml
============================
5. Upcoming package removals
============================
This is a list of packages that have been announced to be removed in the
future. The package removals come from many locations, including the
Treecleaners[19] and various developers.
19. http://www.gentoo.org/proj/en/qa/treecleaners
Last Rites:
-----------
Package: Removal date: Contact:
dev-perl/Msql-Mysql-modules 20 Dec 06 Michael Cummings[20]
net-nds/migrationtools 21 Dec 06 Robin H. Johnson[21]
net-ftp/kbear 25 Dec 06 Charlie Shepherd[22]
20. mcummings@gentoo.org
21. robbat2@gentoo.org
22. masterdriverz@gentoo.org
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[23]) to record and track
bugs, notifications, suggestions and other interactions with the development
team. Between 19 November 2006 and 26 November 2006, activity on the site
has resulted in:
23. http://bugs.gentoo.org
* 632 new bugs during this period
* 352 bugs closed or resolved during this period
* 21 previously closed bugs were reopened this period
* 114 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this
period
* 172 bugs marked as duplicates during this period
Of the 10878 currently open bugs: 27 are labeled 'blocker', 107 are labeled
'critical', and 478 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* AMD64 Project[24], with 28 closed bugs[25]
* Gentoo KDE team[26], with 25 closed bugs[27]
* Default Assignee for Orphaned Packages[28], with 19 closed bugs[29]
* Java team[30], with 18 closed bugs[31]
* Gentoo Security[32], with 16 closed bugs[33]
* Hanno Boeck[34], with 11 closed bugs[35]
* Gentoo Linux Gnome Desktop Team[36], with 11 closed bugs[37]
* PPC Porters[38], with 8 closed bugs[39]
24. amd64@gentoo.org
25. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=amd64@gentoo.org
26. kde@gentoo.org
27. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=kde@gentoo.org
28. maintainer-needed@gentoo.org
29. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=maintainer-needed@gentoo.org
30. java@gentoo.org
31. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=java@gentoo.org
32. security@gentoo.org
33. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=security@gentoo.org
34. hanno@gentoo.org
35. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=hanno@gentoo.org
36. gnome@gentoo.org
37. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=gnome@gentoo.org
38. ppc@gentoo.org
39. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-11-19&chfieldto=2006-11-26&resolution=FIXED&assigned_to=ppc@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[40], with 26 new bugs[41]
* AMD64 Project[24], with 10 new bugs[42]
* Gentoo Sound Team[43], with 8 new bugs[44]
* Gentoo Toolchain Maintainers[45], with 7 new bugs[46]
* Default Assignee for Orphaned Packages[28], with 7 new bugs[47]
* Gentoo Games[48], with 7 new bugs[49]
* Jan Kundrát[50], with 6 new bugs[51]
* Java team[30], with 6 new bugs[52]
24. amd64@gentoo.org
28. maintainer-needed@gentoo.org
30. java@gentoo.org
40. maintainer-wanted@gentoo.org
41. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=maintainer-wanted@gentoo.org
42. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=amd64@gentoo.org
43. sound@gentoo.org
44. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=sound@gentoo.org
45. toolchain@gentoo.org
46. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=toolchain@gentoo.org
47. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=maintainer-needed@gentoo.org
48. games@gentoo.org
49. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=games@gentoo.org
50. jkt@gentoo.org
51. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=jkt@gentoo.org
52. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-11-19&chfieldto=2006-11-26&assigned_to=java@gentoo.org
===============
7. GWN feedback
===============
The GWN is staffed by volunteers and members of the community who submit
ideas and articles. If you are interested in writing for the GWN, have
feedback on an article that we have posted, or just have an idea or article
that you would like to submit to the GWN, please send us your feedback[53]
and help make the GWN better.
53. gwn-feedback@gentoo.org
===============================
8. GWN subscription information
===============================
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed
under.
==================
9. Other languages
==================
The Gentoo Weekly Newsletter is also available in the following languages:
* Chinese (Simplified)[54]
* Danish[55]
* Dutch[56]
* English[57]
* German[58]
* Greek[59]
* French[60]
* Korean[61]
* Japanese[62]
* Italian[63]
* Polish[64]
* Portuguese (Brazil)[65]
* Portuguese (Portugal)[66]
* Russian[67]
* Slovak[68]
* Spanish[69]
* Turkish[70]
54. http://www.gentoo.org/news/zh_cn/gwn/gwn.xml
55. http://www.gentoo.org/news/da/gwn/gwn.xml
56. http://www.gentoo.org/news/nl/gwn/gwn.xml
57. http://www.gentoo.org/news/en/gwn/gwn.xml
58. http://www.gentoo.org/news/de/gwn/gwn.xml
59. http://www.gentoo.org/news/el/gwn/gwn.xml
60. http://www.gentoo.org/news/fr/gwn/gwn.xml
61. http://www.gentoo.org/news/ko/gwn/gwn.xml
62. http://www.gentoo.org/news/ja/gwn/gwn.xml
63. http://www.gentoo.org/news/it/gwn/gwn.xml
64. http://www.gentoo.org/news/pl/gwn/gwn.xml
65. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
66. http://www.gentoo.org/news/pt/gwn/gwn.xml
67. http://www.gentoo.org/news/ru/gwn/gwn.xml
68. http://www.gentoo.org/news/sk/gwn/gwn.xml
69. http://www.gentoo.org/news/es/gwn/gwn.xml
70. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Chris Atkinson <thirtyyearswar@mindspring.com> - Author
Mart Raudsepp <leio@gentoo.org> - Author
Chris Gianelloni <wolf31o2@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list