Gentoo Weekly Newsletter: October 24th, 2005
1.
Gentoo news
Gentoo SGI LiveCD released
Joshua Kinard released a bootable CD for
Silicon Graphics machines, his fifth release candidate that builds on earlier
efforts, and adds the SGI Origin (IP27) series to the list of supported
hardware. This outstanding achievement -- other than IRIX installation media,
this is the only bootable CD for SGI systems -- was largely built using
Catalyst 2, the release engineering tool's next generation, and is again
making use of Stanislaw Skowronek's ARCLoad bootloader and other tools.
Carefully check the instructions in Joshua's
README to the CD image that can be found in the experimental MIPS
section of Gentoo's mirrors. In
particular, CDs need to be burnt with cdrecord to make sure the
IRIX-like partitioned disk structure is preserved.
Gentoo Linux/MIPS 2005.1 stages for Cobalt released
More good news for MIPS users, this one for owners of Cobalt Qubes and RaQs:
Stuart Longland announced that he finished
building the stages for Gentoo Linux/MIPS 2005.1 installations on the popular
little-endian appliances of the Cobalt
Networks server series. Netboot images will be made available later, the
stages can already be downloaded from Stuart's devspace
before they hit the official Gentoo mirrors later this month.
2.
Heard in the community
Web forums
Openoffice 2.0 is out
Greeted by many Forums users, the stable version of OOo 2.0 has hit the Portage
tree last week, mere hours after the official announcement. In the main thread,
developer Andreas Proschofsky explains the
benefits of compiling the package (better KDE integration, Gentoo splashscreen)
and clarifies that it will not build with Java 1.5:
3.
Gentoo in the press
Information Week (17 October 2005)
In an article titled Open
doors to innovation, author Larry Greenemeier of Information Week reports on
small and medium-sized companies "creating IT infrastructures based on open-source
software to reduce licensing fees and increase flexibility." One of the examples
featuring in his concise overview of the many good uses open-source software is
being put to is a company called Feedster,
a blog aggregator service in San Francisco where 60 out of 75 servers run Gentoo to
do the job of "pumping out the RSS feeds."
4.
Tips and tricks
Rebuilding modules after a kernel upgrade
module-rebuild is a tool written by Gentoo developer John Mylchreest that serves a very simple, but
utterly useful purpose: Whenever you've upgraded your kernel to a newer
version, this script hunts down all packages that use -- now outdated --
kernel modules and rebuilds them for you.
Suppose you've just booted into a freshly updated kernel. First of all, check
which packages are using modules that haven't been built with the new sources
yet:
Code Listing 4.1: List packages |
# module-rebuild list
|
So, in case you've got any wireless drivers, exotic filesystems, anything else
that relies on kernel modules, chances are you've just found them listed as a
result of the above, and then you can rebuild them all by simply going:
Code Listing 4.2: Rebuild all affected packages |
# module-rebuild rebuild
|
Voila. Thanks to this little routine, you don't need to keep a mental list of
things to do after a kernel update any longer.
Note: Thanks to Forum user Sir
No for unearthing this utility. |
5.
Moves, adds, and changes
Moves
The following developers recently left the Gentoo team:
Adds
The following developers recently joined the Gentoo Linux team:
- Luca Longinotti (chtekk) - Apache, webapps, PHP
Changes
The following developers recently changed roles within the
Gentoo Linux project:
6.
Gentoo Security
Perl, Qt-UnixODBC, CMake: RUNPATH issues
Multiple packages suffer from RUNPATH issues that may allow users in the
"portage" group to escalate privileges.
For more information, please see the GLSA Announcement
Lynx: Buffer overflow in NNTP processing
Lynx contains a buffer overflow that may be exploited to execute arbitrary
code.
For more information, please see the GLSA Announcement
phpMyAdmin: Local file inclusion vulnerability
phpMyAdmin contains a local file inclusion vulnerability that may lead to
the execution of arbitrary code.
For more information, please see the GLSA Announcement
AbiWord: New RTF import buffer overflows
AbiWord is vulnerable to an additional set of buffer overflows during RTF
import, making it vulnerable to the execution of arbitrary code.
For more information, please see the GLSA Announcement
Netpbm: Buffer overflow in pnmtopng
The pnmtopng utility, part of the Netpbm tools, contains a vulnerability
which can potentially result in the execution of arbitrary code.
For more information, please see the GLSA Announcement
cURL: NTLM username stack overflow
cURL is vulnerable to a buffer overflow which could lead to the execution
of arbitrary code.
For more information, please see the GLSA Announcement
7.
Bugzilla
Summary
Statistics
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the
development team. Between 16 October 2005
and 23 October 2005, activity on the site has resulted in:
- 774 new bugs during this period
- 391 bugs closed or resolved during this period
- 22 previously closed bugs were reopened this period
Of the 8753 currently open bugs: 108 are labeled 'blocker', 186 are labeled 'critical', and 562 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period are:
New bug rankings
The developers and teams who have been assigned the most new bugs during this period are:
8.
GWN feedback
Please send us your feedback and
help make the GWN better.
9.
GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn+unsubscribe@gentoo.org
from the email address you are subscribed under.
10.
Other languages
The Gentoo Weekly Newsletter is also available in the following
languages:
|