You’d think that a company that had produced and does produce some Linux based products would also provide CUPS drivers for their printers, like the Dell 1350cnw. Not so, it seems. Still, I was undeterred and found a way to make it happen. Continue reading Dell 1350cnw on Gentoo Linux with CUPS
Category: Universe
Request Tracker
So, I’ve kind of taken over Request Tracker (bestpractical.com).
Initially I took it because I’m interested in using RT at work to take track customer service emails. All I did at the time was bump the version and remove old, insecure versions from the tree.
However, as I’ve finally gotten around to working on getting it setup, I’ve discovered there were a lot of issues that had gone unreported.
The intention is for RT to run out of its virtual host root, like /var/www/localhost/rt-4.2.9/bin/rt and configured by /var/www/localhost/rt-4.2.9/etc/RT_SiteConfig.pm, and for it to reference any supplementary packages with ${VHOST_ROOT} as its root. However, because of a broken install process and a broken hook script used by webapp-config that didn’t happen. Further, the rt_apache.conf included by us was outdated by a few years, too, which in itself isn’t a bad thing, except that it was wrong for RT 4+.
I spent much longer than I care to admit trying to figure out why my settings weren’t sticking when I edited RT_SiteConfig.pm. I was trying to run RT under its own path rather than on a subdomain, but Set($WebPath, ‘/rt’) wasn’t doing what it should.
It also complained about not being able to write to /usr/share/webapps/rt/rt-4.2.9/data/mason_data/obj, which clearly wasn’t right.
Once I tried moving RT_SiteConfig.pm to /usr/share/webapps/rt/rt-4.2.9/etc/, and chmod and chown on ../data/mason_data/obj, everything worked as it should.
Knowing this was wrong and that it would prevent anyone using our package from having multiple installation, aka vhosts, I set out to fix it.
It was a descent into madness. Things I expected to happen did not. Things that shouldn’t have been a problem were. Much of the trouble I had circled around webapp-config and webapp.eclass.
But, I prevailed, and now you can really have multiple RT installations side-by-side. Also, I’ve added an article (wiki.gentoo.org) to our wiki with updated instructions on getting RT up and running.
Caveat: I didn’t use FastCGI, so that part may be wrong still, but mod_perl is good to go.
EVE Online on Gentoo Linux
Good news, everyone! I’m finally rid of Windows. Continue reading EVE Online on Gentoo Linux
One Severe and Multiple Security Fixes – PostgreSQL
If you’re using dev-db/postgresql-server, update now.
CVE-2013-1899 <dev-db/postgresql-server-{9.2.4,9.1.9,9.0.13} ------------------------------------------------------------ A connection request containing a database name that begins with "-" may be crafted to damage or destroy files within a server's data directory. CVE-2013-1900 <dev-db/postgresql-server-{9.2.4,9.1.9,9.0.13,8.4.17} ------------------------------------------------------------------- Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess CVE-2013-1901 <dev-db/postgresql-server-{9.2.4,9.1.9} ----------------------------------------------------- An unprivileged user can run commands that could interfere with in-progress backups.
PostgreSQL 8.3 Has Reached End of Life
Today I’ll be masking PostgreSQL 8.3 for removal. If you haven’t already, you should move to a more recent version of PostgreSQL.
Security and Other Updates 2013-02-07 – PostgreSQL
Perl::Critic CERT Theme
So, Brian d Foy has compiled the CERT recommendations for securely programming in Perl. I’ve whipped up a perlcriticrc for it.
I’ve checked out he subversion from Perl::Critic and will submit the simple patch…if somebody else hasn’t beaten me to it.
If You Have An Issue With MySQL, Just Remember…
If you have an issue with MySQL, just remember…MySQL is free!
Security Update 2012-08-17 – PostgreSQL
From PostgreSQL:
The PostgreSQL Global Development Group today released security updates for all active branches of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This update patches security holes associated with libxml2 and libxslt, similar to those affecting other open source projects. All users are urged to update their installations at the first available opportunity.
This security release fixes a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. Both vulnerabilities allow reading of arbitrary files by any authenticated database user, and the XSLT vulnerability allows writing files as well. The fixes cause limited backwards compatibility issues. These issues correspond to the following two vulnerabilities:
- CVE-2012-3488: PostgreSQL insecure use of libxslt
- CVE-2012-3489: PostgreSQL insecure use of libxml2
This release also contains several fixes to version 9.1, and a smaller number of fixes to older versions, including:
- Updates and corrections to time zone data
- Multiple documentation updates and corrections
- Add limit on max_wal_senders
- Fix dependencies generated during ALTER TABLE ADD CONSTRAINT USING INDEX.
- Correct behavior of unicode conversions for PL/Python
- Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT).
- Fix syslogger so that log_truncate_on_rotation works in the first rotation.
- Only allow autovacuum to be auto-canceled by a directly blocked process.
- Improve fsync request queue operation
- Prevent corner-case core dump in rfree().
- Fix Walsender so that it responds correctly to timeouts and deadlocks
- Several PL/Perl fixes for encoding-related issues
- Make selectivity operators use the correct collation
- Prevent unsuitable slaves from being selected for synchronous replication
- Make REASSIGN OWNED work on extensions as well
- Fix race condition with ENUM comparisons
- Make NOTIFY cope with out-of-disk-space
- Fix memory leak in ARRAY subselect queries
- Reduce data loss at replication failover
- Fix behavior of subtransactions with Hot Standby
Users who are relying on the built-in XML functionality to validate external DTDs will need to implement a workaround, as this security patch disables that functionality. Users who are using xslt_process() to fetch documents or stylesheets from external URLs will no longer be able to do so. The PostgreSQL project regrets the need to disable both of these features in order to maintain our security standards. These security issues with XML are substantially similar to issues patched recently by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and PHP5 (CVE-2012-0057) projects.
As with other minor releases, users are not required to dump and reload their database or use
pg_upgrade
in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. Perform post-update steps after the database is restarted.All supported versions of PostgreSQL are affected. See the release notes for each version for a full list of changes with details of the fixes and steps.
The latest versions are available from Portage now.
pgpool-II 3.2.0 Now Available For Real – PostgreSQL
So, apparently pgpool-II did a bit of a switcharoo some time ago, which I wasn’t too careful about. But, can you really blame me? pgpool-II’s documentation is among the worst I’ve seen. It’s a good thing they’ve commented their code, or I wouldn’t have been able to do some things cleanly. Continue reading pgpool-II 3.2.0 Now Available For Real – PostgreSQL