Fri Apr 19 21:24:48 UTC 2013
Hey folks, a few more updates are ready. I'd like to thank everyone who
weighed in on the thread on LQ concerning reverting a few things to more
stable versions. Your opinions were very helpful. Here's what was
concluded after careful consideration:
1) kernel: Stick with 3.8 for now. It remains a concern that the nVidia
6150SE and nouveau could be broken with kernels above 3.6.1, however.
Does anyone know if the blob fixes the issues? If not, there may still be
a compelling reason to switch to the 3.4 kernel for the release. The
release of the 3.9 kernel might be another reason as well, since moving to
a newer branch could bring more problems and would basically require testing
to start again at square one (and then the 3.8 branch would be dead). But
since we're sticking with 3.8 for now, might as well bump it to 3.8.8.
2) gcc: I really have not run into any compiler bugs with this. There was
a single report of issues with the radeon R300 when the kernel was compiled
with 4.8.0, and it wasn't reported on any bug trackers or anywhere else.
None of the other reports of issues could be reproduced here, or were merely
a case of getting rid of -Werror. I see no reason to downgrade this.
3) xorg-server: Here, it does appear that going with the better supported
branch (1.13.x) is a good idea to help support external drivers. Many
people reported when the batch containing 1.14.0 was shipped that things were
working better, but I attribute this to the driver updates that went out at
the same time. I've moved the 1.14.x (upgraded to 1.14.1) server and the
drivers that were build against it into testing, so anyone that wants to use
that branch is free to continue to do so. But I think that the average user
is more likely to run into problems with the 1.14.x branch and the lack of
driver support from AMD than they are to require one of the improvements such
as in the area of touch input support.
Thanks again for the advice!
Make fsck.btrfs a link to /bin/true as recommended on the btrfs wiki.
Patched two crash bugs (CVE-2013-0242, CVE-2013-1914). These do not allow
code execution, and upstream agrees that they are low priority/severity.
They are patched here since glibc was due for a kernel related rebuild
anyway, but given the low priority/severity and possibility of introducing
problems in production versions of glibc, they will backported only if
further review indicates a necessity.
Added /etc/auto.master.d directory. Thanks to GazL.
Added mod_radius to the build as requested by chemfire. I wasn't sure about
this at first since it's a non-default and seldom used module, but since it
doesn't do anything unless it has been configured it should be safe to
This update fixes an input flush bug with evdev. Under exceptional
conditions (keyboard input during device hotplugging), this could leak
a small amount of information intended for the X server.
This issue was evaluated to be of low impact.
For more information, see:
(* Security fix *)