---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 25 October 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Portage 2.0.51 released
-----------------------
Keeping a Linux system healthy and in good condition wouldn't be possible
without its core toolchain. No wonder the excitement over Portage releases
generally reaches higher amplitudes than other Gentoo developments. As of
last week, Portage 2.0.51 has been marked stable and fit for general
consumption. Portage is now more feature-rich than ever, has sped up
considerably, and is generally on track for future improvements to
Gentoo's sophisticated package management. A full list of all the new
features is published in the official announcement[1], here is an overview
of a few of the highlights:
1. http://www.gentoo.org/news/20041021-portage51.xml
* Rebuilding on USE flag changes: Using emerge --newuse, Portage is now
able to perform automatic rebuilds of formerly emerged packages whenever
USE flag settings have changed (see also today's Tips and Tricks section
below)
* Experimental support for GPG verification: Not completely implemented
yet, but a new FEATURES variable gpg in /etc/make.conf that can be set to
different levels of strictness will allow checks of the GPG signatures in
newer Manifest files.
* FHS compliance - The world file has been moved, and virtuals are now
being dynamically checked, making Portage FHS-compliant - which means for
example that it's now safe to remove data from /var/cache.
* Compilation success checking: New ebuilds will be able to include a
test phase in the compilation process where success or failure of a
package build can be verified before emerge has finished.
* Dependency calculation speedup: Now at only one third of the time that
the previous Portage release had to spend on dependency checking.
* Parallel emerging: Portage has improved its use of lockfiles, to
correctly perform downloads while emerging applications now, for example.
Winner of the website redesign contest announced
------------------------------------------------
Aaron Shi and his design are the winners of the public contest that was
held to determine the future look of the soon-to-be-refurbished Gentoo
Foundation website. Aaron was elected over four other finalists by almost
half of the more than 3000 votes that were being cast within the two weeks
that the poll at the Gentoo Forums was open.
Figure 1.1: Only 3 percent wanted to keep the current design...
http://www.gentoo.org/images/gwn/20041025-vote.png
Congratulations to Aaron, and many thanks to all the other participants in
the public contest. The new look is expected to replace the current layout
as soon as the Gentoo developer team - now busily working together with
the designer - will finish applying some last touches to the graphics and
the internal data structure of the new design. The content presentation
remains unaffected by the new design, as the Gentoo website continues to
be entirely XML-based, with XHTML pages being generated on the fly by
using XSL transformation style sheets.
Figure 1.2: Aaron Shi's design for the new Gentoo Foundation website
http://www.gentoo.org/images/gwn/20041025-shi.png
Urgent call for help: Haskell developers
----------------------------------------
The developer team looking after the lambda-calculus based functional
programming language Haskell[2] in Gentoo is urgently seeking additional
help. Haskell programmers who would like to support the effort of
maintaining Haskell in Gentoo please contact Gentoo's recruiters team[3].
2. http://www.haskell.org
3. recruiters@gentoo.org
New chapter in the Gentoo handbook: Working with Portage
--------------------------------------------------------
Several good news came from the documentation team this week, including
improvements to the KDE configuration[4], the Gentoo installation tips and
tricks[5], and Usermode Linux guides[6]. Stuart Herbert[7] has contributed
a document on "Running NX On Gentoo Linux"[8], a guide on using
NoMachine's[9] commercial NX server and its free clients in Gentoo for
remote X11 access optimized for low-bandwidth connections. Probably the
most significant change was made to the Gentoo handbook, which has been
expanded to reflect the changes in Portage 2.0.51. It now accomodates a
whole new chapter called "A Portage Introduction"[10] which contains all
the basic emerge-related commands that every Gentoo user ought to know,
and a section on "Working with Portage"[11] explaining the finer details.
4. http://www.gentoo.org/doc/en/kde-config.xml
5. http://www.gentoo.org/doc/en/gentoo-x86-tipsntricks.xml
6. http://www.gentoo.org/doc/en/uml.xml
7. stuart@gentoo.org
8. http://www.gentoo.org/doc/en/nx-guide.xml
9. http://www.nomachine.com
10. http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2
11. http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3
==================
2. Gentoo security
==================
phpMyAdmin: Vulnerability in MIME-based transformation system
-------------------------------------------------------------
A vulnerability has been found in the MIME-based transformation system of
phpMyAdmin, which may allow remote execution of arbitrary commands if
PHP's "safe mode" is disabled.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200410-14.xml
Squid: Remote DoS vulnerability
-------------------------------
Squid contains a vulnerability in the SNMP module which may lead to a
denial of service.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml
PostgreSQL: Insecure temporary file use in make_oidjoins_check
--------------------------------------------------------------
The make_oidjoins_check script, part of the PostgreSQL package, is
vulnerable to symlink attacks, potentially allowing a local user to
overwrite arbitrary files with the rights of the user running the utility.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200410-16.xml
OpenOffice.org: Temporary files disclosure
------------------------------------------
OpenOffice.org uses insecure temporary files which could allow a malicious
local user to gain knowledge of sensitive information from other users'
documents.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200410-17.xml
Ghostscript: Insecure temporary file use in multiple scripts
------------------------------------------------------------
Multiple scripts in the Ghostscript package are vulnerable to symlink
attacks, potentially allowing a local user to overwrite arbitrary files
with the rights of the user running the script.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200410-18.xml
glibc: Insecure tempfile handling in catchsegv script
-----------------------------------------------------
The catchsegv script in the glibc package is vulnerable to symlink
attacks, potentially allowing a local user to overwrite arbitrary files
with the rights of the user running the script.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200410-19.xml
Xpdf, CUPS: Multiple integer overflows
--------------------------------------
Multiple integer overflows were discovered in Xpdf, potentially resulting
in execution of arbitrary code upon viewing a malicious PDF file. CUPS
includes Xpdf code and therefore is vulnerable to the same issues.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
-----------------------------------------------------
In certain configurations, it can be possible to bypass restrictions set
by the "SSLCipherSuite" directive of mod_ssl.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200410-21.xml
=========================
3. Heard in the community
=========================
gentoo-user
-----------
/etc/group x
Following an emerge -uD world etc-update was intent on removing the "x" in
the password field from entries in the /etc/group file. Can this be safely
ignored, in order not to lose group memberships?
* /etc/group changes[20]
20. http://thread.gmane.org/gmane.linux.gentoo.user/104111
Mysql 4.1 ebuild
If you're looking for the next releases of MySQL to test the latest
features, version 4.1 or 5.0 ebuilds appear to be missing from Portage.
* Mysql 4.1 ebuild[21]
21. http://thread.gmane.org/gmane.linux.gentoo.user/103933
List Package Files
How do you list all files installed by a particular ebuild? Distributions
based on the rpm package manager offer the functionality to query any
package for its contents, so how does one find the same information in
Portage?
* List Files in Packages (rpm -ql feature?)[22]
22. http://thread.gmane.org/gmane.linux.gentoo.user/103570
gentoo-dev
----------
Gentoo (x86|ppc|arm)-uClibc experimental stages
Ned Ludd[23] has released some uClibc stages which are especially suited
for embedded systems.
23. solar@gentoo.org
* Gentoo (x86|ppc|arm)-uClibc experimental stages[24]
24. http://article.gmane.org/gmane.linux.gentoo.devel/22342
GLEP 28 to remove inactive GLEPs
To get more speed into the GLEP process, GLEPs that have been inactive for
more than 60 days will be removed from 1 November 2004
* GLEPs soon to expire[25]
25. http://thread.gmane.org/gmane.linux.gentoo.devel/22308
"Broken-up" KDE ebuilds
Dan Armak[26] has released individual KDE ebuilds that allow single KDE
applications to be built without pulling in other, perhaps unneeded KDE
applications. This is one of the most frequently requested functions and
is now available at least experimentally.
26. danarmak@gentoo.org
* broken up KDE ebuilds[27]
27. http://thread.gmane.org/gmane.linux.gentoo.devel/22259
Open-source and Business
Cory Visi[28] asks Gentoo users to give examples of a) IT consulting firms
in the North Eastern US that support and implement open-source/Linux
solutions, and b) Fortune 100 or 500 companies in the financial services
industry that use open-source/Linux solutions successfully.
28. merlin@gentoo.org
* OpenSource and Business[29]
29. http://thread.gmane.org/gmane.linux.gentoo.devel/22239
=======================
4. Gentoo International
=======================
Germany: Linux World Expo opening next Tuesday
----------------------------------------------
Held in Frankfurt/Main from 26 to 28 October 2004, the German issue of the
Linux World Expo[30] series of exhibitions and conferences is opening with
a Gentoo stand in the open-source projects section. Similar to the
Linuxtag in Karlsruhe earlier this year, the focus of the Gentoo presence
is going to be a display the variety of architectures supported by Gentoo
Linux. Apart from an SGI O2 and several x86 and PPC notebooks already
running Gentoo Linux, the hardware lineup includes three Sun UltraSparc
workstations (U1 140MHz 448MB RAM 2GB HDD, U2 160MHz 1GB RAM 18GB disk,
U10 440MHz 256MB of RAM 60GB disk), and a Siemens Primergy 670-40
quad-server (4x400MHz Pentium III, 1GB RAM, two RAID controllers with 32MB
Adaptec failover cache and lots of harddisks). The latter, a 60kg monster,
and the Sparc workstations will undergo live Gentoo installations at the
LWE, while other highlights at the booth (manned by Christian Hartmann,
Michael Imhof, Wernfried Haas, Sven Wegener and Markus Nigbur) will
include brandnew LiveCDs in a special LWE edition, T-shirts, the famous
Foser stickers and other goodies. The LiveCD has German localization
across the board, includes KDE and documentation in German, and is based
on a 2.6 kernel. If you can't make it to the Expo, the ISO is available
via Gentoo's bittorrent[31].
30. http://www.linuxworldexpo.de/
31. http://tracker.netdomination.org
Figure 4.1: Gentoo hardware lineup at the Linux World Expo in Frankfurt,
26-28 October 2004
http://www.gentoo.org/images/gwn/20041018-lwe.jpg
UK: Gentoo User Meeting in Cambridge
------------------------------------
One February morning in 1953, two researchers from a university
laboratory, Francis Crick and James Watson, walked into their favourite
Cambridge pub, the Eagle on Bene't Street, and declared that they had
found the secret of life - or more precisely, the double helix structure
of DNA. Since then, regulars at the Eagle have started concentrating on
their beers again, but now Stephen Bennett, Gentoo (and BSD) developer
based in Cambridge, and a few fellow Gentooists are proposing a Gentoo
meeting for users and developers at the famous pub, on Thursday 4 November
2004 from around 19:30. The idea for this initial gathering is to meet up,
see who's around and whether it's worth arranging something more
seriously, so if you'd be interested, then come along and register your
support. Check this Forum thread[32] for details.
32. http://forums.gentoo.org/viewtopic.php?t=240032
======================
5. Gentoo in the press
======================
DigiTimes (14 October 2004)
---------------------------
In an article about Abit dual AMD 64-bit Opteron SU-2S showing prowess as
UT2K4 game server[33], James McClure writes about the Taiwanese
motherboard manufacturer[34]: "Abit believes that thoroughly testing its
motherboards under Linux puts the boards through the most rigorous testing
procedures available." Consequently, Gentoo Linux is mentioned in the
article as one of the distributions being tested on Abit's hardware. Abit
even maintained a Linux distribution of their own until a few years ago -
called "Gentus," interestingly enough.
33. http://www.digitimes.com/news/a20041014PR204.html
34. http://www.abit.com
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[35]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 17 October 2004 and 23 October 2004, activity on
the site has resulted in:
35. http://bugs.gentoo.org
* 764 new bugs during this period
* 569 bugs closed or resolved during this period
* 26 previously closed bugs were reopened this period
Of the 7185 currently open bugs: 115 are labeled 'blocker', 235 are
labeled 'critical', and 522 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Portage team[36], with 143 closed bugs[37]
* AMD64 Porting Team[38], with 29 closed bugs[39]
* Gentoo Linux Gnome Desktop Team[40], with 25 closed bugs[41]
* Gentoo's Team for Core System packages[42], with 21 closed bugs[43]
* Dylan Carlson[44], with 19 closed bugs[45]
* Gentoo KDE team[46], with 14 closed bugs[47]
* Pieter Van den Abeele[48], with 12 closed bugs[49]
* Gentoo Games[50], with 11 closed bugs[51]
36. dev-portage@gentoo.org
37.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=dev-portage@gentoo.org
38. amd64@gentoo.org
39.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=amd64@gentoo.org
40. gnome@gentoo.org
41.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=gnome@gentoo.org
42. base-system@gentoo.org
43.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=base-system@gentoo.org
44. absinthe@gentoo.org
45.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=absinthe@gentoo.org
46. kde@gentoo.org
47.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=kde@gentoo.org
48. pvdabeel@gentoo.org
49.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=pvdabeel@gentoo.org
50. games@gentoo.org
51.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=games@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo Linux Gnome Desktop Team[52], with 23 new bugs[53]
* Gentoo X-windows packagers[54], with 12 new bugs[55]
* media-video herd[56], with 12 new bugs[57]
* Gentoo KDE team[58], with 11 new bugs[59]
* AMD64 Porting Team[60], with 11 new bugs[61]
* Gentoo Toolchain Maintainers[62], with 10 new bugs[63]
* osx porters[64], with 10 new bugs[65]
* Karl Trygve Kalleberg[66], with 10 new bugs[67]
52. gnome@gentoo.org
53.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=gnome@gentoo.org
54. x11@gentoo.org
55.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=x11@gentoo.org
56. media-video@gentoo.org
57.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=media-video@gentoo.org
58. kde@gentoo.org
59.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=kde@gentoo.org
60. amd64@gentoo.org
61.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=amd64@gentoo.org
62. toolchain@gentoo.org
63.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=toolchain@gentoo.org
64. osx@gentoo.org
65.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=osx@gentoo.org
66. karltk@gentoo.org
67.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=karltk@gentoo.org
==================
7. Tips and Tricks
==================
Portage's new '--newuse' option
-------------------------------
This week we want to explain a new Portage option which allows you to
track changes to USE flag settings you may have altered after installing
an application. We're talking about --newuse, one of a number of very
useful new features in Portage 2.0.51. Before we start, make sure that
you've installed the latest Portage revision on your box.
Imagine that up until today, you never had printer. Now you bought one,
and off course you want to use your Gentoo system to test your new
printer. First of all, you'd want printing support for some of the
applications you've installed. In order to get that you would alter your
USE flags and add cups and maybe some more flags to your USE variable in
/etc/make.conf.
So what's next, then? You'll need to find an easy way to create a listing
with all packages affected by this USE flag change:
Type emerge --newuse to list all pacakges affected by a USE flag change:
---------------------------------------------------------------------------
| Code Listing 7.1: |
|List all pacakges affected by a USE flag |
change---------------------------------------------------------------------
----
| |
| |
|# |
|emerge --newuse world -Dpv |
| |
| |
|These are the packages that I would merge, in order: |
| |
|Calculating world dependencies ...done! |
|[ebuild N ] net-print/cups-1.1.21-r2 -debug +pam -samba -slp +ssl |
8,348 kB
|[ebuild R ] gnome-base/nautilus-2.8.0 +cups* -debug -flac -gstreamer |
-mad +oggvorbis 5,637 kB
| |
---------------------------------------------------------------------------
No surprise that the CUPS package itself wants to get installed now, but
you will also notice the appended asterisk to the +cups USE flag on the
Nautilus package: This simply points out that the USE flag has changed,
and you can now merge CUPS and all the packages which could benefit from
an active cups USE flag. Don't forget to configure your new printer.
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* Joseph Jezak (josejx) - Gentoo/PPC, Gentoo/OSX
* Preston Cody (codeman) - Gentoo Installer
* Stephen Bennett (spb) - Gentoo/BSD, bugfixes
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[68].
68. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[69] and help make the GWN better.
69. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[70]
* Dutch[71]
* English[72]
* German[73]
* French[74]
* Japanese[75]
* Italian[76]
* Polish[77]
* Portuguese (Brazil)[78]
* Portuguese (Portugal)[79]
* Russian[80]
* Spanish[81]
* Turkish[82]
70. http://www.gentoo.org/news/da/gwn/gwn.xml
71. http://www.gentoo.org/news/be/gwn/gwn.xml
72. http://www.gentoo.org/news/en/gwn/gwn.xml
73. http://www.gentoo.org/news/de/gwn/gwn.xml
74. http://www.gentoo.org/news/fr/gwn/gwn.xml
75. http://www.gentoo.org/news/ja/gwn/gwn.xml
76. http://www.gentoo.org/news/it/gwn/gwn.xml
77. http://www.gentoo.org/news/pl/gwn/gwn.xml
78. http://www.gentoo.org/news/br/gwn/gwn.xml
79. http://www.gentoo.org/news/pt/gwn/gwn.xml
80. http://www.gentoo.org/news/ru/gwn/gwn.xml
81. http://www.gentoo.org/news/es/gwn/gwn.xml
82. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Tobias Scherbaum <dertobi123@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 25 October 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Portage 2.0.51 released
-----------------------
Keeping a Linux system healthy and in good condition wouldn't be possible
without its core toolchain. No wonder the excitement over Portage releases
generally reaches higher amplitudes than other Gentoo developments. As of
last week, Portage 2.0.51 has been marked stable and fit for general
consumption. Portage is now more feature-rich than ever, has sped up
considerably, and is generally on track for future improvements to
Gentoo's sophisticated package management. A full list of all the new
features is published in the official announcement[1], here is an overview
of a few of the highlights:
1. http://www.gentoo.org/news/20041021-portage51.xml
* Rebuilding on USE flag changes: Using emerge --newuse, Portage is now
able to perform automatic rebuilds of formerly emerged packages whenever
USE flag settings have changed (see also today's Tips and Tricks section
below)
* Experimental support for GPG verification: Not completely implemented
yet, but a new FEATURES variable gpg in /etc/make.conf that can be set to
different levels of strictness will allow checks of the GPG signatures in
newer Manifest files.
* FHS compliance - The world file has been moved, and virtuals are now
being dynamically checked, making Portage FHS-compliant - which means for
example that it's now safe to remove data from /var/cache.
* Compilation success checking: New ebuilds will be able to include a
test phase in the compilation process where success or failure of a
package build can be verified before emerge has finished.
* Dependency calculation speedup: Now at only one third of the time that
the previous Portage release had to spend on dependency checking.
* Parallel emerging: Portage has improved its use of lockfiles, to
correctly perform downloads while emerging applications now, for example.
Winner of the website redesign contest announced
------------------------------------------------
Aaron Shi and his design are the winners of the public contest that was
held to determine the future look of the soon-to-be-refurbished Gentoo
Foundation website. Aaron was elected over four other finalists by almost
half of the more than 3000 votes that were being cast within the two weeks
that the poll at the Gentoo Forums was open.
Figure 1.1: Only 3 percent wanted to keep the current design...
http://www.gentoo.org/images/gwn/20041025-vote.png
Congratulations to Aaron, and many thanks to all the other participants in
the public contest. The new look is expected to replace the current layout
as soon as the Gentoo developer team - now busily working together with
the designer - will finish applying some last touches to the graphics and
the internal data structure of the new design. The content presentation
remains unaffected by the new design, as the Gentoo website continues to
be entirely XML-based, with XHTML pages being generated on the fly by
using XSL transformation style sheets.
Figure 1.2: Aaron Shi's design for the new Gentoo Foundation website
http://www.gentoo.org/images/gwn/20041025-shi.png
Urgent call for help: Haskell developers
----------------------------------------
The developer team looking after the lambda-calculus based functional
programming language Haskell[2] in Gentoo is urgently seeking additional
help. Haskell programmers who would like to support the effort of
maintaining Haskell in Gentoo please contact Gentoo's recruiters team[3].
2. http://www.haskell.org
3. recruiters@gentoo.org
New chapter in the Gentoo handbook: Working with Portage
--------------------------------------------------------
Several good news came from the documentation team this week, including
improvements to the KDE configuration[4], the Gentoo installation tips and
tricks[5], and Usermode Linux guides[6]. Stuart Herbert[7] has contributed
a document on "Running NX On Gentoo Linux"[8], a guide on using
NoMachine's[9] commercial NX server and its free clients in Gentoo for
remote X11 access optimized for low-bandwidth connections. Probably the
most significant change was made to the Gentoo handbook, which has been
expanded to reflect the changes in Portage 2.0.51. It now accomodates a
whole new chapter called "A Portage Introduction"[10] which contains all
the basic emerge-related commands that every Gentoo user ought to know,
and a section on "Working with Portage"[11] explaining the finer details.
4. http://www.gentoo.org/doc/en/kde-config.xml
5. http://www.gentoo.org/doc/en/gentoo-x86-tipsntricks.xml
6. http://www.gentoo.org/doc/en/uml.xml
7. stuart@gentoo.org
8. http://www.gentoo.org/doc/en/nx-guide.xml
9. http://www.nomachine.com
10. http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2
11. http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3
==================
2. Gentoo security
==================
phpMyAdmin: Vulnerability in MIME-based transformation system
-------------------------------------------------------------
A vulnerability has been found in the MIME-based transformation system of
phpMyAdmin, which may allow remote execution of arbitrary commands if
PHP's "safe mode" is disabled.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200410-14.xml
Squid: Remote DoS vulnerability
-------------------------------
Squid contains a vulnerability in the SNMP module which may lead to a
denial of service.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml
PostgreSQL: Insecure temporary file use in make_oidjoins_check
--------------------------------------------------------------
The make_oidjoins_check script, part of the PostgreSQL package, is
vulnerable to symlink attacks, potentially allowing a local user to
overwrite arbitrary files with the rights of the user running the utility.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200410-16.xml
OpenOffice.org: Temporary files disclosure
------------------------------------------
OpenOffice.org uses insecure temporary files which could allow a malicious
local user to gain knowledge of sensitive information from other users'
documents.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200410-17.xml
Ghostscript: Insecure temporary file use in multiple scripts
------------------------------------------------------------
Multiple scripts in the Ghostscript package are vulnerable to symlink
attacks, potentially allowing a local user to overwrite arbitrary files
with the rights of the user running the script.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200410-18.xml
glibc: Insecure tempfile handling in catchsegv script
-----------------------------------------------------
The catchsegv script in the glibc package is vulnerable to symlink
attacks, potentially allowing a local user to overwrite arbitrary files
with the rights of the user running the script.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200410-19.xml
Xpdf, CUPS: Multiple integer overflows
--------------------------------------
Multiple integer overflows were discovered in Xpdf, potentially resulting
in execution of arbitrary code upon viewing a malicious PDF file. CUPS
includes Xpdf code and therefore is vulnerable to the same issues.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
-----------------------------------------------------
In certain configurations, it can be possible to bypass restrictions set
by the "SSLCipherSuite" directive of mod_ssl.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200410-21.xml
=========================
3. Heard in the community
=========================
gentoo-user
-----------
/etc/group x
Following an emerge -uD world etc-update was intent on removing the "x" in
the password field from entries in the /etc/group file. Can this be safely
ignored, in order not to lose group memberships?
* /etc/group changes[20]
20. http://thread.gmane.org/gmane.linux.gentoo.user/104111
Mysql 4.1 ebuild
If you're looking for the next releases of MySQL to test the latest
features, version 4.1 or 5.0 ebuilds appear to be missing from Portage.
* Mysql 4.1 ebuild[21]
21. http://thread.gmane.org/gmane.linux.gentoo.user/103933
List Package Files
How do you list all files installed by a particular ebuild? Distributions
based on the rpm package manager offer the functionality to query any
package for its contents, so how does one find the same information in
Portage?
* List Files in Packages (rpm -ql feature?)[22]
22. http://thread.gmane.org/gmane.linux.gentoo.user/103570
gentoo-dev
----------
Gentoo (x86|ppc|arm)-uClibc experimental stages
Ned Ludd[23] has released some uClibc stages which are especially suited
for embedded systems.
23. solar@gentoo.org
* Gentoo (x86|ppc|arm)-uClibc experimental stages[24]
24. http://article.gmane.org/gmane.linux.gentoo.devel/22342
GLEP 28 to remove inactive GLEPs
To get more speed into the GLEP process, GLEPs that have been inactive for
more than 60 days will be removed from 1 November 2004
* GLEPs soon to expire[25]
25. http://thread.gmane.org/gmane.linux.gentoo.devel/22308
"Broken-up" KDE ebuilds
Dan Armak[26] has released individual KDE ebuilds that allow single KDE
applications to be built without pulling in other, perhaps unneeded KDE
applications. This is one of the most frequently requested functions and
is now available at least experimentally.
26. danarmak@gentoo.org
* broken up KDE ebuilds[27]
27. http://thread.gmane.org/gmane.linux.gentoo.devel/22259
Open-source and Business
Cory Visi[28] asks Gentoo users to give examples of a) IT consulting firms
in the North Eastern US that support and implement open-source/Linux
solutions, and b) Fortune 100 or 500 companies in the financial services
industry that use open-source/Linux solutions successfully.
28. merlin@gentoo.org
* OpenSource and Business[29]
29. http://thread.gmane.org/gmane.linux.gentoo.devel/22239
=======================
4. Gentoo International
=======================
Germany: Linux World Expo opening next Tuesday
----------------------------------------------
Held in Frankfurt/Main from 26 to 28 October 2004, the German issue of the
Linux World Expo[30] series of exhibitions and conferences is opening with
a Gentoo stand in the open-source projects section. Similar to the
Linuxtag in Karlsruhe earlier this year, the focus of the Gentoo presence
is going to be a display the variety of architectures supported by Gentoo
Linux. Apart from an SGI O2 and several x86 and PPC notebooks already
running Gentoo Linux, the hardware lineup includes three Sun UltraSparc
workstations (U1 140MHz 448MB RAM 2GB HDD, U2 160MHz 1GB RAM 18GB disk,
U10 440MHz 256MB of RAM 60GB disk), and a Siemens Primergy 670-40
quad-server (4x400MHz Pentium III, 1GB RAM, two RAID controllers with 32MB
Adaptec failover cache and lots of harddisks). The latter, a 60kg monster,
and the Sparc workstations will undergo live Gentoo installations at the
LWE, while other highlights at the booth (manned by Christian Hartmann,
Michael Imhof, Wernfried Haas, Sven Wegener and Markus Nigbur) will
include brandnew LiveCDs in a special LWE edition, T-shirts, the famous
Foser stickers and other goodies. The LiveCD has German localization
across the board, includes KDE and documentation in German, and is based
on a 2.6 kernel. If you can't make it to the Expo, the ISO is available
via Gentoo's bittorrent[31].
30. http://www.linuxworldexpo.de/
31. http://tracker.netdomination.org
Figure 4.1: Gentoo hardware lineup at the Linux World Expo in Frankfurt,
26-28 October 2004
http://www.gentoo.org/images/gwn/20041018-lwe.jpg
UK: Gentoo User Meeting in Cambridge
------------------------------------
One February morning in 1953, two researchers from a university
laboratory, Francis Crick and James Watson, walked into their favourite
Cambridge pub, the Eagle on Bene't Street, and declared that they had
found the secret of life - or more precisely, the double helix structure
of DNA. Since then, regulars at the Eagle have started concentrating on
their beers again, but now Stephen Bennett, Gentoo (and BSD) developer
based in Cambridge, and a few fellow Gentooists are proposing a Gentoo
meeting for users and developers at the famous pub, on Thursday 4 November
2004 from around 19:30. The idea for this initial gathering is to meet up,
see who's around and whether it's worth arranging something more
seriously, so if you'd be interested, then come along and register your
support. Check this Forum thread[32] for details.
32. http://forums.gentoo.org/viewtopic.php?t=240032
======================
5. Gentoo in the press
======================
DigiTimes (14 October 2004)
---------------------------
In an article about Abit dual AMD 64-bit Opteron SU-2S showing prowess as
UT2K4 game server[33], James McClure writes about the Taiwanese
motherboard manufacturer[34]: "Abit believes that thoroughly testing its
motherboards under Linux puts the boards through the most rigorous testing
procedures available." Consequently, Gentoo Linux is mentioned in the
article as one of the distributions being tested on Abit's hardware. Abit
even maintained a Linux distribution of their own until a few years ago -
called "Gentus," interestingly enough.
33. http://www.digitimes.com/news/a20041014PR204.html
34. http://www.abit.com
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[35]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 17 October 2004 and 23 October 2004, activity on
the site has resulted in:
35. http://bugs.gentoo.org
* 764 new bugs during this period
* 569 bugs closed or resolved during this period
* 26 previously closed bugs were reopened this period
Of the 7185 currently open bugs: 115 are labeled 'blocker', 235 are
labeled 'critical', and 522 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Portage team[36], with 143 closed bugs[37]
* AMD64 Porting Team[38], with 29 closed bugs[39]
* Gentoo Linux Gnome Desktop Team[40], with 25 closed bugs[41]
* Gentoo's Team for Core System packages[42], with 21 closed bugs[43]
* Dylan Carlson[44], with 19 closed bugs[45]
* Gentoo KDE team[46], with 14 closed bugs[47]
* Pieter Van den Abeele[48], with 12 closed bugs[49]
* Gentoo Games[50], with 11 closed bugs[51]
36. dev-portage@gentoo.org
37.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=dev-portage@gentoo.org
38. amd64@gentoo.org
39.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=amd64@gentoo.org
40. gnome@gentoo.org
41.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=gnome@gentoo.org
42. base-system@gentoo.org
43.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=base-system@gentoo.org
44. absinthe@gentoo.org
45.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=absinthe@gentoo.org
46. kde@gentoo.org
47.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=kde@gentoo.org
48. pvdabeel@gentoo.org
49.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=pvdabeel@gentoo.org
50. games@gentoo.org
51.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-17&chfieldto=2004-10-23&resolution=FIXED&assigned_to=games@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo Linux Gnome Desktop Team[52], with 23 new bugs[53]
* Gentoo X-windows packagers[54], with 12 new bugs[55]
* media-video herd[56], with 12 new bugs[57]
* Gentoo KDE team[58], with 11 new bugs[59]
* AMD64 Porting Team[60], with 11 new bugs[61]
* Gentoo Toolchain Maintainers[62], with 10 new bugs[63]
* osx porters[64], with 10 new bugs[65]
* Karl Trygve Kalleberg[66], with 10 new bugs[67]
52. gnome@gentoo.org
53.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=gnome@gentoo.org
54. x11@gentoo.org
55.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=x11@gentoo.org
56. media-video@gentoo.org
57.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=media-video@gentoo.org
58. kde@gentoo.org
59.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=kde@gentoo.org
60. amd64@gentoo.org
61.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=amd64@gentoo.org
62. toolchain@gentoo.org
63.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=toolchain@gentoo.org
64. osx@gentoo.org
65.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=osx@gentoo.org
66. karltk@gentoo.org
67.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-17&chfieldto=2004-10-23&assigned_to=karltk@gentoo.org
==================
7. Tips and Tricks
==================
Portage's new '--newuse' option
-------------------------------
This week we want to explain a new Portage option which allows you to
track changes to USE flag settings you may have altered after installing
an application. We're talking about --newuse, one of a number of very
useful new features in Portage 2.0.51. Before we start, make sure that
you've installed the latest Portage revision on your box.
Imagine that up until today, you never had printer. Now you bought one,
and off course you want to use your Gentoo system to test your new
printer. First of all, you'd want printing support for some of the
applications you've installed. In order to get that you would alter your
USE flags and add cups and maybe some more flags to your USE variable in
/etc/make.conf.
So what's next, then? You'll need to find an easy way to create a listing
with all packages affected by this USE flag change:
Type emerge --newuse to list all pacakges affected by a USE flag change:
---------------------------------------------------------------------------
| Code Listing 7.1: |
|List all pacakges affected by a USE flag |
change---------------------------------------------------------------------
----
| |
| |
|# |
|emerge --newuse world -Dpv |
| |
| |
|These are the packages that I would merge, in order: |
| |
|Calculating world dependencies ...done! |
|[ebuild N ] net-print/cups-1.1.21-r2 -debug +pam -samba -slp +ssl |
8,348 kB
|[ebuild R ] gnome-base/nautilus-2.8.0 +cups* -debug -flac -gstreamer |
-mad +oggvorbis 5,637 kB
| |
---------------------------------------------------------------------------
No surprise that the CUPS package itself wants to get installed now, but
you will also notice the appended asterisk to the +cups USE flag on the
Nautilus package: This simply points out that the USE flag has changed,
and you can now merge CUPS and all the packages which could benefit from
an active cups USE flag. Don't forget to configure your new printer.
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* Joseph Jezak (josejx) - Gentoo/PPC, Gentoo/OSX
* Preston Cody (codeman) - Gentoo Installer
* Stephen Bennett (spb) - Gentoo/BSD, bugfixes
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[68].
68. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[69] and help make the GWN better.
69. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[70]
* Dutch[71]
* English[72]
* German[73]
* French[74]
* Japanese[75]
* Italian[76]
* Polish[77]
* Portuguese (Brazil)[78]
* Portuguese (Portugal)[79]
* Russian[80]
* Spanish[81]
* Turkish[82]
70. http://www.gentoo.org/news/da/gwn/gwn.xml
71. http://www.gentoo.org/news/be/gwn/gwn.xml
72. http://www.gentoo.org/news/en/gwn/gwn.xml
73. http://www.gentoo.org/news/de/gwn/gwn.xml
74. http://www.gentoo.org/news/fr/gwn/gwn.xml
75. http://www.gentoo.org/news/ja/gwn/gwn.xml
76. http://www.gentoo.org/news/it/gwn/gwn.xml
77. http://www.gentoo.org/news/pl/gwn/gwn.xml
78. http://www.gentoo.org/news/br/gwn/gwn.xml
79. http://www.gentoo.org/news/pt/gwn/gwn.xml
80. http://www.gentoo.org/news/ru/gwn/gwn.xml
81. http://www.gentoo.org/news/es/gwn/gwn.xml
82. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Tobias Scherbaum <dertobi123@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author