---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 15 November 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo 2004.3 x86 release on DVD
--------------------------------
The Gentoo Store[1] now delivers the entire 2004.3 release for the x86
architecture, including all binary packages for the supported
subarchitectures (x86, i686, Pentium 3, Pentium 4 and Athlon XP) on a
single bootable DVD.
1. store.gentoo.org
It also provides a set of two DVDs that contains a complete archive of the
2004.3 release distfiles, including all necessary source code except for
the games category that was omitted for space reasons. The store profits
go partly to the Gentoo Foundation, helping in establishing the
not-for-profit entity, the server infrastructure and other Gentoo
development-related support.
Gentoo documentation updates and extensions
-------------------------------------------
A flurry of activity coming from kernel developer Daniel Drake[2] has
enriched the Gentoo documentation last week. Aside from updates to
numerous kernel guides and primers, he also authored a mantelpiece for the
Gentoo documentation collection, a brandnew "Complete Gentoo Linux 2.6
Migration Guide"[3] that answers all the questions that Gentoo users
moving on from the 2.4 kernel series may have.
2. dsd@gentoo.org
3. http://www.gentoo.org/doc/en/migration-to-2.6.xml
On the workflow side of things the documentation team has been preoccupied
with a few shortcomings of AxKit for a while, i.e. the XML preprocessor
responsible for converting the internal XML structure of all web-hosted
content at www.gentoo.org to HTML. AxKit is running only with Apache v1,
for example, and looks somewhat unmaintained with its lack of significant
updates for some time. Xavier Neys[4] and Sven Vermeulen[5] have therefore
started replacing AxKit with gorg[6], its promising successor capable of
delivering the missing features. As always, the update page[7] of the
documentation project has all these and other important changes, including
some gruesome work done on existing files to make the translators' job a
little easier.
4. neysx@gentoo.org
5. swift@gentoo.org
6. http://dev.gentoo.org/~neysx/gorg/gorg.html
7. http://www.gentoo.org/proj/en/gdp/status/status_20041121.xml
==============
2. Future zone
==============
Portage CVS
-----------
Sometimes it's nice to show to the users that there's a fair amount of
work going into Portage, despite the gaps between stable releases. Portage
2.0.51 hasn't been out more than a month, but its CVS version now has - in
a mostly stable fashion - the following features:
* confcache
* prelink (auto-prelink binaries as they are merged)
* verify-rdepend (verify a package links only to stated rdepends)
* userpriv_fakeroot (run install phase under fakeroot, removing the need
for root privs from all building phases but setup)
Aside from feature additions, and code cleanup that's already started,
--regen (checking and updating the dependency path) is now 33% faster, and
metadata updates (post rsync'ing) are quicker by almost half in baseline
tests.
Then there's the work on the environment settings. Ebuilds now should be
able to be completely uninstalled without anything of the tree existing.
Nothing but the relevant profile is needed for this, which basically means
that Portage developers can start modifying eclasses again without having
to worry about backwards compatability going back years.
Also - nifty little trick - the old "I updated ssl, libssl.so got shifted,
and now wget won't work and I can't fetch any sources" issue is addressed
via a bundled Python-based fetch implementation - if the exit code from
the fetch call is indicative of missing libraries or binaries, it tries
the bundled lib instead. In tests Brian Herring has done in a system
gutted of openssl, the bundled lib has soldiered on, promising that users
could get out of that jam.
Some work is going into sync refactoring, too: The CVS format was made
more flexible, and snapshot support was added in, meaning the need for
emerge-webrsync is vanishing.
The CVS development is a bit embryonic at the moment, with a lot of work
left, but these and more changes will not take long before they come your
way - the diff between portage-2.0.51 and the version in CVS is already
larger than 400KB.
==================
3. Gentoo security
==================
Ruby: Denial of Service issue
-----------------------------
The CGI module in Ruby can be sent into an infinite loop, resulting in a
Denial of Service condition.
For more information, please see the GLSA Announcement[8]
8. http://www.gentoo.org/security/en/glsa/glsa-200411-23.xml
BNC: Buffer overflow vulnerability
----------------------------------
BNC contains a buffer overflow vulnerability that may lead to Denial of
Service and execution of arbitrary code.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200411-24.xml
SquirrelMail: Encoded text XSS vulnerability
--------------------------------------------
Squirrelmail fails to properly sanitize user input, which could lead to a
compromise of webmail accounts.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml
GIMPS, SETI@home, ChessBrain: Insecure installation
---------------------------------------------------
Improper file ownership allows user-owned files to be run with root
privileges by init scripts.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml
Fcron: Multiple vulnerabilities
-------------------------------
Multiple vulnerabilities in Fcron can allow a local user to potentially
cause a Denial of Service.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200411-27.xml
=========================
4. Heard in the community
=========================
Web forums
----------
CD burning and Gentoo kernel 2.6.9
Gentoo developer Daniel Drake[13] is soliciting testers for a replacement
bugfix he's done on Gentoo's development kernel (and managed to get
included in the official tree for 2.6.10). As CD and DVD burning has been
under fire since 2.6.7 because of security concerns with simulated SCSI
commands being sent to the devices, fixes that weren't making things any
better had to be replaced with a saner approach. Check this thread and
tell him what you think:
13. dsd@gentoo.org
* Request for testing: CD/DVD writing on 2.6.9[14]
14. http://forums.gentoo.org/viewtopic.php?t=247459
gentoo-dev
----------
RAM-voracious ebuilds?
What can be done if during installation an ebuild needs lots of RAM
(gtk2hs) or large amounts of disk space (OpenOffice.org)? Since the build
process might fail on some systems, it would be useful to have portage
check these resources before starting the build. Is there a sane and
cross-platform way of doing this? /proc/ does not exist on all platforms,
after all.
* what to do when an ebuild needs loads of RAM?[15]
15. http://thread.gmane.org/gmane.linux.gentoo.devel/23017
Handling important upgrade messages
Many ebuilds give important hints about changes in behaviour,
configuration files etc. These messages are spewed to the screen during
the installation, and therefore usually scroll away during multi-package
upgrades. This prevents users from seeing many important messages in an
easy way (and no, sitting eight hours watching the messages scroll by
doesn't count). This thread explores the possibilities of collecting these
messages so that they can be presented all at once.
* Handling important upgrade messages[16]
16. http://thread.gmane.org/gmane.linux.gentoo.devel/22905
=======================
5. Gentoo International
=======================
UK: Oxford Gentoo User Meeting
------------------------------
Hardly surprising, coming to think of it: Since Gentoo users in "that
other city"[17] met two weeks ago, Oxford-based Gentooists have been
thinking out loud that they can't possibly let this pass. They'll be
meeting for the first time on Sunday afternoon, 28 November 2004 from
15:00, at the "Far From The Madding Crowd"[18]in 10-12 Friar's Entry. Half
a dozen Oxfordian Gentooists have already confirmed, with shadow Portage
bash-scripter Edward Catmur[19] expected at the venue, and Gentoo
developer robmoss[20] hiking to Oxford on a full 500 mile roundtrip just
for this event. Announce your participation in this Forum thread[21].
17. http://forums.gentoo.org/viewtopic.php?t=240032
18. http://www.streetmap.co.uk/newmap.srf?x=451182&y=206472&z=0&ar=Y
19. http://forums.gentoo.org/profile.php?mode=viewprofile&u=32906
20. robmoss@gentoo.org
21. http://forums.gentoo.org/viewtopic.php?t=250125
======================
6. Gentoo in the press
======================
2004.3 Release announcements roundup
------------------------------------
Last week's release of Gentoo Linux 2004.3 triggered a large number of
publications about Gentoo. Here's a list of some of the shinier
highlights, many of them with comment areas below the article:
* Austrian newspaper "Der Standard[22]
* German IT news Golem.de[23]
* German Windows (sic!) Online Magazine [24]
* OSzine (German language open source magazine)[25]
* The Japanese "PC Web" finds the G5 (ppc64) support in 2004.3 most
remarkable[26]
* French PC INpact (rightfully) points out the Gentoo 2004.3 comes out
just four days before the Beaujolais Primeur.[27]
* French PC magazine[28]
* Another French electronic newspaper.[29]
* Download sources for kazaa/eDonkey and other file sharing services [30]
* OS News' Eugenia Loli-Queru forwards the Gentoo 2004.3
announcement.[31]
* Linux Electrons - "Linux with a hardware slant"[32]
22. http://derstandard.at/?url=/?id=1858405
23. http://www.golem.de/0411/34691.html
24.
http://www.winfuture.de/index.php?page=wfv4/news/news-showspec.php&news_id=17583
25.
http://www.oszine.de/modules.php?op=modload&name=News&file=article&sid=2320&mode=thread&order=0&thold=0
26. http://pcweb.mycom.co.jp/news/2004/11/15/008.html
27. http://www.pcinpact.com/actu/newsg/17626.htm
28.
http://www.presence-pc.com/news/Linux-Gentoo-2004-3-disponible-n5618.html
29. http://www.toolinux.com/news/logiciels/gentoo_linux_2004.3_ar5518.html
30. http://www.ratiatum.com/logitheque.php?id_log=216
31. http://www.osnews.com/story.php?news_id=8867
32. http://www.linuxelectrons.com/article.php/20041115072740347
Business Wire (20 November 2004
-------------------------------
Business Wire[33] announces that the speaker list for next year's big
"Security Enhanced Linux" (SELinux) symposium is now confirmed, and it
mentions Gentoo as one of the organisations to be present and presenting
at the SELinux Symposium[34], scheduled for 2-4 March 2005 in Silver
Spring, Maryland. What the article doesn't say: The Gentooist involved in
this conference is Gentoo developer Joshua Brindle[35].
33.
http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20041118005546&newsLang=en
34. http://www.selinux-symposium.org/
35.
===========
7. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[36]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 07 November 2004 and 14 November 2004, activity
on the site has resulted in:
36. http://bugs.gentoo.org
* 795 new bugs during this period
* 548 bugs closed or resolved during this period
* 29 previously closed bugs were reopened this period
Of the 7397 currently open bugs: 129 are labeled 'blocker', 240 are
labeled 'critical', and 556 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* AMD64 Porting Team[37], with 40 closed bugs[38]
* Gentoo Games[39], with 28 closed bugs[40]
* Gentoo's Team for Core System packages[41], with 27 closed bugs[42]
* Mozilla Gentoo Team[43], with 26 closed bugs[44]
* media-video herd[45], with 25 closed bugs[46]
* Paul de Vrieze[47], with 21 closed bugs[48]
* SpanKY[49], with 20 closed bugs[50]
* Gentoo Security[51], with 17 closed bugs[52]
37. amd64@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=amd64@gentoo.org
39. games@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=games@gentoo.org
41. base-system@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=base-system@gentoo.org
43. mozilla@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=mozilla@gentoo.org
45. media-video@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=media-video@gentoo.org
47. pauldv@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=pauldv@gentoo.org
49. vapier@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=vapier@gentoo.org
51. security@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=security@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo's Team for Core System packages[53], with 23 new bugs[54]
* Gentoo X-windows packagers[55], with 19 new bugs[56]
* Java team[57], with 15 new bugs[58]
* Mozilla Gentoo Team[59], with 14 new bugs[60]
* AMD64 Porting Team[61], with 14 new bugs[62]
* Gentoo Linux Gnome Desktop Team[63], with 13 new bugs[64]
* Chris White[65], with 10 new bugs[66]
* Gentoo Toolchain Maintainers[67], with 9 new bugs[68]
53. base-system@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=base-system@gentoo.org
55. x11@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=x11@gentoo.org
57. java@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=java@gentoo.org
59. mozilla@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=mozilla@gentoo.org
61. amd64@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=amd64@gentoo.org
63. gnome@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=gnome@gentoo.org
65. chriswhite@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=chriswhite@gentoo.org
67. toolchain@gentoo.org
68.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=toolchain@gentoo.org
==================
8. Tips and Tricks
==================
Portage magic
-------------
/var/log/emerge.log is well-known as the central reporitory of information
about all emerge activity going on in system. Lesser known are some tricks
you can do with the content of that log file. For example, when you start
an upgrade, you generally don't know how much time it will take to finish
compiling. You probably don't remember how long your last mplayer
installation took, but Portage does, and if you'd decipher the Unix time
stamps in /var/log/emerge.log, you'd get a pretty good idea, too. Or you
could let app-portage/genlop do it for you. Emerge (the unstable, ~arch
version of) genlop with:
---------------------------------------------------------------------------
| Code Listing 8.1: |
|Emerge |
genlop---------------------------------------------------------------------
----
| |
|#emerge -av genlop |
| |
---------------------------------------------------------------------------
Now run a pretended world upgrade and pipe it to genlop for an estimation
of your upgrade schedule:
---------------------------------------------------------------------------
| Code Listing 8.2: |
|Estimate upgrade |
time-----------------------------------------------------------------------
--
| |
|#emerge -pu world | genlop --pretend |
|These are the pretended packages: (this may take a while; wait...) |
| |
| * media-libs/tiff |
| * x11-base/xorg-x11 |
| * app-sci/stellarium |
| * app-arch/gzip |
| * dev-libs/libIDL |
| * net-www/mozilla-firefox |
| * sys-boot/lilo |
| * app-doc/abs-guide |
| * app-arch/unarj |
| * app-emulation/wine |
| * app-admin/sudo |
| |
|Estimated update time: 4 hours, 38 minutes. |
| |
---------------------------------------------------------------------------
A look at the mechanism explains how Portage can double as an oracle. It
uses the statistics stored in the emerge.log file, take an average of
compilation times for given packages, and summarize the results. There are
some uncertainties, of course, for example if you use the CCACHE feature,
then compile times for a minor version bump may be much faster than the
original package took compiling the first time. On the other hand, if an
application has been extended with new features, the old average compile
time can be shorter than the version you're about to emerge.
Another brilliant feature of genlop is its --current option, the perfect
companion to the estimated compile-time from --pretend:
---------------------------------------------------------------------------
| Code Listing 8.3: |
|How much time spent since the beginning of an |
emerge---------------------------------------------------------------------
----
| |
|# genlop --current |
| |
| * app-portage/splat-0.07 |
| |
| current merge time: 12 seconds. |
| |
---------------------------------------------------------------------------
Now you can say how long time you have to wait.
===========================
9. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
=====================
10. Contribute to GWN
=====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[69].
69. gwn-feedback@gentoo.org
================
11. GWN feedback
================
Please send us your feedback[70] and help make the GWN better.
70. gwn-feedback@gentoo.org
================================
12. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
13. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[71]
* Dutch[72]
* English[73]
* German[74]
* French[75]
* Japanese[76]
* Italian[77]
* Polish[78]
* Portuguese (Brazil)[79]
* Portuguese (Portugal)[80]
* Russian[81]
* Spanish[82]
* Turkish[83]
71. http://www.gentoo.org/news/da/gwn/gwn.xml
72. http://www.gentoo.org/news/be/gwn/gwn.xml
73. http://www.gentoo.org/news/en/gwn/gwn.xml
74. http://www.gentoo.org/news/de/gwn/gwn.xml
75. http://www.gentoo.org/news/fr/gwn/gwn.xml
76. http://www.gentoo.org/news/ja/gwn/gwn.xml
77. http://www.gentoo.org/news/it/gwn/gwn.xml
78. http://www.gentoo.org/news/pl/gwn/gwn.xml
79. http://www.gentoo.org/news/br/gwn/gwn.xml
80. http://www.gentoo.org/news/pt/gwn/gwn.xml
81. http://www.gentoo.org/news/ru/gwn/gwn.xml
82. http://www.gentoo.org/news/es/gwn/gwn.xml
83. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Herring <ferringb@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
<> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 15 November 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo 2004.3 x86 release on DVD
--------------------------------
The Gentoo Store[1] now delivers the entire 2004.3 release for the x86
architecture, including all binary packages for the supported
subarchitectures (x86, i686, Pentium 3, Pentium 4 and Athlon XP) on a
single bootable DVD.
1. store.gentoo.org
It also provides a set of two DVDs that contains a complete archive of the
2004.3 release distfiles, including all necessary source code except for
the games category that was omitted for space reasons. The store profits
go partly to the Gentoo Foundation, helping in establishing the
not-for-profit entity, the server infrastructure and other Gentoo
development-related support.
Gentoo documentation updates and extensions
-------------------------------------------
A flurry of activity coming from kernel developer Daniel Drake[2] has
enriched the Gentoo documentation last week. Aside from updates to
numerous kernel guides and primers, he also authored a mantelpiece for the
Gentoo documentation collection, a brandnew "Complete Gentoo Linux 2.6
Migration Guide"[3] that answers all the questions that Gentoo users
moving on from the 2.4 kernel series may have.
2. dsd@gentoo.org
3. http://www.gentoo.org/doc/en/migration-to-2.6.xml
On the workflow side of things the documentation team has been preoccupied
with a few shortcomings of AxKit for a while, i.e. the XML preprocessor
responsible for converting the internal XML structure of all web-hosted
content at www.gentoo.org to HTML. AxKit is running only with Apache v1,
for example, and looks somewhat unmaintained with its lack of significant
updates for some time. Xavier Neys[4] and Sven Vermeulen[5] have therefore
started replacing AxKit with gorg[6], its promising successor capable of
delivering the missing features. As always, the update page[7] of the
documentation project has all these and other important changes, including
some gruesome work done on existing files to make the translators' job a
little easier.
4. neysx@gentoo.org
5. swift@gentoo.org
6. http://dev.gentoo.org/~neysx/gorg/gorg.html
7. http://www.gentoo.org/proj/en/gdp/status/status_20041121.xml
==============
2. Future zone
==============
Portage CVS
-----------
Sometimes it's nice to show to the users that there's a fair amount of
work going into Portage, despite the gaps between stable releases. Portage
2.0.51 hasn't been out more than a month, but its CVS version now has - in
a mostly stable fashion - the following features:
* confcache
* prelink (auto-prelink binaries as they are merged)
* verify-rdepend (verify a package links only to stated rdepends)
* userpriv_fakeroot (run install phase under fakeroot, removing the need
for root privs from all building phases but setup)
Aside from feature additions, and code cleanup that's already started,
--regen (checking and updating the dependency path) is now 33% faster, and
metadata updates (post rsync'ing) are quicker by almost half in baseline
tests.
Then there's the work on the environment settings. Ebuilds now should be
able to be completely uninstalled without anything of the tree existing.
Nothing but the relevant profile is needed for this, which basically means
that Portage developers can start modifying eclasses again without having
to worry about backwards compatability going back years.
Also - nifty little trick - the old "I updated ssl, libssl.so got shifted,
and now wget won't work and I can't fetch any sources" issue is addressed
via a bundled Python-based fetch implementation - if the exit code from
the fetch call is indicative of missing libraries or binaries, it tries
the bundled lib instead. In tests Brian Herring has done in a system
gutted of openssl, the bundled lib has soldiered on, promising that users
could get out of that jam.
Some work is going into sync refactoring, too: The CVS format was made
more flexible, and snapshot support was added in, meaning the need for
emerge-webrsync is vanishing.
The CVS development is a bit embryonic at the moment, with a lot of work
left, but these and more changes will not take long before they come your
way - the diff between portage-2.0.51 and the version in CVS is already
larger than 400KB.
==================
3. Gentoo security
==================
Ruby: Denial of Service issue
-----------------------------
The CGI module in Ruby can be sent into an infinite loop, resulting in a
Denial of Service condition.
For more information, please see the GLSA Announcement[8]
8. http://www.gentoo.org/security/en/glsa/glsa-200411-23.xml
BNC: Buffer overflow vulnerability
----------------------------------
BNC contains a buffer overflow vulnerability that may lead to Denial of
Service and execution of arbitrary code.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200411-24.xml
SquirrelMail: Encoded text XSS vulnerability
--------------------------------------------
Squirrelmail fails to properly sanitize user input, which could lead to a
compromise of webmail accounts.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml
GIMPS, SETI@home, ChessBrain: Insecure installation
---------------------------------------------------
Improper file ownership allows user-owned files to be run with root
privileges by init scripts.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml
Fcron: Multiple vulnerabilities
-------------------------------
Multiple vulnerabilities in Fcron can allow a local user to potentially
cause a Denial of Service.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200411-27.xml
=========================
4. Heard in the community
=========================
Web forums
----------
CD burning and Gentoo kernel 2.6.9
Gentoo developer Daniel Drake[13] is soliciting testers for a replacement
bugfix he's done on Gentoo's development kernel (and managed to get
included in the official tree for 2.6.10). As CD and DVD burning has been
under fire since 2.6.7 because of security concerns with simulated SCSI
commands being sent to the devices, fixes that weren't making things any
better had to be replaced with a saner approach. Check this thread and
tell him what you think:
13. dsd@gentoo.org
* Request for testing: CD/DVD writing on 2.6.9[14]
14. http://forums.gentoo.org/viewtopic.php?t=247459
gentoo-dev
----------
RAM-voracious ebuilds?
What can be done if during installation an ebuild needs lots of RAM
(gtk2hs) or large amounts of disk space (OpenOffice.org)? Since the build
process might fail on some systems, it would be useful to have portage
check these resources before starting the build. Is there a sane and
cross-platform way of doing this? /proc/ does not exist on all platforms,
after all.
* what to do when an ebuild needs loads of RAM?[15]
15. http://thread.gmane.org/gmane.linux.gentoo.devel/23017
Handling important upgrade messages
Many ebuilds give important hints about changes in behaviour,
configuration files etc. These messages are spewed to the screen during
the installation, and therefore usually scroll away during multi-package
upgrades. This prevents users from seeing many important messages in an
easy way (and no, sitting eight hours watching the messages scroll by
doesn't count). This thread explores the possibilities of collecting these
messages so that they can be presented all at once.
* Handling important upgrade messages[16]
16. http://thread.gmane.org/gmane.linux.gentoo.devel/22905
=======================
5. Gentoo International
=======================
UK: Oxford Gentoo User Meeting
------------------------------
Hardly surprising, coming to think of it: Since Gentoo users in "that
other city"[17] met two weeks ago, Oxford-based Gentooists have been
thinking out loud that they can't possibly let this pass. They'll be
meeting for the first time on Sunday afternoon, 28 November 2004 from
15:00, at the "Far From The Madding Crowd"[18]in 10-12 Friar's Entry. Half
a dozen Oxfordian Gentooists have already confirmed, with shadow Portage
bash-scripter Edward Catmur[19] expected at the venue, and Gentoo
developer robmoss[20] hiking to Oxford on a full 500 mile roundtrip just
for this event. Announce your participation in this Forum thread[21].
17. http://forums.gentoo.org/viewtopic.php?t=240032
18. http://www.streetmap.co.uk/newmap.srf?x=451182&y=206472&z=0&ar=Y
19. http://forums.gentoo.org/profile.php?mode=viewprofile&u=32906
20. robmoss@gentoo.org
21. http://forums.gentoo.org/viewtopic.php?t=250125
======================
6. Gentoo in the press
======================
2004.3 Release announcements roundup
------------------------------------
Last week's release of Gentoo Linux 2004.3 triggered a large number of
publications about Gentoo. Here's a list of some of the shinier
highlights, many of them with comment areas below the article:
* Austrian newspaper "Der Standard[22]
* German IT news Golem.de[23]
* German Windows (sic!) Online Magazine [24]
* OSzine (German language open source magazine)[25]
* The Japanese "PC Web" finds the G5 (ppc64) support in 2004.3 most
remarkable[26]
* French PC INpact (rightfully) points out the Gentoo 2004.3 comes out
just four days before the Beaujolais Primeur.[27]
* French PC magazine[28]
* Another French electronic newspaper.[29]
* Download sources for kazaa/eDonkey and other file sharing services [30]
* OS News' Eugenia Loli-Queru forwards the Gentoo 2004.3
announcement.[31]
* Linux Electrons - "Linux with a hardware slant"[32]
22. http://derstandard.at/?url=/?id=1858405
23. http://www.golem.de/0411/34691.html
24.
http://www.winfuture.de/index.php?page=wfv4/news/news-showspec.php&news_id=17583
25.
http://www.oszine.de/modules.php?op=modload&name=News&file=article&sid=2320&mode=thread&order=0&thold=0
26. http://pcweb.mycom.co.jp/news/2004/11/15/008.html
27. http://www.pcinpact.com/actu/newsg/17626.htm
28.
http://www.presence-pc.com/news/Linux-Gentoo-2004-3-disponible-n5618.html
29. http://www.toolinux.com/news/logiciels/gentoo_linux_2004.3_ar5518.html
30. http://www.ratiatum.com/logitheque.php?id_log=216
31. http://www.osnews.com/story.php?news_id=8867
32. http://www.linuxelectrons.com/article.php/20041115072740347
Business Wire (20 November 2004
-------------------------------
Business Wire[33] announces that the speaker list for next year's big
"Security Enhanced Linux" (SELinux) symposium is now confirmed, and it
mentions Gentoo as one of the organisations to be present and presenting
at the SELinux Symposium[34], scheduled for 2-4 March 2005 in Silver
Spring, Maryland. What the article doesn't say: The Gentooist involved in
this conference is Gentoo developer Joshua Brindle[35].
33.
http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20041118005546&newsLang=en
34. http://www.selinux-symposium.org/
35.
===========
7. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[36]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 07 November 2004 and 14 November 2004, activity
on the site has resulted in:
36. http://bugs.gentoo.org
* 795 new bugs during this period
* 548 bugs closed or resolved during this period
* 29 previously closed bugs were reopened this period
Of the 7397 currently open bugs: 129 are labeled 'blocker', 240 are
labeled 'critical', and 556 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* AMD64 Porting Team[37], with 40 closed bugs[38]
* Gentoo Games[39], with 28 closed bugs[40]
* Gentoo's Team for Core System packages[41], with 27 closed bugs[42]
* Mozilla Gentoo Team[43], with 26 closed bugs[44]
* media-video herd[45], with 25 closed bugs[46]
* Paul de Vrieze[47], with 21 closed bugs[48]
* SpanKY[49], with 20 closed bugs[50]
* Gentoo Security[51], with 17 closed bugs[52]
37. amd64@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=amd64@gentoo.org
39. games@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=games@gentoo.org
41. base-system@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=base-system@gentoo.org
43. mozilla@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=mozilla@gentoo.org
45. media-video@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=media-video@gentoo.org
47. pauldv@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=pauldv@gentoo.org
49. vapier@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=vapier@gentoo.org
51. security@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-11-07&chfieldto=2004-11-14&resolution=FIXED&assigned_to=security@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo's Team for Core System packages[53], with 23 new bugs[54]
* Gentoo X-windows packagers[55], with 19 new bugs[56]
* Java team[57], with 15 new bugs[58]
* Mozilla Gentoo Team[59], with 14 new bugs[60]
* AMD64 Porting Team[61], with 14 new bugs[62]
* Gentoo Linux Gnome Desktop Team[63], with 13 new bugs[64]
* Chris White[65], with 10 new bugs[66]
* Gentoo Toolchain Maintainers[67], with 9 new bugs[68]
53. base-system@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=base-system@gentoo.org
55. x11@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=x11@gentoo.org
57. java@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=java@gentoo.org
59. mozilla@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=mozilla@gentoo.org
61. amd64@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=amd64@gentoo.org
63. gnome@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=gnome@gentoo.org
65. chriswhite@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=chriswhite@gentoo.org
67. toolchain@gentoo.org
68.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-11-07&chfieldto=2004-11-14&assigned_to=toolchain@gentoo.org
==================
8. Tips and Tricks
==================
Portage magic
-------------
/var/log/emerge.log is well-known as the central reporitory of information
about all emerge activity going on in system. Lesser known are some tricks
you can do with the content of that log file. For example, when you start
an upgrade, you generally don't know how much time it will take to finish
compiling. You probably don't remember how long your last mplayer
installation took, but Portage does, and if you'd decipher the Unix time
stamps in /var/log/emerge.log, you'd get a pretty good idea, too. Or you
could let app-portage/genlop do it for you. Emerge (the unstable, ~arch
version of) genlop with:
---------------------------------------------------------------------------
| Code Listing 8.1: |
|Emerge |
genlop---------------------------------------------------------------------
----
| |
|#emerge -av genlop |
| |
---------------------------------------------------------------------------
Now run a pretended world upgrade and pipe it to genlop for an estimation
of your upgrade schedule:
---------------------------------------------------------------------------
| Code Listing 8.2: |
|Estimate upgrade |
time-----------------------------------------------------------------------
--
| |
|#emerge -pu world | genlop --pretend |
|These are the pretended packages: (this may take a while; wait...) |
| |
| * media-libs/tiff |
| * x11-base/xorg-x11 |
| * app-sci/stellarium |
| * app-arch/gzip |
| * dev-libs/libIDL |
| * net-www/mozilla-firefox |
| * sys-boot/lilo |
| * app-doc/abs-guide |
| * app-arch/unarj |
| * app-emulation/wine |
| * app-admin/sudo |
| |
|Estimated update time: 4 hours, 38 minutes. |
| |
---------------------------------------------------------------------------
A look at the mechanism explains how Portage can double as an oracle. It
uses the statistics stored in the emerge.log file, take an average of
compilation times for given packages, and summarize the results. There are
some uncertainties, of course, for example if you use the CCACHE feature,
then compile times for a minor version bump may be much faster than the
original package took compiling the first time. On the other hand, if an
application has been extended with new features, the old average compile
time can be shorter than the version you're about to emerge.
Another brilliant feature of genlop is its --current option, the perfect
companion to the estimated compile-time from --pretend:
---------------------------------------------------------------------------
| Code Listing 8.3: |
|How much time spent since the beginning of an |
emerge---------------------------------------------------------------------
----
| |
|# genlop --current |
| |
| * app-portage/splat-0.07 |
| |
| current merge time: 12 seconds. |
| |
---------------------------------------------------------------------------
Now you can say how long time you have to wait.
===========================
9. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
=====================
10. Contribute to GWN
=====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[69].
69. gwn-feedback@gentoo.org
================
11. GWN feedback
================
Please send us your feedback[70] and help make the GWN better.
70. gwn-feedback@gentoo.org
================================
12. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
13. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[71]
* Dutch[72]
* English[73]
* German[74]
* French[75]
* Japanese[76]
* Italian[77]
* Polish[78]
* Portuguese (Brazil)[79]
* Portuguese (Portugal)[80]
* Russian[81]
* Spanish[82]
* Turkish[83]
71. http://www.gentoo.org/news/da/gwn/gwn.xml
72. http://www.gentoo.org/news/be/gwn/gwn.xml
73. http://www.gentoo.org/news/en/gwn/gwn.xml
74. http://www.gentoo.org/news/de/gwn/gwn.xml
75. http://www.gentoo.org/news/fr/gwn/gwn.xml
76. http://www.gentoo.org/news/ja/gwn/gwn.xml
77. http://www.gentoo.org/news/it/gwn/gwn.xml
78. http://www.gentoo.org/news/pl/gwn/gwn.xml
79. http://www.gentoo.org/news/br/gwn/gwn.xml
80. http://www.gentoo.org/news/pt/gwn/gwn.xml
81. http://www.gentoo.org/news/ru/gwn/gwn.xml
82. http://www.gentoo.org/news/es/gwn/gwn.xml
83. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Herring <ferringb@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
<> - Author
--
gentoo-gwn@gentoo.org mailing list