---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 12 June 2006.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
Portage 2.1 Released
--------------------
After many months in development, the Portage team has released
Portage-2.1. This new release sees a great many new features, fixed bugs,
and performance improvements. A detailed description of changes can be
found in the release notes[1] and NEWS file[2]. Some highlights,
however, are:
1. http://sources.gentoo.org/viewcvs.py/portage/main/trunk/RELEASE-NOTES?view=markup
2. http://sources.gentoo.org/viewcvs.py/portage/main/trunk/NEWS?view=markup
* confcache integration: In combination with the
dev-util/confcachepackage, users can now benefit from cached configure
checks, speeding up build times for many packages.
* New cache framework: The Portage cache has been completely overhauled,
leading to massive speed improvements when updating cache after sync, as
well as in other areas.
* New elog functionality: In the past, important messages from ebuilds
were delivered by means of the einfo, ewarn, and eerror functions, which
print messages to the standard output. However, in a length multi-package
merge, it is very easy for these messages to get lost. The new elog
function allows them to be collected in one place for later inspection,
and should greatly ease the process of upgrading many packages at one
time.
* New hooks framework: Using /etc/portage/bashrc, users can now define
bash functions to be executed before and after any given ebuild phase.
This can be used to make almost arbitrary customisations to the build
environment, and is a powerful tool for those who need functionality or
behaviour that stock Portage cannot provide.
* Digest improvements: Portage can now use SHA256 and RMD160 digests in
addition to MD5 for checking the integrity of downloaded files. This
release also introduces support for a new Manifest2 format that should
allow the current Manifest and digest-* files to be unified into one much
more efficient file format.
* Improved debugging support: using FEATURES="splitdebug" it is now
possible to keep the performance improvements from using stripped
binaries, while still having the debug information around on disk should
it be needed. This should make filing useful bug reports much easier.
* Colour remappings: Using the /etc/portage/color.map file, you can now
remap the colours that Portage will use in its output. Have you ever
wanted a pretty pink portage? Well now you can, without having to change
the source code.
* Configuration improvements: Certain config files can now be made into
directories, for easier management (for example,
/etc/portage/package.unmask/kde, /etc/portage/package.unmask/xorg will be
combined to make the old /etc/portage/package.unmask). /etc/portageitself
can also be loaded from different locations, making certain tasks much
simpler.
* Various other improvements: Certain types of binary security issues can
now be fixed automatically. The initial import of the Portage module
should now be faster in certain circumstances, meaning that external
scripts which import it should see speed improvements. Emerge now supports
a -q or 'really quiet mode' option, reducing its output to a minimum.
There is a stabilisation bug[3] open, where you can track the progress of
this new release towards the stable tree. As of this writing, stable users
on x86, Sparc, HPPA and PPC platforms can use the new release; other
architecture teams should be following in the near future.
3. https://bugs.gentoo.org/show_bug.cgi?id=136198
Thanks to Alec Warner[4] and Ned Ludd[5] for taking the time to talk to
the GWN about this release.
4. antarus@gentoo.org
5. solar@gentoo.org
Status report: Gentoo/Alpha
---------------------------
The Gentoo/Alpha team is responsible for making sure that Gentoo runs
smoothly on the Alpha architecture. The team has recently grown to include
Thomas Cort[6] and Christel Dahlskjaer[7]. In the past few months we have
been very productive. Stephen Bennett[8] has continued his work with
SELinux. hardened-sources is now keyworded for alpha. Thanks to the work
of Stefaan De Roeck[9]and others, modular X has been keyworded and is
working well. The Gentoo/Alpha team is also pleased to announce that we
have stabilized gnome-2.12.3 and kde-3.5.2.
6. tcort@gentoo.org
7. christel@gentoo.org
8. spb@gentoo.org
9. stefaan@gentoo.org
Thomas Cort has produced two documents, the Alpha Porting Guide and the
Gentoo/Alpha FAQ. A guide to using the SRM console is on the way. Jose
Luis Rivero[10], Fernando Pereda[11], and the rest of the Gentoo/Alpha
team completely revamped the project page. Fernando Pereda has also been
busy setting up the Alpha Arch Testers project. If you want to learn more
about this excellent opportunity to give back to Gentoo, please check out
the Alpha Arch Testers Project page[12].
10. yoswink@gentoo.org
11. ferdy@egntoo.org
12. http://www.gentoo.org/proj/en/base/alpha/AT/index.xml
Tetex changes
-------------
Tetex's upstream maintainer Thomas Esser hass announced that he won't make
any further tetex releases. This will have some mid- to long-term effects
on how tetex is maintained in Gentoo. Gentoo developer Martin Ehmsen[13]
shows the possible methods for handling this – while it seems to be
undecided for now how to proceed there will be changes in the future. Stay
tuned…
13. ehmsen@gentoo.org
* Tetex change announcement[14]
14. http://thread.gmane.org/gmane.linux.gentoo.devel/38615
The shadow and pam-login conflict
---------------------------------
Many users may have seen that new versions of pam-login and shadow block
each other. The reason for that is that the file /bin/login used to be
provided by pam-login for mostly historical reasons. Now shadow 4.0
started also providing this file, to reduce confusion this file is now
provided by shadow. Also the rest of pam-login has been folded into shadow
too, so when you see these two packages blocking each other please unmerge
pam-login and emerge the updated shadow package in its place.
Further information can be found in Diego Pettenò's[15] weblog:
15. flameeyes@gentoo.org
* Shadow and pam-login conflict[16]
16. http://farragut.flameeyes.is-a-geek.org/articles/2006/06/01/refreshing-the-pam-login-and-shadow-problem
Ukrainian IRC channels
----------------------
The relatively new and still small Ukrainian Gentoo community has opened
an official IRC channel: #gentoo-ua channel on irc.freenode.net. If you
want to discuss all thing Gentoo in Ukrainian or want to help in the
localization effort just join the team around George Shapovalov[17]. For
now there is no Ukrainian Subforum, but if that community continues to
grow that is a distinct possibility – for now "Other languages" is the
correct forum for Ukrainian questions.
17. george@gentoo.org
Gentoo Women
------------
Geek girls are almost the stuff of legend. Women make up only 30% of
regular computer users, and as little as 2% of Linux users.
But why should this be the case? The reason for this can be as elusive as
the Linux-using women themselves – for every survey or paper saying that
they are not given the same chances or opportunities, there is another one
saying exactly the opposite. Lost in the midst of all this controversy,
however, is the fact that little if anything is being done to interest
women in computing, in Linux, or in Gentoo.
Groups such as the Debian project are seeking to change that. Debian
Women, founded in 2004, was set up to encourage women to become more
involved with Linux. The group maintains an IRC channel and a mailing list
for the discussion of technical issues, as well as maintaining a public
presence at Linux-related conferences and events. They also run an
extensive mentoring program whereby women are paired up with a mentor who
will spend the time to help them find answers to their questions, and get
to know the distribution, as well as the community and Linux in general.
This mentoring program adds a personal element to the process, and helps
to guide people towards working more effectively with Linux. Unfortunately
though, as the name implies, their efforts focus very much on encouraging
their members to use Debian.
The idea was recently floated of starting a similar project for the women
of Gentoo, and we would like your thoughts on the matter. Would such a
project be welcome within the community, and would people take advantage
of it? What would you like to see the project do, and how? Would you
volunteer your time and/or money to encourage people, not just women, to
use Gentoo, and to mentor and help users?
All groups, regardless of their origins, need 'fresh blood' to survive –
members will inevitably depart, and without a steady stream of people
joining the group will diminish with time. If we do not reach out to the
community, we miss out on a lot of good ideas and talented people that are
out there. Let's make the effort to do so, rather than wallowing in
complacency and resisting any change.
* Gentoo Women Forums thread[18]
* Gentoo Userrel email alias[19]
18. http://forums.gentoo.org/viewtopic-p-3375197.html#3375197
19. userrel@gentoo.org
==========================
2. Summer of Code - Update
==========================
Summer of Code -- One Month Along
---------------------------------
It's a month now since the start of this year's Summer of Code, and
Gentoo's projects have been progressing rapidly. Our students have been
hard at work with their projects, and making good progress. The Summer of
Code was originally mentioned in the GWN of May 1st.[20]. If you are
interested to know what all the fuss is about, read on.
20. http://www.gentoo.org/news/en/gwn/20060501-newsletter.xml#doc_chap1
The Summer of Code[21], now in its second year, is a program run by Google
which sponsors students to work on open source projects during the summer
holidays. Last year's program was a great success, with a long list of
results[22] including some great projects. This year's version is even
bigger, containing over twice as many mentoring organisations, and a list
of student projects to match.
21. http://code.google.com/soc
22. http://code.google.com/soc-results.html
This year Gentoo is participating as a mentoring organisation, and we were
lucky enough to be allocated 14 projects, including this year's most
in-demand student – Anant Narayanan had applications accepted by a total
of 4 organisations, and chose to work with us rather than any of the
others. For a while it was uncertain whether we would be accepted, given
the number of other Linux distributions and operating systems already
accepted, but we were eventually chosen, and allocated a higher than
normal number of projects.
"I like how Gentoo has built a community around the distro in such a short
time. To me, that is emblematic of a good community, and is what SoC needs
for mentoring great OSS developers" said Greg Stein from Google, talking
about why he chose to accept Gentoo over other projects on the hold list.
"As one example, Gentoo got included into the program because I've liked
how they came from pretty much nowhere into one of the stronger Linux
distributions. Out of the thousand distros out there, they rose to one of
the primaries in pretty short order. I believe that is due to a strong
community focus, which is exactly something that I believe is good for an
SoC organization."
A full list of Gentoo's accepted applications with some basic information
can be found at Google's Gentoo page[23]; more updates about many of the
projects can be found on the students' blogs, which are aggregated as part
of Planet Gentoo[24] as well as making up Planet Gentoo SoC[25]. However,
we would like to highlight a few individual projects here, with some more
information about the projects and their current status.
23. http://code.google.com/soc/gentoo/about.html
24. http://planet.gentoo.org
25. http://planet.gentoo.org/soc/
Michael Kelly[26]has been working on a unified user/group management
framework, with the intention of integrating it into package managers and
the Gentoo tree to provide an implementation of GLEP 27[27], which was
approved long ago but has not yet been implemented. His code can be found
in his public Subversion repository, accessible through the web with
ViewVC[28]. As his initial proposal[29] outlines, this should provide
some great improvements in the way user and group accounts are handled by
ebuilds – the current system, while it works in the vast majority of
cases, is relatively limited in its capability and scalability. The code
seems to be progressing nicely, and when finished should provide a simple,
flexible, and portable means to manage users and groups in package
managers and elsewhere.
26. http://www.pioto.org/~pioto/gentoo/soc2006/blog/
27. http://www.gentoo.org/proj/en/glep/glep-0027.html
28. http://svn.pioto.org/viewvc
29. http://svn.pioto.org/viewvc/glep27-proposal.txt?view=co
Alex Martinez[30]has been working on porting Gentoo's "sandbox" utility to
run on FreeBSD systems. The Gentoo/*BSD project[31] has been increasingly
active in recent months, and is rapidly becoming a viable platform for
real-world use. However, due to differences between the FreeBSD and GNU C
libraries, the sandbox utility, used primarily for ebuild QA purposes,
still does not work properly. Alex's SoC project sets out to change this,
and involves looking into the most fundamental libraries on the system to
find out just what is causing the problems. While the project is currently
on hold due to the exam season, progress just before this was extremely
promising. When completed, this should bring the various Gentoo/*BSD ports
much closer to having all the package management functionality available
on Gentoo Linux, a major milestone in their development.
30. http://unleashed.amule.org/soc/
31. http://www.gentoo.org/proj/en/gentoo-alt/bsd/index.xml
All in all, the Summer of Code is a fantastic opportunity for students to
get more involved in their favourite open source projects and to let them
spend the summer doing what they enjoy without hindrance. Of course, it
also provides the projects with some great code that perhaps would not
have been written otherwise, as well as a fruitful source of potential new
contributors. This sentiment was echoed by Christel Dahlskjaer, Gentoo's
administrative contact for the summer of code, talking to the GWN earlier
this month: "I am doing my best to ensure that we give the students the
support they need, we also aim to make these summer months a time of fun
for them and we hope that at the end of their 'internship' they'll not
only have provided us with contributions in form of code, but will
hopefully have decided that they want to come on board and work on Gentoo
as developers."
=========================
3. Heard in the community
=========================
forums
------
Genetic - A New Portage Frontend
Over the past two weeks, a discussion of a new ncurses and wxWidgets
portage frontend has been happening on the Gentoo Forums. The project is
still in its infancy and is asking for XML/Python/Ncurses experts to help.
* Genetic Forum Thread[32]
* Genetic Homepage[33]
32. http://forums.gentoo.org/viewtopic-t-463518.html
33. http://genetic.sourceforge.net/
GEMS - Gentoo Enterprise Management System
An announcement of a new management system in the style of "Red Hat
Network" designed for Gentoo has been announced on the forums. It aims to
ease the management of a large number of Gentoo computers and currently
includes features such as: inventory of installed software, GLSAs
associated with them, monitoring deployments status and more. GEMS is
licensed under the GPL and is freely available on its website.
* GEMS Forum thread[34]
* GEMS homepage[35]
34. http://forums.gentoo.org/viewtopic-t-468071.html
35. http://www.gamehound.net/gems/index.php
Decreasing chances of making mistakes while installing Gentoo
new_to_non_X86, a forum user notes how currently it is very easy for users
to make simple mistakes such as typos or missing steps while following the
handbook. How do you think the quality of Gentoo documentation could be
improved so that mistakes are less prone to happening?
* Forum Thread[36]
36. https://forums.gentoo.org/viewtopic-t-469616.html
gentoo-dev
----------
GLEP 49 - take 2
After the long discussion about alternative package managers in the last
weeks Paul de Vrieze[37] and Grant Goodyear[38] offer two competing GLEPs
for discussion that define the capabilities, license and other managerial
issues that a package manager has to offer to be supported. This might
focus future discussions about portage replacements on technical instead
of social issues.
37. pauldv@gentoo.org
38. g2boojum@gentoo.org
* GLEP 49 - take 2[39]
39. http://thread.gmane.org/gmane.linux.gentoo.devel/38476
Security/QA Spring Cleaning
Every now and then a security problem is found. When this affects a Gentoo
package a GLSA is released, but until now the affected packages were not
directly unkeyworded or removed from the tree. This leaves some vulnerable
ebuilds in place, so Ned Ludd[40] in cooperation with Brian Harring[41]
has started a cleanup of the tree. This should not affect users, only
vulnerable, insecure and unmaintained ebuilds will be removed.
40. solar@gentoo.org
41. ferringb@gmail.com
* Security/QA Spring Cleaning[42]
42. http://thread.gmane.org/gmane.linux.gentoo.devel/38472
Spring Cleanup, part 2
A cleanup of unmaintained broken ebuilds has started. As they were already
known to not work no functionality is lost for users. This is part of a
general QA strategy to increase the overall quality of Gentoo.
* app-editors/gnotepad+[43]
* ipkg-utils[44]
* media-libs/nurbs++[45]
* dev-libs/nana[46]
* sys-fs/convertfs[47]
* net-misc/powerd[48]
* www-client/prozilla[49]
* sys-libs/ldetect{,-lst}[50]
43. http://thread.gmane.org/gmane.linux.gentoo.devel/38698
44. http://thread.gmane.org/gmane.linux.gentoo.devel/38685
45. http://thread.gmane.org/gmane.linux.gentoo.devel/38661
46. http://thread.gmane.org/gmane.linux.gentoo.devel/38657
47. http://thread.gmane.org/gmane.linux.gentoo.devel/38641
48. http://thread.gmane.org/gmane.linux.gentoo.devel/38640
49. http://thread.gmane.org/gmane.linux.gentoo.devel/38636
50. http://thread.gmane.org/gmane.linux.gentoo.devel/38633
[RFC Maintainer-Wanted Bugs/Cleaning]
For user-submitted and unmaintained ebuilds the maintainer-wanted alias
was created. What seemed like a good idea has ended in almost 2000 bugs
assigned to that alias, most of them without any changes. Alec Warner[51]
asks for input how to handle these bugs in the future. Some ideas like a
central overlay for these ebuilds or closing them after a pre-set time are
discussed in this thread, but no resolution has been found.
51. antarus@gentoo.org
* [RFC Maintainer-Wanted Bugs/Cleaning][52]
52. http://thread.gmane.org/gmane.linux.gentoo.devel/38663
planet.gentoo.org
-----------------
Gentoo Overlays Project needs a logo
Gentoo Overlays[53] is a project designed to bring social workspaces to
Gentoo. It provides a place for Gentoo projects and developers to host
their overlays. If you can help the Overlays project by creating a logo
drop by #gentoo-overlays on irc.freenode.net.
53. http://www.gentoo.org/proj/en/overlays/
* Gentoo Overlays Project needs a logo[54]
54. http://blog.stuartherbert.com/gentoo.php/2006/06/03/gentoo_overlays_project_needs_a_logo
KDE 3.5.3 unmasked
KDE 3.5.3 got unmasked and provides decreased startup times. Also over 800
minor issues were fixed and small new features implemented in Akregator,
KMail and KAlarm.
* KDE 3.5.3 unmasked[55]
55. http://farragut.flameeyes.is-a-geek.org/articles/2006/06/02/unmasked
net-setup enhancements
Naming of network interfaces sometimes differs between a live system and
the installed Gentoo system. To help in configuring the network interfaces
net-setup has been expanded by two additional dialogs which displays the
interface name, interface caption and additional information. The new
net-setup will be included in the next livecd-tools release.
* net-setup enhancements[56]
56. http://www.reactivated.net/weblog/archives/2006/06/net-setup-enhancements/
=======================
4. Gentoo International
=======================
Gentoo UK 2006
--------------
A little later than anticipated, organisation of the Gentoo UK 2006
users-and-developers conference is nearing completion. The conference will
take place on Saturday July 8th in Central London, and will feature a few
talks from Gentoo developers plus possibly some guest speakers. There will
also be some social activities taking place around the event.
Numbers are limited, so we do require people to pre-register (no cost) by
leaving a name and email address. Registration is open now.
For more info, see the conference website[57]. We look forward to seeing
you there!
57. http://dev.gentoo.org/~dsd/gentoo-uk-2006/
==================
5. Tips and Tricks
==================
Searching the portage tree with eix
-----------------------------------
eix is a handy utility that indexes your portage tree and quickly searches
it. The latest stable version, 0.55, is also compatible with Portage 2.1's
new metadata backend.
To get started, emerge the package, and then build your index:
+-------------------------------------------------------------------------+
| Code Listing 5.1: |
| Installing eix |
+-------------------------------------------------------------------------+
| |
|# emerge eix |
|# update-eix |
| |
+-------------------------------------------------------------------------+
update-eixwill index your ebuilds in your PORTDIR_OVERLAY in addition to
the main portage tree.
Once finished you are ready to do some searches. Use eix foo to search for
a package, or eix -S bar to search package descriptions. To search for a
specific package, use eix -e packagename. You can also use regular
expressions in your search parameters by default.
The output of eix displays each package version available. Versions
prefixed with ~ are marked unstable, while !indicates the version is hard
masked.
+-------------------------------------------------------------------------+
| Code Listing 5.2: |
| eix firefox |
+-------------------------------------------------------------------------+
| |
|$ eix firefox |
|* www-client/mozilla-firefox |
|Available versions: 1.0.7-r4 ~1.0.8 ~1.5-r9 ~1.5.0.1-r2 ~1.5.0.1-r3 |
|~1.5.0.1-r4 1.5.0.2 ~1.5.0.2-r1 1.5.0.3 1.5.0.4 |
|Installed: none |
|Homepage: http://www.mozilla.org/projects/firefox/ |
|Description: Firefox Web Browser |
| |
|* www-client/mozilla-firefox-bin |
|Available versions: 1.0.7 ~1.0.8 1.5.0.2 1.5.0.3 1.5.0.4 |
|Installed: 1.5.0.3 |
|Homepage: http://www.mozilla.org/projects/firefox |
|Description: Firefox Web Browser |
| |
| |
|Found 2 matches |
| |
+-------------------------------------------------------------------------+
Finally, one last tip. If you want to run emerge --sync and update-eix all
in one step, just run eix-sync instead.
Note: If you have tips and tricks you would like to share with the Gentoo
community please drop us a mail at gwn-feedback@gentoo.org
=========================
6. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* Dan Armak
* Ryan Phillips
Adds
----
The following developers recently joined the Gentoo project:
* Chris Parrott (haskell)
Changes
-------
The following developers recently changed roles within the Gentoo project:
* None this week
==================
7. Gentoo Security
==================
CherryPy: Directory traversal vulnerability
-------------------------------------------
CherryPy is vulnerable to a directory traversal that could allow attackers
to read arbitrary files.
For more information, please see the GLSA Announcement[58]
58. http://www.gentoo.org/security/en/glsa/glsa-200605-16.xml
libTIFF: Multiple vulnerabilities
---------------------------------
Multiple vulnerabilities in libTIFF could lead to the execution of
arbitrary code or a Denial of Service.
For more information, please see the GLSA Announcement[59]
59. http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
Opera: Buffer overflow
----------------------
Opera contains an integer signedness error resulting in a buffer overflow
which may allow a remote attacker to execute arbitrary code.
For more information, please see the GLSA Announcement[60]
60. http://www.gentoo.org/security/en/glsa/glsa-200606-01.xml
shadow: Privilege escalation
----------------------------
A security issue in shadow allows a local user to perform certain actions
with escalated privileges.
For more information, please see the GLSA Announcement[61]
61. http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml
Dia: Format string vulnerabilities
----------------------------------
Format string vulnerabilities in Dia may lead to the execution of
arbitrary code.
For more information, please see the GLSA Announcement[62]
62. http://www.gentoo.org/security/en/glsa/glsa-200606-03.xml
Tor: Several vulnerabilities
----------------------------
Tor is vulnerable to a possible buffer overflow, a Denial of Service,
information disclosure and information leak.
For more information, please see the GLSA Announcement[63]
63. http://www.gentoo.org/security/en/glsa/glsa-200606-04.xml
Pound: HTTP request smuggling
-----------------------------
Pound is vulnerable to HTTP request smuggling, which could be exploited to
bypass security restrictions or poison web caches.
For more information, please see the GLSA Announcement[64]
64. http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml
AWStats: Remote execution of arbitrary code
-------------------------------------------
AWStats contains a bug in the sanitization of the input parameters which
can lead to the remote execution of arbitrary code.
For more information, please see the GLSA Announcement[65]
65. http://www.gentoo.org/security/en/glsa/glsa-200606-06.xml
Vixie Cron: Privilege Escalation
--------------------------------
Vixie Cron allows local users to execute programs as root.
For more information, please see the GLSA Announcement[66]
66. http://www.gentoo.org/security/en/glsa/glsa-200606-07.xml
WordPress: Arbitrary command execution
--------------------------------------
WordPress fails to sufficiently check the format of cached username data.
For more information, please see the GLSA Announcement[67]
67. http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml
SpamAssassin: Execution of arbitrary code
-----------------------------------------
SpamAssassin, when running with certain options, could allow local or even
remote attackers to execute arbitrary commands, possibly as the root user.
For more information, please see the GLSA Announcement[68]
68. http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
Cscope: Many buffer overflows
-----------------------------
Cscope is vulnerable to multiple buffer overflows that could lead to the
execution of arbitrary code.
For more information, please see the GLSA Announcement[69]
69. http://www.gentoo.org/security/en/glsa/glsa-200606-10.xml
JPEG library: Denial of Service
-------------------------------
The JPEG library is vulnerable to a Denial of Service.
For more information, please see the GLSA Announcement[70]
70. http://www.gentoo.org/security/en/glsa/glsa-200606-11.xml
Mozilla Firefox: Multiple vulnerabilities
-----------------------------------------
Vulnerabilities in Mozilla Firefox allow privilege escalations for
JavaScript code, cross site scripting attacks, HTTP response smuggling and
possibly the execution of arbitrary code.
For more information, please see the GLSA Announcement[71]
71. http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
MySQL: SQL Injection
--------------------
MySQL is vulnerable to an SQL Injection flaw in the multi-byte encoding
process.
For more information, please see the GLSA Announcement[72]
72. http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml
===========
8. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[73]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 28 May 2006 and 11 June 2006, activity on the
site has resulted in:
73. http://bugs.gentoo.org
* 1756 new bugs during this period
* 812 bugs closed or resolved during this period
* 54 previously closed bugs were reopened this period
Of the 10196 currently open bugs: 53 are labeled 'blocker', 144 are
labeled 'critical', and 549 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo Games[74], with 49 closed bugs[75]
* Gentoo Security[76], with 28 closed bugs[77]
* Printing Team[78], with 28 closed bugs[79]
* Gentoo KDE team[80], with 28 closed bugs[81]
* Apache Herd - Bugzilla Reports[82], with 26 closed bugs[83]
* Gentoo's Team for Core System packages[84], with 25 closed bugs[85]
* Portage team[86], with 21 closed bugs[87]
* Diego Pettenò[88], with 19 closed bugs[89]
74. games@gentoo.org
75. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=games@gentoo.org
76. security@gentoo.org
77. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=security@gentoo.org
78. printing@gentoo.org
79. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=printing@gentoo.org
80. kde@gentoo.org
81. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=kde@gentoo.org
82. apache-bugs@gentoo.org
83. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=apache-bugs@gentoo.org
84. base-system@gentoo.org
85. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=base-system@gentoo.org
86. dev-portage@gentoo.org
87. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=dev-portage@gentoo.org
88. flameeyes@gentoo.org
89. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=flameeyes@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[90], with 54 new bugs[91]
* Mozilla Gentoo Team[92], with 16 new bugs[93]
* Gentoo Games[94], with 15 new bugs[95]
* Default Assignee for Orphaned Packages[96], with 14 new bugs[97]
* Diego Pettenò[98], with 14 new bugs[99]
* Chris White[100], with 14 new bugs[101]
* AMD64 Project[102], with 13 new bugs[103]
* Gentoo KDE team[104], with 12 new bugs[105]
90. maintainer-wanted@gentoo.org
91. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=maintainer-wanted@gentoo.org
92. mozilla@gentoo.org
93. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=mozilla@gentoo.org
94. games@gentoo.org
95. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=games@gentoo.org
96. maintainer-needed@gentoo.org
97. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=maintainer-needed@gentoo.org
98. flameeyes@gentoo.org
99. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=flameeyes@gentoo.org
100. chriswhite@gentoo.org
101. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=chriswhite@gentoo.org
102. amd64@gentoo.org
103. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=amd64@gentoo.org
104. kde@gentoo.org
105. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=kde@gentoo.org
===============
9. GWN feedback
===============
Please send us your feedback[106]and help make the GWN better.
106. gwn-feedback@gentoo.org
================================
10. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+subscribe@gentoo.org[107].
107. gentoo-gwn+subscribe@gentoo.org
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+unsubscribe@gentoo.org[108] from the e-mail address you are
subscribed under.
108. gentoo-gwn+unsubscribe@gentoo.org
===================
11. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[109]
* Dutch[110]
* English[111]
* German[112]
* French[113]
* Korean[114]
* Japanese[115]
* Italian[116]
* Polish[117]
* Portuguese (Brazil)[118]
* Portuguese (Portugal)[119]
* Russian[120]
* Spanish[121]
* Turkish[122]
109. http://www.gentoo.org/news/da/gwn/gwn.xml
110. http://www.gentoo.org/news/nl/gwn/gwn.xml
111. http://www.gentoo.org/news/en/gwn/gwn.xml
112. http://www.gentoo.org/news/de/gwn/gwn.xml
113. http://www.gentoo.org/news/fr/gwn/gwn.xml
114. http://www.gentoo.org/news/ko/gwn/gwn.xml
115. http://www.gentoo.org/news/ja/gwn/gwn.xml
116. http://www.gentoo.org/news/it/gwn/gwn.xml
117. http://www.gentoo.org/news/pl/gwn/gwn.xml
118. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
119. http://www.gentoo.org/news/pt/gwn/gwn.xml
120. http://www.gentoo.org/news/ru/gwn/gwn.xml
121. http://www.gentoo.org/news/es/gwn/gwn.xml
122. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Patrick Lauer <patrick@gentoo.org> - Author
Christel Dahlskjaer <christel@gentoo.org> - Author
Tobias Scherbaum <dertobi123@gentoo.org> - Author
Mark Kowarsky <mark_alec@gentoo.org> - Author
Thomas Cort <tcort@gentoo.org> - Author
Steve Dibb <beandog@gentoo.org> - Author
Alec Warner <antarus@gentoo.org> - Author
Ned Ludd <solar@gentoo.org> - Author
Lars Weiler <pylon@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 12 June 2006.
---------------------------------------------------------------------------
==============
1. Gentoo news
==============
Portage 2.1 Released
--------------------
After many months in development, the Portage team has released
Portage-2.1. This new release sees a great many new features, fixed bugs,
and performance improvements. A detailed description of changes can be
found in the release notes[1] and NEWS file[2]. Some highlights,
however, are:
1. http://sources.gentoo.org/viewcvs.py/portage/main/trunk/RELEASE-NOTES?view=markup
2. http://sources.gentoo.org/viewcvs.py/portage/main/trunk/NEWS?view=markup
* confcache integration: In combination with the
dev-util/confcachepackage, users can now benefit from cached configure
checks, speeding up build times for many packages.
* New cache framework: The Portage cache has been completely overhauled,
leading to massive speed improvements when updating cache after sync, as
well as in other areas.
* New elog functionality: In the past, important messages from ebuilds
were delivered by means of the einfo, ewarn, and eerror functions, which
print messages to the standard output. However, in a length multi-package
merge, it is very easy for these messages to get lost. The new elog
function allows them to be collected in one place for later inspection,
and should greatly ease the process of upgrading many packages at one
time.
* New hooks framework: Using /etc/portage/bashrc, users can now define
bash functions to be executed before and after any given ebuild phase.
This can be used to make almost arbitrary customisations to the build
environment, and is a powerful tool for those who need functionality or
behaviour that stock Portage cannot provide.
* Digest improvements: Portage can now use SHA256 and RMD160 digests in
addition to MD5 for checking the integrity of downloaded files. This
release also introduces support for a new Manifest2 format that should
allow the current Manifest and digest-* files to be unified into one much
more efficient file format.
* Improved debugging support: using FEATURES="splitdebug" it is now
possible to keep the performance improvements from using stripped
binaries, while still having the debug information around on disk should
it be needed. This should make filing useful bug reports much easier.
* Colour remappings: Using the /etc/portage/color.map file, you can now
remap the colours that Portage will use in its output. Have you ever
wanted a pretty pink portage? Well now you can, without having to change
the source code.
* Configuration improvements: Certain config files can now be made into
directories, for easier management (for example,
/etc/portage/package.unmask/kde, /etc/portage/package.unmask/xorg will be
combined to make the old /etc/portage/package.unmask). /etc/portageitself
can also be loaded from different locations, making certain tasks much
simpler.
* Various other improvements: Certain types of binary security issues can
now be fixed automatically. The initial import of the Portage module
should now be faster in certain circumstances, meaning that external
scripts which import it should see speed improvements. Emerge now supports
a -q or 'really quiet mode' option, reducing its output to a minimum.
There is a stabilisation bug[3] open, where you can track the progress of
this new release towards the stable tree. As of this writing, stable users
on x86, Sparc, HPPA and PPC platforms can use the new release; other
architecture teams should be following in the near future.
3. https://bugs.gentoo.org/show_bug.cgi?id=136198
Thanks to Alec Warner[4] and Ned Ludd[5] for taking the time to talk to
the GWN about this release.
4. antarus@gentoo.org
5. solar@gentoo.org
Status report: Gentoo/Alpha
---------------------------
The Gentoo/Alpha team is responsible for making sure that Gentoo runs
smoothly on the Alpha architecture. The team has recently grown to include
Thomas Cort[6] and Christel Dahlskjaer[7]. In the past few months we have
been very productive. Stephen Bennett[8] has continued his work with
SELinux. hardened-sources is now keyworded for alpha. Thanks to the work
of Stefaan De Roeck[9]and others, modular X has been keyworded and is
working well. The Gentoo/Alpha team is also pleased to announce that we
have stabilized gnome-2.12.3 and kde-3.5.2.
6. tcort@gentoo.org
7. christel@gentoo.org
8. spb@gentoo.org
9. stefaan@gentoo.org
Thomas Cort has produced two documents, the Alpha Porting Guide and the
Gentoo/Alpha FAQ. A guide to using the SRM console is on the way. Jose
Luis Rivero[10], Fernando Pereda[11], and the rest of the Gentoo/Alpha
team completely revamped the project page. Fernando Pereda has also been
busy setting up the Alpha Arch Testers project. If you want to learn more
about this excellent opportunity to give back to Gentoo, please check out
the Alpha Arch Testers Project page[12].
10. yoswink@gentoo.org
11. ferdy@egntoo.org
12. http://www.gentoo.org/proj/en/base/alpha/AT/index.xml
Tetex changes
-------------
Tetex's upstream maintainer Thomas Esser hass announced that he won't make
any further tetex releases. This will have some mid- to long-term effects
on how tetex is maintained in Gentoo. Gentoo developer Martin Ehmsen[13]
shows the possible methods for handling this – while it seems to be
undecided for now how to proceed there will be changes in the future. Stay
tuned…
13. ehmsen@gentoo.org
* Tetex change announcement[14]
14. http://thread.gmane.org/gmane.linux.gentoo.devel/38615
The shadow and pam-login conflict
---------------------------------
Many users may have seen that new versions of pam-login and shadow block
each other. The reason for that is that the file /bin/login used to be
provided by pam-login for mostly historical reasons. Now shadow 4.0
started also providing this file, to reduce confusion this file is now
provided by shadow. Also the rest of pam-login has been folded into shadow
too, so when you see these two packages blocking each other please unmerge
pam-login and emerge the updated shadow package in its place.
Further information can be found in Diego Pettenò's[15] weblog:
15. flameeyes@gentoo.org
* Shadow and pam-login conflict[16]
16. http://farragut.flameeyes.is-a-geek.org/articles/2006/06/01/refreshing-the-pam-login-and-shadow-problem
Ukrainian IRC channels
----------------------
The relatively new and still small Ukrainian Gentoo community has opened
an official IRC channel: #gentoo-ua channel on irc.freenode.net. If you
want to discuss all thing Gentoo in Ukrainian or want to help in the
localization effort just join the team around George Shapovalov[17]. For
now there is no Ukrainian Subforum, but if that community continues to
grow that is a distinct possibility – for now "Other languages" is the
correct forum for Ukrainian questions.
17. george@gentoo.org
Gentoo Women
------------
Geek girls are almost the stuff of legend. Women make up only 30% of
regular computer users, and as little as 2% of Linux users.
But why should this be the case? The reason for this can be as elusive as
the Linux-using women themselves – for every survey or paper saying that
they are not given the same chances or opportunities, there is another one
saying exactly the opposite. Lost in the midst of all this controversy,
however, is the fact that little if anything is being done to interest
women in computing, in Linux, or in Gentoo.
Groups such as the Debian project are seeking to change that. Debian
Women, founded in 2004, was set up to encourage women to become more
involved with Linux. The group maintains an IRC channel and a mailing list
for the discussion of technical issues, as well as maintaining a public
presence at Linux-related conferences and events. They also run an
extensive mentoring program whereby women are paired up with a mentor who
will spend the time to help them find answers to their questions, and get
to know the distribution, as well as the community and Linux in general.
This mentoring program adds a personal element to the process, and helps
to guide people towards working more effectively with Linux. Unfortunately
though, as the name implies, their efforts focus very much on encouraging
their members to use Debian.
The idea was recently floated of starting a similar project for the women
of Gentoo, and we would like your thoughts on the matter. Would such a
project be welcome within the community, and would people take advantage
of it? What would you like to see the project do, and how? Would you
volunteer your time and/or money to encourage people, not just women, to
use Gentoo, and to mentor and help users?
All groups, regardless of their origins, need 'fresh blood' to survive –
members will inevitably depart, and without a steady stream of people
joining the group will diminish with time. If we do not reach out to the
community, we miss out on a lot of good ideas and talented people that are
out there. Let's make the effort to do so, rather than wallowing in
complacency and resisting any change.
* Gentoo Women Forums thread[18]
* Gentoo Userrel email alias[19]
18. http://forums.gentoo.org/viewtopic-p-3375197.html#3375197
19. userrel@gentoo.org
==========================
2. Summer of Code - Update
==========================
Summer of Code -- One Month Along
---------------------------------
It's a month now since the start of this year's Summer of Code, and
Gentoo's projects have been progressing rapidly. Our students have been
hard at work with their projects, and making good progress. The Summer of
Code was originally mentioned in the GWN of May 1st.[20]. If you are
interested to know what all the fuss is about, read on.
20. http://www.gentoo.org/news/en/gwn/20060501-newsletter.xml#doc_chap1
The Summer of Code[21], now in its second year, is a program run by Google
which sponsors students to work on open source projects during the summer
holidays. Last year's program was a great success, with a long list of
results[22] including some great projects. This year's version is even
bigger, containing over twice as many mentoring organisations, and a list
of student projects to match.
21. http://code.google.com/soc
22. http://code.google.com/soc-results.html
This year Gentoo is participating as a mentoring organisation, and we were
lucky enough to be allocated 14 projects, including this year's most
in-demand student – Anant Narayanan had applications accepted by a total
of 4 organisations, and chose to work with us rather than any of the
others. For a while it was uncertain whether we would be accepted, given
the number of other Linux distributions and operating systems already
accepted, but we were eventually chosen, and allocated a higher than
normal number of projects.
"I like how Gentoo has built a community around the distro in such a short
time. To me, that is emblematic of a good community, and is what SoC needs
for mentoring great OSS developers" said Greg Stein from Google, talking
about why he chose to accept Gentoo over other projects on the hold list.
"As one example, Gentoo got included into the program because I've liked
how they came from pretty much nowhere into one of the stronger Linux
distributions. Out of the thousand distros out there, they rose to one of
the primaries in pretty short order. I believe that is due to a strong
community focus, which is exactly something that I believe is good for an
SoC organization."
A full list of Gentoo's accepted applications with some basic information
can be found at Google's Gentoo page[23]; more updates about many of the
projects can be found on the students' blogs, which are aggregated as part
of Planet Gentoo[24] as well as making up Planet Gentoo SoC[25]. However,
we would like to highlight a few individual projects here, with some more
information about the projects and their current status.
23. http://code.google.com/soc/gentoo/about.html
24. http://planet.gentoo.org
25. http://planet.gentoo.org/soc/
Michael Kelly[26]has been working on a unified user/group management
framework, with the intention of integrating it into package managers and
the Gentoo tree to provide an implementation of GLEP 27[27], which was
approved long ago but has not yet been implemented. His code can be found
in his public Subversion repository, accessible through the web with
ViewVC[28]. As his initial proposal[29] outlines, this should provide
some great improvements in the way user and group accounts are handled by
ebuilds – the current system, while it works in the vast majority of
cases, is relatively limited in its capability and scalability. The code
seems to be progressing nicely, and when finished should provide a simple,
flexible, and portable means to manage users and groups in package
managers and elsewhere.
26. http://www.pioto.org/~pioto/gentoo/soc2006/blog/
27. http://www.gentoo.org/proj/en/glep/glep-0027.html
28. http://svn.pioto.org/viewvc
29. http://svn.pioto.org/viewvc/glep27-proposal.txt?view=co
Alex Martinez[30]has been working on porting Gentoo's "sandbox" utility to
run on FreeBSD systems. The Gentoo/*BSD project[31] has been increasingly
active in recent months, and is rapidly becoming a viable platform for
real-world use. However, due to differences between the FreeBSD and GNU C
libraries, the sandbox utility, used primarily for ebuild QA purposes,
still does not work properly. Alex's SoC project sets out to change this,
and involves looking into the most fundamental libraries on the system to
find out just what is causing the problems. While the project is currently
on hold due to the exam season, progress just before this was extremely
promising. When completed, this should bring the various Gentoo/*BSD ports
much closer to having all the package management functionality available
on Gentoo Linux, a major milestone in their development.
30. http://unleashed.amule.org/soc/
31. http://www.gentoo.org/proj/en/gentoo-alt/bsd/index.xml
All in all, the Summer of Code is a fantastic opportunity for students to
get more involved in their favourite open source projects and to let them
spend the summer doing what they enjoy without hindrance. Of course, it
also provides the projects with some great code that perhaps would not
have been written otherwise, as well as a fruitful source of potential new
contributors. This sentiment was echoed by Christel Dahlskjaer, Gentoo's
administrative contact for the summer of code, talking to the GWN earlier
this month: "I am doing my best to ensure that we give the students the
support they need, we also aim to make these summer months a time of fun
for them and we hope that at the end of their 'internship' they'll not
only have provided us with contributions in form of code, but will
hopefully have decided that they want to come on board and work on Gentoo
as developers."
=========================
3. Heard in the community
=========================
forums
------
Genetic - A New Portage Frontend
Over the past two weeks, a discussion of a new ncurses and wxWidgets
portage frontend has been happening on the Gentoo Forums. The project is
still in its infancy and is asking for XML/Python/Ncurses experts to help.
* Genetic Forum Thread[32]
* Genetic Homepage[33]
32. http://forums.gentoo.org/viewtopic-t-463518.html
33. http://genetic.sourceforge.net/
GEMS - Gentoo Enterprise Management System
An announcement of a new management system in the style of "Red Hat
Network" designed for Gentoo has been announced on the forums. It aims to
ease the management of a large number of Gentoo computers and currently
includes features such as: inventory of installed software, GLSAs
associated with them, monitoring deployments status and more. GEMS is
licensed under the GPL and is freely available on its website.
* GEMS Forum thread[34]
* GEMS homepage[35]
34. http://forums.gentoo.org/viewtopic-t-468071.html
35. http://www.gamehound.net/gems/index.php
Decreasing chances of making mistakes while installing Gentoo
new_to_non_X86, a forum user notes how currently it is very easy for users
to make simple mistakes such as typos or missing steps while following the
handbook. How do you think the quality of Gentoo documentation could be
improved so that mistakes are less prone to happening?
* Forum Thread[36]
36. https://forums.gentoo.org/viewtopic-t-469616.html
gentoo-dev
----------
GLEP 49 - take 2
After the long discussion about alternative package managers in the last
weeks Paul de Vrieze[37] and Grant Goodyear[38] offer two competing GLEPs
for discussion that define the capabilities, license and other managerial
issues that a package manager has to offer to be supported. This might
focus future discussions about portage replacements on technical instead
of social issues.
37. pauldv@gentoo.org
38. g2boojum@gentoo.org
* GLEP 49 - take 2[39]
39. http://thread.gmane.org/gmane.linux.gentoo.devel/38476
Security/QA Spring Cleaning
Every now and then a security problem is found. When this affects a Gentoo
package a GLSA is released, but until now the affected packages were not
directly unkeyworded or removed from the tree. This leaves some vulnerable
ebuilds in place, so Ned Ludd[40] in cooperation with Brian Harring[41]
has started a cleanup of the tree. This should not affect users, only
vulnerable, insecure and unmaintained ebuilds will be removed.
40. solar@gentoo.org
41. ferringb@gmail.com
* Security/QA Spring Cleaning[42]
42. http://thread.gmane.org/gmane.linux.gentoo.devel/38472
Spring Cleanup, part 2
A cleanup of unmaintained broken ebuilds has started. As they were already
known to not work no functionality is lost for users. This is part of a
general QA strategy to increase the overall quality of Gentoo.
* app-editors/gnotepad+[43]
* ipkg-utils[44]
* media-libs/nurbs++[45]
* dev-libs/nana[46]
* sys-fs/convertfs[47]
* net-misc/powerd[48]
* www-client/prozilla[49]
* sys-libs/ldetect{,-lst}[50]
43. http://thread.gmane.org/gmane.linux.gentoo.devel/38698
44. http://thread.gmane.org/gmane.linux.gentoo.devel/38685
45. http://thread.gmane.org/gmane.linux.gentoo.devel/38661
46. http://thread.gmane.org/gmane.linux.gentoo.devel/38657
47. http://thread.gmane.org/gmane.linux.gentoo.devel/38641
48. http://thread.gmane.org/gmane.linux.gentoo.devel/38640
49. http://thread.gmane.org/gmane.linux.gentoo.devel/38636
50. http://thread.gmane.org/gmane.linux.gentoo.devel/38633
[RFC Maintainer-Wanted Bugs/Cleaning]
For user-submitted and unmaintained ebuilds the maintainer-wanted alias
was created. What seemed like a good idea has ended in almost 2000 bugs
assigned to that alias, most of them without any changes. Alec Warner[51]
asks for input how to handle these bugs in the future. Some ideas like a
central overlay for these ebuilds or closing them after a pre-set time are
discussed in this thread, but no resolution has been found.
51. antarus@gentoo.org
* [RFC Maintainer-Wanted Bugs/Cleaning][52]
52. http://thread.gmane.org/gmane.linux.gentoo.devel/38663
planet.gentoo.org
-----------------
Gentoo Overlays Project needs a logo
Gentoo Overlays[53] is a project designed to bring social workspaces to
Gentoo. It provides a place for Gentoo projects and developers to host
their overlays. If you can help the Overlays project by creating a logo
drop by #gentoo-overlays on irc.freenode.net.
53. http://www.gentoo.org/proj/en/overlays/
* Gentoo Overlays Project needs a logo[54]
54. http://blog.stuartherbert.com/gentoo.php/2006/06/03/gentoo_overlays_project_needs_a_logo
KDE 3.5.3 unmasked
KDE 3.5.3 got unmasked and provides decreased startup times. Also over 800
minor issues were fixed and small new features implemented in Akregator,
KMail and KAlarm.
* KDE 3.5.3 unmasked[55]
55. http://farragut.flameeyes.is-a-geek.org/articles/2006/06/02/unmasked
net-setup enhancements
Naming of network interfaces sometimes differs between a live system and
the installed Gentoo system. To help in configuring the network interfaces
net-setup has been expanded by two additional dialogs which displays the
interface name, interface caption and additional information. The new
net-setup will be included in the next livecd-tools release.
* net-setup enhancements[56]
56. http://www.reactivated.net/weblog/archives/2006/06/net-setup-enhancements/
=======================
4. Gentoo International
=======================
Gentoo UK 2006
--------------
A little later than anticipated, organisation of the Gentoo UK 2006
users-and-developers conference is nearing completion. The conference will
take place on Saturday July 8th in Central London, and will feature a few
talks from Gentoo developers plus possibly some guest speakers. There will
also be some social activities taking place around the event.
Numbers are limited, so we do require people to pre-register (no cost) by
leaving a name and email address. Registration is open now.
For more info, see the conference website[57]. We look forward to seeing
you there!
57. http://dev.gentoo.org/~dsd/gentoo-uk-2006/
==================
5. Tips and Tricks
==================
Searching the portage tree with eix
-----------------------------------
eix is a handy utility that indexes your portage tree and quickly searches
it. The latest stable version, 0.55, is also compatible with Portage 2.1's
new metadata backend.
To get started, emerge the package, and then build your index:
+-------------------------------------------------------------------------+
| Code Listing 5.1: |
| Installing eix |
+-------------------------------------------------------------------------+
| |
|# emerge eix |
|# update-eix |
| |
+-------------------------------------------------------------------------+
update-eixwill index your ebuilds in your PORTDIR_OVERLAY in addition to
the main portage tree.
Once finished you are ready to do some searches. Use eix foo to search for
a package, or eix -S bar to search package descriptions. To search for a
specific package, use eix -e packagename. You can also use regular
expressions in your search parameters by default.
The output of eix displays each package version available. Versions
prefixed with ~ are marked unstable, while !indicates the version is hard
masked.
+-------------------------------------------------------------------------+
| Code Listing 5.2: |
| eix firefox |
+-------------------------------------------------------------------------+
| |
|$ eix firefox |
|* www-client/mozilla-firefox |
|Available versions: 1.0.7-r4 ~1.0.8 ~1.5-r9 ~1.5.0.1-r2 ~1.5.0.1-r3 |
|~1.5.0.1-r4 1.5.0.2 ~1.5.0.2-r1 1.5.0.3 1.5.0.4 |
|Installed: none |
|Homepage: http://www.mozilla.org/projects/firefox/ |
|Description: Firefox Web Browser |
| |
|* www-client/mozilla-firefox-bin |
|Available versions: 1.0.7 ~1.0.8 1.5.0.2 1.5.0.3 1.5.0.4 |
|Installed: 1.5.0.3 |
|Homepage: http://www.mozilla.org/projects/firefox |
|Description: Firefox Web Browser |
| |
| |
|Found 2 matches |
| |
+-------------------------------------------------------------------------+
Finally, one last tip. If you want to run emerge --sync and update-eix all
in one step, just run eix-sync instead.
Note: If you have tips and tricks you would like to share with the Gentoo
community please drop us a mail at gwn-feedback@gentoo.org
=========================
6. Gentoo developer moves
=========================
Moves
-----
The following developers recently left the Gentoo project:
* Dan Armak
* Ryan Phillips
Adds
----
The following developers recently joined the Gentoo project:
* Chris Parrott (haskell)
Changes
-------
The following developers recently changed roles within the Gentoo project:
* None this week
==================
7. Gentoo Security
==================
CherryPy: Directory traversal vulnerability
-------------------------------------------
CherryPy is vulnerable to a directory traversal that could allow attackers
to read arbitrary files.
For more information, please see the GLSA Announcement[58]
58. http://www.gentoo.org/security/en/glsa/glsa-200605-16.xml
libTIFF: Multiple vulnerabilities
---------------------------------
Multiple vulnerabilities in libTIFF could lead to the execution of
arbitrary code or a Denial of Service.
For more information, please see the GLSA Announcement[59]
59. http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
Opera: Buffer overflow
----------------------
Opera contains an integer signedness error resulting in a buffer overflow
which may allow a remote attacker to execute arbitrary code.
For more information, please see the GLSA Announcement[60]
60. http://www.gentoo.org/security/en/glsa/glsa-200606-01.xml
shadow: Privilege escalation
----------------------------
A security issue in shadow allows a local user to perform certain actions
with escalated privileges.
For more information, please see the GLSA Announcement[61]
61. http://www.gentoo.org/security/en/glsa/glsa-200606-02.xml
Dia: Format string vulnerabilities
----------------------------------
Format string vulnerabilities in Dia may lead to the execution of
arbitrary code.
For more information, please see the GLSA Announcement[62]
62. http://www.gentoo.org/security/en/glsa/glsa-200606-03.xml
Tor: Several vulnerabilities
----------------------------
Tor is vulnerable to a possible buffer overflow, a Denial of Service,
information disclosure and information leak.
For more information, please see the GLSA Announcement[63]
63. http://www.gentoo.org/security/en/glsa/glsa-200606-04.xml
Pound: HTTP request smuggling
-----------------------------
Pound is vulnerable to HTTP request smuggling, which could be exploited to
bypass security restrictions or poison web caches.
For more information, please see the GLSA Announcement[64]
64. http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml
AWStats: Remote execution of arbitrary code
-------------------------------------------
AWStats contains a bug in the sanitization of the input parameters which
can lead to the remote execution of arbitrary code.
For more information, please see the GLSA Announcement[65]
65. http://www.gentoo.org/security/en/glsa/glsa-200606-06.xml
Vixie Cron: Privilege Escalation
--------------------------------
Vixie Cron allows local users to execute programs as root.
For more information, please see the GLSA Announcement[66]
66. http://www.gentoo.org/security/en/glsa/glsa-200606-07.xml
WordPress: Arbitrary command execution
--------------------------------------
WordPress fails to sufficiently check the format of cached username data.
For more information, please see the GLSA Announcement[67]
67. http://www.gentoo.org/security/en/glsa/glsa-200606-08.xml
SpamAssassin: Execution of arbitrary code
-----------------------------------------
SpamAssassin, when running with certain options, could allow local or even
remote attackers to execute arbitrary commands, possibly as the root user.
For more information, please see the GLSA Announcement[68]
68. http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml
Cscope: Many buffer overflows
-----------------------------
Cscope is vulnerable to multiple buffer overflows that could lead to the
execution of arbitrary code.
For more information, please see the GLSA Announcement[69]
69. http://www.gentoo.org/security/en/glsa/glsa-200606-10.xml
JPEG library: Denial of Service
-------------------------------
The JPEG library is vulnerable to a Denial of Service.
For more information, please see the GLSA Announcement[70]
70. http://www.gentoo.org/security/en/glsa/glsa-200606-11.xml
Mozilla Firefox: Multiple vulnerabilities
-----------------------------------------
Vulnerabilities in Mozilla Firefox allow privilege escalations for
JavaScript code, cross site scripting attacks, HTTP response smuggling and
possibly the execution of arbitrary code.
For more information, please see the GLSA Announcement[71]
71. http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml
MySQL: SQL Injection
--------------------
MySQL is vulnerable to an SQL Injection flaw in the multi-byte encoding
process.
For more information, please see the GLSA Announcement[72]
72. http://www.gentoo.org/security/en/glsa/glsa-200606-13.xml
===========
8. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[73]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 28 May 2006 and 11 June 2006, activity on the
site has resulted in:
73. http://bugs.gentoo.org
* 1756 new bugs during this period
* 812 bugs closed or resolved during this period
* 54 previously closed bugs were reopened this period
Of the 10196 currently open bugs: 53 are labeled 'blocker', 144 are
labeled 'critical', and 549 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo Games[74], with 49 closed bugs[75]
* Gentoo Security[76], with 28 closed bugs[77]
* Printing Team[78], with 28 closed bugs[79]
* Gentoo KDE team[80], with 28 closed bugs[81]
* Apache Herd - Bugzilla Reports[82], with 26 closed bugs[83]
* Gentoo's Team for Core System packages[84], with 25 closed bugs[85]
* Portage team[86], with 21 closed bugs[87]
* Diego Pettenò[88], with 19 closed bugs[89]
74. games@gentoo.org
75. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=games@gentoo.org
76. security@gentoo.org
77. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=security@gentoo.org
78. printing@gentoo.org
79. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=printing@gentoo.org
80. kde@gentoo.org
81. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=kde@gentoo.org
82. apache-bugs@gentoo.org
83. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=apache-bugs@gentoo.org
84. base-system@gentoo.org
85. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=base-system@gentoo.org
86. dev-portage@gentoo.org
87. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=dev-portage@gentoo.org
88. flameeyes@gentoo.org
89. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-05-28&chfieldto=2006-06-11&resolution=FIXED&assigned_to=flameeyes@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Default Assignee for New Packages[90], with 54 new bugs[91]
* Mozilla Gentoo Team[92], with 16 new bugs[93]
* Gentoo Games[94], with 15 new bugs[95]
* Default Assignee for Orphaned Packages[96], with 14 new bugs[97]
* Diego Pettenò[98], with 14 new bugs[99]
* Chris White[100], with 14 new bugs[101]
* AMD64 Project[102], with 13 new bugs[103]
* Gentoo KDE team[104], with 12 new bugs[105]
90. maintainer-wanted@gentoo.org
91. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=maintainer-wanted@gentoo.org
92. mozilla@gentoo.org
93. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=mozilla@gentoo.org
94. games@gentoo.org
95. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=games@gentoo.org
96. maintainer-needed@gentoo.org
97. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=maintainer-needed@gentoo.org
98. flameeyes@gentoo.org
99. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=flameeyes@gentoo.org
100. chriswhite@gentoo.org
101. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=chriswhite@gentoo.org
102. amd64@gentoo.org
103. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=amd64@gentoo.org
104. kde@gentoo.org
105. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-05-28&chfieldto=2006-06-11&assigned_to=kde@gentoo.org
===============
9. GWN feedback
===============
Please send us your feedback[106]and help make the GWN better.
106. gwn-feedback@gentoo.org
================================
10. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+subscribe@gentoo.org[107].
107. gentoo-gwn+subscribe@gentoo.org
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+unsubscribe@gentoo.org[108] from the e-mail address you are
subscribed under.
108. gentoo-gwn+unsubscribe@gentoo.org
===================
11. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[109]
* Dutch[110]
* English[111]
* German[112]
* French[113]
* Korean[114]
* Japanese[115]
* Italian[116]
* Polish[117]
* Portuguese (Brazil)[118]
* Portuguese (Portugal)[119]
* Russian[120]
* Spanish[121]
* Turkish[122]
109. http://www.gentoo.org/news/da/gwn/gwn.xml
110. http://www.gentoo.org/news/nl/gwn/gwn.xml
111. http://www.gentoo.org/news/en/gwn/gwn.xml
112. http://www.gentoo.org/news/de/gwn/gwn.xml
113. http://www.gentoo.org/news/fr/gwn/gwn.xml
114. http://www.gentoo.org/news/ko/gwn/gwn.xml
115. http://www.gentoo.org/news/ja/gwn/gwn.xml
116. http://www.gentoo.org/news/it/gwn/gwn.xml
117. http://www.gentoo.org/news/pl/gwn/gwn.xml
118. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
119. http://www.gentoo.org/news/pt/gwn/gwn.xml
120. http://www.gentoo.org/news/ru/gwn/gwn.xml
121. http://www.gentoo.org/news/es/gwn/gwn.xml
122. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Patrick Lauer <patrick@gentoo.org> - Author
Christel Dahlskjaer <christel@gentoo.org> - Author
Tobias Scherbaum <dertobi123@gentoo.org> - Author
Mark Kowarsky <mark_alec@gentoo.org> - Author
Thomas Cort <tcort@gentoo.org> - Author
Steve Dibb <beandog@gentoo.org> - Author
Alec Warner <antarus@gentoo.org> - Author
Ned Ludd <solar@gentoo.org> - Author
Lars Weiler <pylon@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list