Gentoo Weekly Newsletter: January 6th, 2003

1.  Gentoo News

Summary

• Start the New Year with a Donation to the Gentoo Linux Project
• New Gentoo Linux Prelinking Guide
• Perl 5.8 and libperl
• Future improvements to Gentoo Linux in the works

Start the New Year with a Donation to the Gentoo Linux Project

As we enter the New Year, we invite everyone who has benefitted from their use of Gentoo Linux to make a donation to the Gentoo Project. Its through your generous donations that the Gentoo Project is able to have a presence at the upcoming LinuxWorld Expo. Donations also help to support other development efforts, such as sponsoring developers so they can work full time on Gentoo Linux. Donations can be made via PayPal as well as check.

Additionally, if you know of a company that may be interested in sponsoring the Gentoo Linux free software project through a regular monthly donation, please email Daniel Robbins directly. Among other things, corporate sponsorships allow Gentoo developers to work full time on Gentoo Linux.

New Gentoo Linux Prelinking Guide

A new Gentoo Linux Prelinking Guide has been posted. Prelinking can cut the startup times of applications, especially larger ones such as KDE and GNOME, by as much as 50% or more. Many Mandrake and RedHat users have sung the praises of prelinking and its effect on overall system speed, so it is certainly a welcome addition to Gentoo Linux.

Perl 5.8 and libperl

Recently, an issue was raised among the developers about how to effectively deal with Perl 5.8. Perl 5.8 uses a shared library (libperl) that is incompatible with earlier versions of Perl, including Perl 5.6.1. Users upgrading to Perl 5.8 could find any apps previously compiled with Perl 5.6.1 to now be broken given the libperl incompatiblity. The solution for Gentoo Linux is to numerate the various versions of libperl to allow multiple versions to coincide with each other. So, as an example:

• perl-5.6 gets libperl.so.0.5.6
• perl-5.8 gets libperl.so.1.5.8
• perl-x.y gets libperl.so.2.x.y

Future improvements to Gentoo Linux in the works

While the current focus of the Gentoo developers is on getting Gentoo Linux 1.4_final out the door, that doesn't mean future improvements aren't also being discussed. In addition to the Gentoo Reference Platform, which is designed to establish a stable baseline for Gentoo Linux, formal in-house testing and approval of hardware may be on the horizon. This process, which would provide users of Gentoo a set of components known to work with Gentoo Linux, should help avid Gentoo users make future hardware purchasing decisions. In addition to hardware testing, there are some tantalizing improvements to Portage coming up as well, including:

• Caching of emerge messages for later display -- Anyone who has ever emerged a list of packages has probably experienced the frustration of seeing informational messages scroll past as Portage moves from package to package. This feature will allow those messages to be cached in a safe place so they can be displayed at a later time (such as at the end of an entire 'emerge -u world'.
• Reverse dependency checking in Portage -- one of the most-often requested Portage features, reverse dependency checking will warn you if you try to unmerge a package that other installed packages depend upon.
• Dependency-based remerging -- this feature will allow certain packages to be remerged if necessary, based on the dependencies of another package. With this feature, upgrading CUPS will force Ghostscript to be rebuilt as well, even if no upgrade of Ghostscript is available. This feature will go a long way towards resolving shared library incompatibilities.

2.  Gentoo Security

Summary

• GLSA: leafnode
• GLSA: xpdf
• GLSA: cups
• New Security Bug Reports

GLSA: leafnode

The leafnode NNTP server can be forced into an unterminated and unresponsive loop when a particular article is requested, causing the client to reconnect, creating a new process. Repitition of this cycle can make the entire system unresponsive.

• Severity: moderate - remote DOS (process spawning)
• Packages Affected: leafnode-1.9.24 and earlier
• Rectification: Synchronize and emerge leafnode.
• GLSA Announcement

GLSA: xpdf

The pdftops filter (included in Xpdf and CUPS) has an integer overflow bug that can be exploited remotely to gain the privileges of the target user or, in some circumstances, of the lp user.

• Severity: high - remote exploit in the wild
• Packages Affected: xpdf-1.01-r1 and earlier
• Rectification: Synchronize and emerge xpdf.
• GLSA Announcement
• Advisory

GLSA: cups

Several vulnerabilities in the CUPS printing package (including the integer overflow noted above) permit a number of exploits, including an exploit of multiple vulnerabilities that permits root access to the file system. The exploits have been demonstrated and published.

• Severity: critical - remote root exploit in the wild
• Packages Affected: cups-1.1.17_pre20021025 and earlier
• Rectification: Synchronize and emerge cups.
• GLSA Announcement
• Advisory

New Security Bug Reports

The last two weeks saw many of the outstanding security bugs cleared with new releases of the affected packages. The following new security bugs have been posted:

• mod_php
• dhcpd

3.  Heard In The Community

Web Forums

Selective rsync strategies

This discussion raises its head every few months, meaning it probably has a point. Some people wish to cut down on bandwidth usage when they synchronize their portage tree by eliminating packages or classes they definitely don't want, need or even imagine to install, ever. The discussion and a few DIY ideas how to cope with the problem:

• a portage killfile
• Selective emerge rsync to cut down on bandwidth usage

PCMCIA Worries Anticipating Gentoo 1.4

A large number of forum regulars have begun expressing anxiety about the missing pcmcia_cs and yenta_socket PCMCIA kernel modules in the second release candidate, and by consequence, they fear, in the pending release of Gentoo 1.4. A handful of threads are dominated by users of laptops and notebooks without built-in NICs, who rely on PCMCIA for access to the Internet (and eventually to a successful Gentoo installation). Their worries are getting hard to overlook, and some appear to have given in and use alternative install methods:

• yenta_socket on 1.4 rc2
• Installing Gentoo on a laptop that needs yenta_socket
• installing 1.4-rc1 and pcmcia_core

If anyone has a spare laptop that they would be interested in donating to the Gentoo Linux project, this would help greatly in improving PCMCIA support on the LiveCDs. If you're interested in donating a laptop, please contact Daniel Robbins directly.

Overclockers beware!

Forum moderator Phong pretty much sums it up: Overclocking is a bad idea when all it does is break compilations for a mere 100 Mhz of performance gain on the CPU, less than 5 percent on most of today's x86 PCs.

• Seg Fault Hell (thinking of dropping Gentoo)

gentoo-user

Round 689,554 of the Text Editor Holy War

There's nothing like starting off the New Year with a good flame war about text editors, and gentoo-user has been having a great one over the past few days. The festivities seem to have started with this post and proceeded from there. At last count, there were approximately 60 messages in response to this post and the war continues on.

New Docbook eclass solves SGML problems

Recent updates to the Docbook/SGML system in Gentoo caused some problems for some users. Matthew Turk (satai) posted a message that explains how to fix these issues, along with a link to a more detailed explanation.

Gentoo's supported hardware

Freeman Tan asked for a list of official 'gentoo supported hardware'. Those more familar with linux would agree with Tom von Schwerdtner's statement; "distro supported hardware is mostly a misconecption". The linux kernel provides support for hardware, and it is up to the distro's 'installer' to detect and add support for the present devices. Gentoo is unique in that it doesn't have a formal installer but rather aids the installee through the intimate process of setting up a linux system from scratch. Providing you're able to boot into this system, you'll be able to add support for your devices later. A google search for "[hardware] +linux" will generally send you in the right direction. The thread concludes that "no, there is no official gentoo supported hardware". However, as we noted above, formal in-house testing of hardware may be in the works for Gentoo Linux. Stay tuned.

How do I telnet into my new Gentoo box?

  First and foremost it should be known that telnet is "obsolete, broken, insecure, and should never be used". If you still want to live on the wild side, make sure netkit-telnetd has been emerged, and you have an inetd server setup. This discussion has detailed instructions. Secure Shell (sshd) is the highly recommended alternative to telnet and much easier to install.

gentoo-dev

USE Aware Emerge. Martin Svenningsson posted a very nifty patch to allow emerge to display which USE flags affect the compilation of each package!

Gentoo Stable Site Update.

Maik Schreiber posted an announcement with the updates done on the Gentoo Stable website: "Hi, a few updates to the Gentoo Stable site have been made: (1). The query page is now a little easier to use. For example, you get selection boxes where possible (category, arch etc.). (2). A new filter has been added: You can now filter on "Portage status on {x86, ppc, sparc, alpha} {is, is not} {stable, unstable/testing, does not work, unmarked}". (3). Various speed improvements regarding query have been made. [...]". Joachim Blaabjerg chipped in with "Are there any tools available that scans the system for packages that are merged and marked unstable (~), and submits those as "merged successfully on my system"? I know I have a lot of unstable packages on my system, but I haven't got the time to through all of them and submit them to the Gentoo-stable site." and Peter Ruskin sent in a script to do just that!

4.  Gentoo International

Gentoo UK Being Constituted

They're not exactly out of the starting blocks yet, but a handful of British Gentoo users seems determined to follow their French, German, Korean and Japanese counterparts' example in creating a more formal support network for Gentooistsn their country. The thread has just begun to gain momentum. In particular, they are looking for a catchy domain name, feel free to make suggestions...

Iberian Peninsula Tops Spanish community

If a forum poll is anything to go by, the vast majority of Spanish-speaking Gentooist comes from Spain. They're being followed by users in Argentina and Urugay, a few Mexicans and Spanish-speaking US citizens, but a rather large proportion of people lives in a place oddly called "other"...

More Gentoo Linux Users Everywhere: ZetaGrid

A Gentoo team has been formed for ZetaGrid , a distributed computing project sponsored by IBM Germany whose distinguishing technical feature is the secure Java kernel it provides, preventing access from outside and securing its communications. The current project is the verification of Riemann's Hypothesis : about 2500 computers are working on it, calculating about 2 billion zeroes of the Riemann zeta function each day. Sebastian Wedeniwski, the scientist who created ZetaGrid, hopes to use ZetaGrid's results to come up with a proof for the hypothesis. If he succeeds, he'll split the $1,000,000 prize from the Clay Mathematics Institute with the top 100 users; there are other prizes, including one awarded to the user whose computer finds a result disproving the hypothesis, if that happens instead. Tantive has made an ebuild for the client but it's still masked, for more information see Zetagrid - team: Gentoo Linux Users Everywhere.

5.  Portage Watch

Security Updates (see above)

• cups - fixed in cups-1.1.18
• xpdf - fixed in xpdf-2.01
• leafnode - fixed in leafnode 1.9.31

The following stable packages were added to portage this week

• app-emulation/blight_input : An input plugin for the mupen64 N64 emulator http://mupen64.emulation64.com/
• app-emulation/mupen64 : A Nintendo 64 (N64) emulator http://mupen64.emulation64.com/
• app-emulation/nestra : NES Emulator http://nestra.linuxgames.com
• app-games/c++robots : ongoing 'King of the Hill' (KotH) tournament http://www.gamerz.net/c++robots/
• app-games/emilia-pinball : SDL OpenGL pinball game http://pinball.sourceforge.net/
• app-games/gxmame : GXMame is a frontend for XMame using the GTK library, the goal is to provide the same GUI as mame32. http://gxmame.sourceforge.net/
• app-misc/gcolor : A simple color selector. http://gcolor.sourceforge.net/
• dev-libs/libhtmlparse : libhtmlparse is a HTML parsing library. It takes HTML tags, text, etc and calls callbacks you define for each type of token in the document. http://msalem.translator.cx/libhtmlparse.html
• dev-util/jam : jam (Just Another Make) - advanced make replacement http://www.perforce.com/jam/jam.html
• dev-util/fenris : Fenris is a tracer, GUI debugger, analyzer, partial decompiler and much more http://razor.bindview.com/tools/fenris/
• media-libs/libexif : Library for parsing, editing, and saving EXIF data http://libexif.sf.net/
• media-sound/jack-cvs : A low-latency audio server - cvs version http://jackit.sourceforge.net/
• net-dialup/mingetty : A compact getty program for virtual consoles only.
• net-misc/udhcp : udhcp Server/Client Package http://udhcp.busybox.net/
• net-misc/ksambaplugin : KSambaPlugin is a KDE 3 plugin for configuring a SAMBA server. http://ksambakdeplugin.sourceforge.net
• net-news/sn : Hassle-free Usenet news system for small sites http://infa.abo.fi/~patrik/sn/
• net-p2p/giftoxic : A GTK+2 giFT frontend http://giftoxic.sourceforge.net/
• net-www/fetch : Fetch is a simple, fast, and flexible HTTP download tool built on the HTTP Fetcher library. http://cs.nmu.edu/~lhanson/fetch/
• net-www/http-fetcher : HTTP Fetcher is a small, robust, flexible library for downloading files via HTTP using the GET method. http://cs.nmu.edu/~lhanson/http_fetcher/
• sys-apps/hfsplusutils : HFS+ Filesystem Access Utilities (PPC Only) http://ftp.penguinppc.org/users/hasi/
• sys-apps/tinylogin : worlds smallest login/passwd/getty/etc http://tinylogin.busybox.net/
• sys-devel/prelink : Modifies executables so runtime libraries load faster ftp://people.redhat.com/jakub/prelink
• sys-devel/kgcc : Modern GCC C compiler for building kernels http://www.gnu.org/software/gcc/gcc.html

Updates to notable packages

• sys-apps/portage - portage-2.0.46-r3.ebuild; portage-2.0.46-r4.ebuild; portage-2.0.46-r5.ebuild;
• sys-libs/glibc - glibc-2.3.1-r3.ebuild;
• sys-kernel/* - aa-sources-2.4.21_pre2-r2.ebuild; development-sources-2.5.54.ebuild; lolo-sources-2.4.20.1_pre9.ebuild; lolo-sources-2.4.20.1_rc1.ebuild; lolo-sources-2.4.20.1_rc2.ebuild;
• dev-php/php - php-4.3.0.ebuild;
• dev-db/postgresql - postgresql-7.3.1.ebuild;

New USE variables

• ev6 - Assume Alpha processor is EV6 or better

6.  Bugzilla

Summary

• Statistics
• Bugs of Note

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:

• 269 new bugs this week
• 1322 total bugs currently marked 'new'
• 524 total bugs curently assigned to developers
• 47 bugs that were previously closed have been reopened.

The developers and teams with the highest apparent bug-related workload are:

• Nicholas Jones, with 271 open bugs
• Martin Schlemmer, with 133 open bugs
• Brandon Low, with 107 open bugs
• The KDE Team, with 105 open bugs
• Daniel Robbins, with 83 open bugs

Bugs of Note

Each week, we will single out a few bugs for special mention, because they have been provoking significant discussions, they are particularly problematic, they are amusing or simply because they struck our fancy. This week's featured bugs are (in no particular order):

• Bug 13055 describes problems with portage wanting to uninstall newer versions of packages, probably because of an issue with counter values in /var/db/pkg/. Maik Schreiber provides a script to fix the issue.
• Bug 13074 discusses a problem with emerging xmms, possibly because of the xmms ebuild depending on an incompatible autoconf/automake version. An excellent example of reporter/developer interaction.
• Bug 8539 discusses a frequently cross-reported problem of OpenOffice emerges destroying fonts on affected systems. The bug report includes two workarounds and remains open.
• Bug 5152 provides a fix to the mysql start script that provides for user modifications to the default data directory. This is a nice example of community members providing patches via the bugzilla interface.
• Bug 9849 describes ebuild failures when cdroms are mounted or directories (like /home) are NFS mounts.

7.  Tips and Tricks

Updating a Gentoo system

Most Gentoo users are familiar with the Portage system used to install software. One of the features that you may not be familiar with is that Portage can also update your entire system at once. This is known as an 'update world'.

# emerge --update world

Sometimes that doesn't get everything though. To make the upgrade even more complete, use the --deep option.

# emerge --update --deep world

This option calculates the dependencies of the dependencies to ensure that everything on your system is brought up to date.

8.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

• none this week

Adds

The following developers recently joined the Gentoo team:

• Nicholas Wourms (dragon) -- MIPS
• Tobias Eichert (viz) -- xfs-sources
• Matthew J. Fanto (mattjf) -- secure-gentoo, kernels
• Yannik Koehler (ykoehler) -- KDE
• Luca Barbato (lu_zero) -- ATI, LiveCD

Changes

The following developers recently changed roles within the Gentoo project.

• Jared Hudson (jhhudso) -- Gentoo Linux 1.4 QA Testing Coordinator

9.  Subscribe to the GWN mailing list

Would you prefer to receive the GWN via email? Subscribe to our mailing list by sending a blank email to gentoo-gwn-subscribe@gentoo.org

10.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email

11.  GWN Feedback

Please send us your feedback and help make GWN better.