Gentoo Logo

Gentoo Weekly Newsletter: October 25, 2004

Content:

1.  Gentoo News

Portage 2.0.51 released

Keeping a Linux system healthy and in good condition wouldn't be possible without its core toolchain. No wonder the excitement over Portage releases generally reaches higher amplitudes than other Gentoo developments. As of last week, Portage 2.0.51 has been marked stable and fit for general consumption. Portage is now more feature-rich than ever, has sped up considerably, and is generally on track for future improvements to Gentoo's sophisticated package management. A full list of all the new features is published in the official announcement, here is an overview of a few of the highlights:

  • Rebuilding on USE flag changes: Using emerge --newuse, Portage is now able to perform automatic rebuilds of formerly emerged packages whenever USE flag settings have changed (see also today's Tips and Tricks section below)
  • Experimental support for GPG verification: Not completely implemented yet, but a new FEATURES variable gpg in /etc/make.conf that can be set to different levels of strictness will allow checks of the GPG signatures in newer Manifest files.
  • FHS compliance - The world file has been moved, and virtuals are now being dynamically checked, making Portage FHS-compliant - which means for example that it's now safe to remove data from /var/cache.
  • Compilation success checking: New ebuilds will be able to include a test phase in the compilation process where success or failure of a package build can be verified before emerge has finished.
  • Dependency calculation speedup: Now at only one third of the time that the previous Portage release had to spend on dependency checking.
  • Parallel emerging: Portage has improved its use of lockfiles, to correctly perform downloads while emerging applications now, for example.

Winner of the website redesign contest announced

Aaron Shi and his design are the winners of the public contest that was held to determine the future look of the soon-to-be-refurbished Gentoo Foundation website. Aaron was selected over four other finalists by almost half of the more than 3000 votes that were cast within the two weeks that the poll at the Gentoo Forums was open.


Figure 1.1: Only 3 percent wanted to keep the current design...

Fig. 1: Gentoo Forums poll

Congratulations to Aaron, and many thanks to all the other participants in the public contest. The new look is expected to replace the current layout as soon as the Gentoo developer team - now busily working together with the designer - will finish applying some last touches to the graphics and the internal data structure of the new design. The content presentation remains unaffected by the new design, as the Gentoo website continues to be entirely XML-based, with HTML pages being generated on the fly by using XSL transformation style sheets.


Figure 1.2: Aaron Shi's design for the new Gentoo Foundation website

Fig. 2: Website redesign

Urgent call for help: Haskell developers

The developer team looking after the lambda-calculus based functional programming language Haskell in Gentoo is urgently seeking additional help. Haskell programmers who would like to support the effort of maintaining Haskell in Gentoo please contact Gentoo's recruiters team.

New chapter in the Gentoo handbook: Working with Portage

Several good news came from the documentation team this week, including improvements to the KDE configuration, the Gentoo installation tips and tricks, and Usermode Linux guides. Stuart Herbert has contributed a document on "Running NX On Gentoo Linux", a guide on using NoMachine's commercial NX server and its free clients in Gentoo for remote X11 access optimized for low-bandwidth connections. Probably the most significant change was made to the Gentoo handbook, which has been expanded to reflect the changes in Portage 2.0.51. It now accomodates a whole new chapter called "A Portage Introduction" which contains all the basic emerge-related commands that every Gentoo user ought to know, and a section on "Working with Portage" explaining the finer details.

2.  Gentoo security

phpMyAdmin: Vulnerability in MIME-based transformation system

A vulnerability has been found in the MIME-based transformation system of phpMyAdmin, which may allow remote execution of arbitrary commands if PHP's "safe mode" is disabled.

For more information, please see the GLSA Announcement

Squid: Remote DoS vulnerability

Squid contains a vulnerability in the SNMP module which may lead to a denial of service.

For more information, please see the GLSA Announcement

PostgreSQL: Insecure temporary file use in make_oidjoins_check

The make_oidjoins_check script, part of the PostgreSQL package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.

For more information, please see the GLSA Announcement

OpenOffice.org: Temporary files disclosure

OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents.

For more information, please see the GLSA Announcement

Ghostscript: Insecure temporary file use in multiple scripts

Multiple scripts in the Ghostscript package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

For more information, please see the GLSA Announcement

glibc: Insecure tempfile handling in catchsegv script

The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.

For more information, please see the GLSA Announcement

Xpdf, CUPS: Multiple integer overflows

Multiple integer overflows were discovered in Xpdf, potentially resulting in execution of arbitrary code upon viewing a malicious PDF file. CUPS includes Xpdf code and therefore is vulnerable to the same issues.

For more information, please see the GLSA Announcement

Apache 2, mod_ssl: Bypass of SSLCipherSuite directive

In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl.

For more information, please see the GLSA Announcement

3.  Heard in the community

gentoo-user

/etc/group x

Following an emerge -uD world etc-update was intent on removing the "x" in the password field from entries in the /etc/group file. Can this be safely ignored, in order not to lose group memberships?

Mysql 4.1 ebuild

If you're looking for the next releases of MySQL to test the latest features, version 4.1 or 5.0 ebuilds appear to be missing from Portage.

List Package Files

How do you list all files installed by a particular ebuild? Distributions based on the rpm package manager offer the functionality to query any package for its contents, so how does one find the same information in Portage?

gentoo-dev

Gentoo (x86|ppc|arm)-uClibc experimental stages

Ned Ludd has released some uClibc stages which are especially suited for embedded systems.

GLEP 28 to remove inactive GLEPs

To get more speed into the GLEP process, GLEPs that have been inactive for more than 60 days will be removed from 1 November 2004

"Broken-up" KDE ebuilds

Dan Armak has released individual KDE ebuilds that allow single KDE applications to be built without pulling in other, perhaps unneeded KDE applications. This is one of the most frequently requested functions and is now available at least experimentally.

Open-source and Business

Cory Visi asks Gentoo users to give examples of a) IT consulting firms in the North Eastern US that support and implement open-source/Linux solutions, and b) Fortune 100 or 500 companies in the financial services industry that use open-source/Linux solutions successfully.

4.  Gentoo International

Germany: Linux World Expo opening next Tuesday

Held in Frankfurt/Main from 26 to 28 October 2004, the German issue of the Linux World Expo series of exhibitions and conferences is opening with a Gentoo stand in the open-source projects section. Similar to the Linuxtag in Karlsruhe earlier this year, the focus of the Gentoo presence is going to be a display the variety of architectures supported by Gentoo Linux. Apart from an SGI O2 and several x86 and PPC notebooks already running Gentoo Linux, the hardware lineup includes three Sun UltraSparc workstations (U1 140MHz 448MB RAM 2GB HDD, U2 160MHz 1GB RAM 18GB disk, U10 440MHz 256MB of RAM 60GB disk), and a Siemens Primergy 670-40 quad-server (4x400MHz Pentium III, 1GB RAM, two RAID controllers with 32MB Adaptec failover cache and lots of harddisks). The latter, a 60kg monster, and the Sparc workstations will undergo live Gentoo installations at the LWE, while other highlights at the booth (manned by Christian Hartmann, Michael Imhof, Wernfried Haas, Sven Wegener and Markus Nigbur) will include brandnew LiveCDs in a special LWE edition, T-shirts, the famous Foser stickers and other goodies. The LiveCD has German localization across the board, includes KDE and documentation in German, and is based on a 2.6 kernel. If you can't make it to the Expo, the ISO is available via Gentoo's bittorrent.


Figure 4.1: Gentoo hardware lineup at the Linux World Expo in Frankfurt, 26-28 October 2004

Fig. 1: Linux World Expo

UK: Gentoo User Meeting in Cambridge

One February morning in 1953, two researchers from a university laboratory, Francis Crick and James Watson, walked into their favourite Cambridge pub, the Eagle on Bene't Street, and declared that they had found the secret of life - or more precisely, the double helix structure of DNA. Since then, regulars at the Eagle have started concentrating on their beers again, but now Stephen Bennett, Gentoo (and BSD) developer based in Cambridge, and a few fellow Gentooists are proposing a Gentoo meeting for users and developers at the famous pub, on Thursday 4 November 2004 from around 19:30. The idea for this initial gathering is to meet up, see who's around and whether it's worth arranging something more seriously, so if you'd be interested, then come along and register your support. Check this Forum thread for details.

5.  Gentoo in the press

DigiTimes (14 October 2004)

In an article on Abit dual AMD 64-bit Opteron SU-2S showing prowess as UT2K4 game server, John McClure writes about the Taiwanese motherboard manufacturer: "Abit believes that thoroughly testing its motherboards under Linux puts the boards through the most rigorous testing procedures available." Consequently, Gentoo Linux is mentioned in the article as one of the distributions being tested on Abit's hardware. Abit even maintained a Linux distribution of their own until a few years ago - called "Gentus," interestingly enough.

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 17 October 2004 and 23 October 2004, activity on the site has resulted in:

  • 764 new bugs during this period
  • 569 bugs closed or resolved during this period
  • 26 previously closed bugs were reopened this period

Of the 7185 currently open bugs: 115 are labeled 'blocker', 235 are labeled 'critical', and 522 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  Tips and Tricks

Portage's new '--newuse' option

This week we want to explain a new Portage option which allows you to track changes to USE flag settings you may have altered after installing an application. We're talking about --newuse, one of a number of very useful new features in Portage 2.0.51. Before we start, make sure that you've installed the latest Portage revision on your box.

Imagine that up until today, you never had printer. Now you bought one, and off course you want to use your Gentoo system to test your new printer. First of all, you'd want printing support for some of the applications you've installed. In order to get that you would alter your USE flags and add cups and maybe some more flags to your USE variable in /etc/make.conf.

So what's next, then? You'll need to find an easy way to create a listing with all packages affected by this USE flag change:

Type emerge --newuse to list all pacakges affected by a USE flag change:

Code Listing 7.1: List all pacakges affected by a USE flag change


# emerge --newuse world -Dpv

These are the packages that I would merge, in order:

Calculating world dependencies ...done!
[ebuild  N    ] net-print/cups-1.1.21-r2  -debug +pam -samba -slp +ssl 8,348 kB
[ebuild   R   ] gnome-base/nautilus-2.8.0  +cups* -debug -flac -gstreamer -mad +oggvorbis 5,637 kB

No surprise that the CUPS package itself wants to get installed now, but you will also notice the appended asterisk to the +cups USE flag on the Nautilus package: This simply points out that the USE flag has changed, and you can now merge CUPS and all the packages which could benefit from an active cups USE flag. Don't forget to configure your new printer.

8.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Joseph Jezak (josejx) - Gentoo/PPC, Gentoo/OSX
  • Preston Cody (codeman) - Gentoo Installer
  • Stephen Bennett (spb) - Gentoo/BSD, bugfixes

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 25 October 2004

Summary: This is the Gentoo Weekly Newsletter for the week of 25 October 2004.

Ulrich Plate
Editor

Brian Downey
Author

Patrick Lauer
Author

Tobias Scherbaum
Author

Emmet Wagle
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.