Gentoo Weekly Newsletter: October 25, 2004Keeping a Linux system healthy and in good condition wouldn't be possible without its core toolchain. No wonder the excitement over Portage releases generally reaches higher amplitudes than other Gentoo developments. As of last week, Portage 2.0.51 has been marked stable and fit for general consumption. Portage is now more feature-rich than ever, has sped up considerably, and is generally on track for future improvements to Gentoo's sophisticated package management. A full list of all the new features is published in the official announcement, here is an overview of a few of the highlights:
Winner of the website redesign contest announced Aaron Shi and his design are the winners of the public contest that was held to determine the future look of the soon-to-be-refurbished Gentoo Foundation website. Aaron was selected over four other finalists by almost half of the more than 3000 votes that were cast within the two weeks that the poll at the Gentoo Forums was open.
Congratulations to Aaron, and many thanks to all the other participants in the public contest. The new look is expected to replace the current layout as soon as the Gentoo developer team - now busily working together with the designer - will finish applying some last touches to the graphics and the internal data structure of the new design. The content presentation remains unaffected by the new design, as the Gentoo website continues to be entirely XML-based, with HTML pages being generated on the fly by using XSL transformation style sheets.
Urgent call for help: Haskell developers The developer team looking after the lambda-calculus based functional programming language Haskell in Gentoo is urgently seeking additional help. Haskell programmers who would like to support the effort of maintaining Haskell in Gentoo please contact Gentoo's recruiters team. New chapter in the Gentoo handbook: Working with Portage Several good news came from the documentation team this week, including improvements to the KDE configuration, the Gentoo installation tips and tricks, and Usermode Linux guides. Stuart Herbert has contributed a document on "Running NX On Gentoo Linux", a guide on using NoMachine's commercial NX server and its free clients in Gentoo for remote X11 access optimized for low-bandwidth connections. Probably the most significant change was made to the Gentoo handbook, which has been expanded to reflect the changes in Portage 2.0.51. It now accomodates a whole new chapter called "A Portage Introduction" which contains all the basic emerge-related commands that every Gentoo user ought to know, and a section on "Working with Portage" explaining the finer details. phpMyAdmin: Vulnerability in MIME-based transformation system A vulnerability has been found in the MIME-based transformation system of phpMyAdmin, which may allow remote execution of arbitrary commands if PHP's "safe mode" is disabled. For more information, please see the GLSA Announcement Squid: Remote DoS vulnerability Squid contains a vulnerability in the SNMP module which may lead to a denial of service. For more information, please see the GLSA Announcement PostgreSQL: Insecure temporary file use in make_oidjoins_check The make_oidjoins_check script, part of the PostgreSQL package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility. For more information, please see the GLSA Announcement OpenOffice.org: Temporary files disclosure OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents. For more information, please see the GLSA Announcement Ghostscript: Insecure temporary file use in multiple scripts Multiple scripts in the Ghostscript package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script. For more information, please see the GLSA Announcement glibc: Insecure tempfile handling in catchsegv script The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script. For more information, please see the GLSA Announcement Xpdf, CUPS: Multiple integer overflows Multiple integer overflows were discovered in Xpdf, potentially resulting in execution of arbitrary code upon viewing a malicious PDF file. CUPS includes Xpdf code and therefore is vulnerable to the same issues. For more information, please see the GLSA Announcement Apache 2, mod_ssl: Bypass of SSLCipherSuite directive In certain configurations, it can be possible to bypass restrictions set by the "SSLCipherSuite" directive of mod_ssl. For more information, please see the GLSA Announcement /etc/group x Following an emerge -uD world etc-update was intent on removing the "x" in the password field from entries in the /etc/group file. Can this be safely ignored, in order not to lose group memberships? Mysql 4.1 ebuild If you're looking for the next releases of MySQL to test the latest features, version 4.1 or 5.0 ebuilds appear to be missing from Portage. List Package Files How do you list all files installed by a particular ebuild? Distributions based on the rpm package manager offer the functionality to query any package for its contents, so how does one find the same information in Portage? Gentoo (x86|ppc|arm)-uClibc experimental stages Ned Ludd has released some uClibc stages which are especially suited for embedded systems. GLEP 28 to remove inactive GLEPs To get more speed into the GLEP process, GLEPs that have been inactive for more than 60 days will be removed from 1 November 2004 "Broken-up" KDE ebuilds Dan Armak has released individual KDE ebuilds that allow single KDE applications to be built without pulling in other, perhaps unneeded KDE applications. This is one of the most frequently requested functions and is now available at least experimentally. Open-source and Business Cory Visi asks Gentoo users to give examples of a) IT consulting firms in the North Eastern US that support and implement open-source/Linux solutions, and b) Fortune 100 or 500 companies in the financial services industry that use open-source/Linux solutions successfully. Germany: Linux World Expo opening next Tuesday Held in Frankfurt/Main from 26 to 28 October 2004, the German issue of the Linux World Expo series of exhibitions and conferences is opening with a Gentoo stand in the open-source projects section. Similar to the Linuxtag in Karlsruhe earlier this year, the focus of the Gentoo presence is going to be a display the variety of architectures supported by Gentoo Linux. Apart from an SGI O2 and several x86 and PPC notebooks already running Gentoo Linux, the hardware lineup includes three Sun UltraSparc workstations (U1 140MHz 448MB RAM 2GB HDD, U2 160MHz 1GB RAM 18GB disk, U10 440MHz 256MB of RAM 60GB disk), and a Siemens Primergy 670-40 quad-server (4x400MHz Pentium III, 1GB RAM, two RAID controllers with 32MB Adaptec failover cache and lots of harddisks). The latter, a 60kg monster, and the Sparc workstations will undergo live Gentoo installations at the LWE, while other highlights at the booth (manned by Christian Hartmann, Michael Imhof, Wernfried Haas, Sven Wegener and Markus Nigbur) will include brandnew LiveCDs in a special LWE edition, T-shirts, the famous Foser stickers and other goodies. The LiveCD has German localization across the board, includes KDE and documentation in German, and is based on a 2.6 kernel. If you can't make it to the Expo, the ISO is available via Gentoo's bittorrent.
UK: Gentoo User Meeting in Cambridge One February morning in 1953, two researchers from a university laboratory, Francis Crick and James Watson, walked into their favourite Cambridge pub, the Eagle on Bene't Street, and declared that they had found the secret of life - or more precisely, the double helix structure of DNA. Since then, regulars at the Eagle have started concentrating on their beers again, but now Stephen Bennett, Gentoo (and BSD) developer based in Cambridge, and a few fellow Gentooists are proposing a Gentoo meeting for users and developers at the famous pub, on Thursday 4 November 2004 from around 19:30. The idea for this initial gathering is to meet up, see who's around and whether it's worth arranging something more seriously, so if you'd be interested, then come along and register your support. Check this Forum thread for details. In an article on Abit dual AMD 64-bit Opteron SU-2S showing prowess as UT2K4 game server, John McClure writes about the Taiwanese motherboard manufacturer: "Abit believes that thoroughly testing its motherboards under Linux puts the boards through the most rigorous testing procedures available." Consequently, Gentoo Linux is mentioned in the article as one of the distributions being tested on Abit's hardware. Abit even maintained a Linux distribution of their own until a few years ago - called "Gentus," interestingly enough. The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 17 October 2004 and 23 October 2004, activity on the site has resulted in:
Of the 7185 currently open bugs: 115 are labeled 'blocker', 235 are labeled 'critical', and 522 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Portage's new '--newuse' option This week we want to explain a new Portage option which allows you to track changes to USE flag settings you may have altered after installing an application. We're talking about --newuse, one of a number of very useful new features in Portage 2.0.51. Before we start, make sure that you've installed the latest Portage revision on your box. Imagine that up until today, you never had printer. Now you bought one, and off course you want to use your Gentoo system to test your new printer. First of all, you'd want printing support for some of the applications you've installed. In order to get that you would alter your USE flags and add cups and maybe some more flags to your USE variable in /etc/make.conf. So what's next, then? You'll need to find an easy way to create a listing with all packages affected by this USE flag change: Type emerge --newuse to list all pacakges affected by a USE flag change:
No surprise that the CUPS package itself wants to get installed now, but you will also notice the appended asterisk to the +cups USE flag on the Nautilus package: This simply points out that the USE flag has changed, and you can now merge CUPS and all the packages which could benefit from an active cups USE flag. Don't forget to configure your new printer. The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email. Please send us your feedback and help make the GWN better. 11. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
