Gentoo Logo

Gentoo Weekly Newsletter: 30 January 2006

Content:

1.  Gentoo news

Modular X entering ~arch (testing)

The X team members plan to remove all 289 modular X packages from package.mask soon. They will enter ~arch (testing) for all the architectures for which they're keyworded: alpha, amd64, arm, ia64, mips, ppc, sh, sparc and x86. To learn how to upgrade properly, read the migration guide before starting the upgrade. It discusses how the USE flags changed, why X.Org went modular and why emerge xorg-x11 won't be quite enough yet.

Not all packages in the tree will work with modular X when it enters ~arch, although the most common applications already do. The X team encourages users and developers to contribute fixes to their favorite packages by reading the porting guide. Applications requiring the most work include games and packages without a listed maintainer in metadata.xml or altogether lacking metadata.

Donnie Berkholz provides a list of all unported applications along with their maintainers, updated daily, in his webspace. A graph of porting progress exists in the same location. If you encounter any bugs with the migration, please report them at Gentoo's Bugzilla.

End of lifetime announcement for old-style configuration Apache packages

In October, the Apache team made stable a new configuration style for apache and its modules. While many users have made the switch, many cautious users have not.

The Apache team is announcing that they will no longer support the old-style configuration of Apache after March 1, 2006. Anyone who has not upgraded to net-www/apache-2.0.55 and higher, or net-www/apache-1.3.34-r10 and higher should do so before then. For information on how to upgrade, we provide an Upgrading Apache Guide.

PHP Herd's January meeting

Gentoo's PHP Herd held their first meeting in 2006 on January 21st. Topics on the agenda included election of herd leads, SLOTting of PHP minor versions and the stabilization of dev-lang/php.

Luca Longinotti has been elected as lead for core-PHP packages and Sebastian Bergmann as lead for PEAR packages. The PHP Herd agreed to keep the SLOTting scheme as is, i.e. only major versions of PHP (PHP 4, PHP 5) will be slotted. The most notable decision made from a users point of view forces users to migrate from dev-php/php to dev-lang/php as soon as possible as the PHP Herd decided to no longer support them. The old dev-php/php packages will be package.masked as soon as the architecture teams have stabilized the new-style PHP packages, which is expected by the end of February, and removed from the Portage tree about two months later.

The minutes of the PHP Herd's January meeting are available at the PHP Overlay website. Their next meeting is scheduled for February 7th at 19:00 UTC in #gentoo-php on irc.freenode.net.

Slotted MySQL

Gentoo's MySQL maintainers plan to move =dev-db/mysql-4.1.16-r30 and dev-db/mysql-5.0.18-r30 into ~arch (testing) soon. Those -r30 revision Ebuilds now allow installing several MySQL versions in parallel, or in Gentoo speak: They support SLOTting. While all minor versions beyond or equal to 4.1 will become slotted, dev-db/mysql-4.0* will stay at SLOT="0".

To accomplish this, new Eclasses and an eselect module for easy switching between MySQL versions were written. Though you can run several MySQL versions simultaneously you are still limited to one (the current) libmysqlclient at a time. To learn how to upgrade properly, read the migration guide before starting the upgrade. All packages in the tree that worked before should also work with slotted MySQL when it enters ~arch.

If you encounter any bugs with the migration, please report them at Gentoo's Bugzilla.

gentoolkit update

A new version of app-portage/gentoolkit (0.2.1) containing significant improvements has been marked stable a few days ago. These are the major changes between gentoolkit-0.2.0 and gentoolkit-0.2.1:

  • A new tool called eclean for removing no longer needed distfiles and packages has been added
  • revdep-rebuild now allows for more user interaction and customizing. You can avoid rebuilding binary packages like app-office/openoffice-bin by setting the SEARCH_DIRS_MASK variable in /etc/make.conf to for example skip packages installed in the /opt directory.
  • One major fix optimizing memory consumption has been applied to equery. Also many fixes made it more usable, though it is still not the fastest program on the block. If the lack of speed bothers you, we would recommend investigating the app-portage/portage-utils package

A detailed listing of the changes for those interested is in /usr/share/doc/gentoolkit-0.2.1/ChangeLog.

Three million posts in the Gentoo Forums


Figure 1.1: Three million posts in the Gentoo Forums

Fig. 1: 3M posts

Almost exactly a year after reaching two million posts in January 2005 the Gentoo Forums hit three million posts on Jan 24th. A thread on the forums not only features the answer to the question "Whose post was it?", but also leaves space for wild conspiracy theories about a mysterious decrease in postcount shortly before the three millionth post was reached. The Gentoo Forums were noted to be among the largest phpBB installations on big-boards.com.

pdftohtml replaced by poppler

app-text/pdftohtml has been replaced by app-text/poppler because of security concerns as stated in bug #115789. You are strongly advised to unmerge app-text/pdftohtml and emerge app-text/poppler instead.

2.  Future zone

"Prefixed Portage" for Gentoo for Mac OS X

For the last few months, the Gentoo for Mac OS X project has been serving as the primary testbed for a "prefix aware" portage and ebuild repository. This basically allows for a configurable 'offset prefix' in which portage and all software it manages can be installed, as any user, without any interference with the 'host' operating system. The need for such functionality arose from the ever-increasing problems of using Portage in 'foreign' environments such as Apple's Mac OS X.

While in its current state, it is serving merely as a working and functional prototype, it has opened up many exciting possibilities for the future of Gentoo and Portage. Although the Gentoo for Mac OS X project is the first project from the Gentoo/Alt umbrella project to have a pressing need for portage installations that leave the host operating system unmodified, it has proved to be of great interest to users and developers alike who are having excellent results running portage on a multitude of OS - AIX, HP-UX, FreeBSD, BeOS/Haiku/Zeta, Solaris, and Fedora Core Linux.

The Gentoo for Mac OS X team hopes to have preliminary documentation and developer installer packages available as soon as possible. Those interested in contributing may contact Kito Danya Dietrich or Fabian Groffen.

3.  Heard in the community

gentoo-dev

sed vs. gsed

In his quest for Gentoo/Alt improvements Diego Pettenò asks for advice on how to handle sed as some of the alternative hosts for Gentoo use non-GNU sed, which has a slightly different behavior in some cases.

RFC: emerge snapshots

If something breaks during an update the "repair" often takes quite some time. Are there any methods for doing a "rollback" to the old state of the system to undo the breakage? What would need to be done to make this feasible, and why is quickpkg often not good enough?

4.  Gentoo in the press

Alternative Linux distributions on the POWER5 platform

A review of unsupported Linux distributions on the POWER5 platform has been published on IBM developerworks. Besides Debian, openSUSE 10 and Fedora Core this article also covers a test-environment and the installation of Gentoo on an IBM eServer™ OpenPower™ 720 system.

5.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • None this week

Adds

The following developers recently joined the Gentoo project:

  • Markus Ullmann (Jokey) - netmon
  • Patrick Mclean (chutzpah) - sound, amd64
  • Damian Kuras (shadoww) - Polish translations
  • Karol Pasternak (reb) - Gentoo/OpenBSD Lead Developer

Changes

The following developers recently changed roles within the Gentoo project:

  • None this week

6.  Gentoo Security

Sun and Blackdown Java: Applet privilege escalation

Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate their privileges.

For more information, please see the GLSA Announcement

KDE kjs: URI heap overflow vulnerability

KDE fails to properly validate URIs when handling javascript, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

Trac: Cross-site scripting vulnerability

Trac is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.

For more information, please see the GLSA Announcement

Gallery: Cross-site scripting vulnerability

Gallery is possibly vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.

For more information, please see the GLSA Announcement

LibAST: Privilege escalation

A buffer overflow in LibAST may result in execution of arbitrary code with escalated privileges.

For more information, please see the GLSA Announcement

Paros: Default administrator password

Paros's database component is installed without a password, allowing execution of arbitrary system commands.

For more information, please see the GLSA Announcement

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 15 January 2006 and 29 January 2006, activity on the site has resulted in:

  • 1734 new bugs during this period
  • 960 bugs closed or resolved during this period
  • 59 previously closed bugs were reopened this period

Of the 9192 currently open bugs: 72 are labeled 'blocker', 171 are labeled 'critical', and 503 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated January 30, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 30 January 2006.

Ulrich Plate
Editor

Tobias Scherbaum
Author

Patrick Lauer
Author

Donnie Berkholz
Author

Michael Stewart
Author

Wernfried Haas
Author

Fabian Groffen
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.