Gentoo Logo

Gentoo Weekly Newsletter: 7 May 2007

Content:

1.  Gentoo News

Gentoo 2007.0, code named "Secret Sauce", is released

The Gentoo Release Engineering project is pleased to announce the much-delayed release of Gentoo Linux 2007.0, code named "Secret Sauce". This release met with several delays due to an abnormally high number of security vulnerabilities in large packages which had to be rebuilt using the newer, secure versions of the packages. There was also a complete re-snapshot done about half-way through the release period due to the release taking so long and the packages becoming stale.

You can find out more information about the release in the official press release. To get the new release, grab it from http://www.gentoo.org/main/en/where.xml.

Recent Coreutils update and shell script issues

If you recently updated coreutils, or are planning your next emerge -avNDu world while reading this, you might want to take note of some important changes. The recent update to sys-apps/coreutils moved some utilities around a bit. Some moved from /bin to /usr/bin, others, maybe because they felt the inodes were greener in the other directory, flipped from /usr/bin to /bin. While there are many important reasons these files moved, including to provide access to the tools while in single user mode, for instance, what is more important for those affected is knowing what this means for your shell scripts. How to look for problems, and, if necessary, how to fix your scripts.

For many people, most scripts are run as root through cron, and might have taken the precaution of hard coding the path of each and every binary in the script (it is generally considered a more secure method of scripting, you can get more detail at http://forums.gentoo.org/viewtopic-t-548833.html). Hopefully, those paths to the location of the binaries in a variable at the beginning of the script, such as:

Code Listing 1.1: Example script

#!/bin/bash
MYNOHUP=/usr/bin/nohup
MYCOMMAND=/usr/local/bin/somecommand
$MYNOHUP $MYCOMMAND

This way, there is only one edit to make in the script. Of course, this isn't the only solution. In a recent discussion on the gentoo-dev mailing list, many potential solutions were offered. You can read the thread at http://archives.gentoo.org/gentoo-dev/msg_144236.xml. One potential solution is to completely forgo the full path to binaries in your shell scripts. By ensuring that the PATH variable is properly set at the beginning of your scripts, this entire issue is completely avoidable. In fact, for those that currently subscribe to this method of shell scripting, the coreutils update may have gone completely unnoticed. A good default for the PATH variable in your scripts would be:

Code Listing 1.2: Default PATH example

PATH=${PATH}:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin

Obviously, one might want to check the path of the binaries for more esoteric paths, for example /opt/vmware/server/bin is the location for VMWare Server utilities. Another option mentioned was the command -p program method. From the man page, command -p will "perform the command search using a default value for PATH that is guaranteed to find all of the standard utilities". This appears to be a fairly safe method of executing a command, albeit at the cost of a few extra keystrokes. Also, since command is a built in bash utility, it doesn't actually exist on the file system and is therefore immune to the changes made by coreutils. This of course assumes one is using the bash shell by default, which is a safe bet for most Linux users.

Similar to command, env runs a program in a modified environment. Simply calling env program will run your utility with a drastically stripped-down path; /bin:/usr/bin according to the email thread. Contrary to the command utility, env is a file on the local file system and exists, via symbolic links, in both /bin and /usr/bin.

Ultimately, the solution you choose is largely a matter of preference and personal experience. Your best bet is to experiment with the solutions listed above to find the one with which you are most comfortable. With your new-found knowledge, there is one last thing to do. You will need to make sure that you find the scripts running on your system and test them for problems. You can manually ran each of them in debug mode to look for issues.

Code Listing 1.3: Running a bash command in debug mode

$ bash -x sample_cron_job
+ /bin/echo 'Hello World!'
Hello World!

You will also want to look in /usr/local/bin for scripts (if that is where you keep them) and also /etc/conf.d/local.start and /etc/conf.d/local.stop. If everything works, then you are in great shape!

2.  Heard in the community

planet.gentoo.org

Status of Gentoo MIPS

Developer Alexander Færøy writes into his blog about the current optimistic status of the MIPS herd. With the addition of Bryan Østergaard, who will be working on general porting, and Richard Brown, who will be working on ruby support, the progress of bringing this architecture up to speed is accelerating toward the 2007.0 release. Alexander also mentions that they are seeking new recruits to "join the coolest team within Gentoo" and talks about his successes with their new Movidis box.

gentoo-user

Do it all, minus one

Jesse Adelman wrote into gentoo-user to ask how to be able to do an emerge -uDN world, but have portage not update one package. Jesse had a version of MythTV that had been removed from the tree that he wished to keep. However, the version in the tree was between a newer and older version, thus causing portage to want to downgrade if he simply put the newer version in package.mask. Vikas Kumar suggested the often forgotten /etc/portage/profile/package.provided. A package placed in this file will not be updated unless another package necessarily depends on a newer version. More information about package.provided is available in the portage man page. Developer Zac Medico suggested to instead simply mask the package versions that are both higher and lower than the version Jesse wanted to keep, which is the best solution.

gentoo-dev

Looking for help with 2.6 kernel maintenance

Daniel Drake is looking for one or more people to help out with gentoo-sources-2.6 maintenance. Knowledge of kernel internals and kernel hacking is not required, but motivation to learn is the main qualification. Being a Gentoo developer is not required to offer assistance and could be a good way for an interested person to get a foot in the door towards becoming a developer. Interested parties should contact Daniel privately, or on IRC.

3.  Gentoo International

HSM looking for Gentoo specialists

HSM is a renowned, high profile software service provider headquartered in Paderborn / Germany. Their strength is the development of interfaces and add-ons to standard software programs and databases, programming of customer-specific software, provision of standard software in the areas security, ERP and emulations.

HSM is searching for Linux specialists with strong Gentoo knowledge for further development and customer support for their Linux-based universal firewall-software with a new and unique product concept. Successful candidates will have ample Linux experience, which especially covers TCP/IP and Routing, Perl, PHP and BASH Scripting, Apache, Bind, DNS, SQUID, Postfix and MySQL, plus communicative skills, organised work habits and consequent customer orientation.

This position offers candidates with the respective long-term professional experience the possibility of ascending to a managing position. For candidates with initial professional experiences we provide attractive training and further qualification possibilities. For further information contact HSM's HR Consultant, Mr. Wolf Geldmacher.

4.  Gentoo in the press

Linux Magazine (26 April, 2007)

Linux Magazine posted an article about Gentoo Linux and portage. The feature article is entirely about Gentoo and is available to Linux Magazine subscribers only. If you are a Linux Magazine subscriber, check out the article.

5.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • none this week

Adds

The following developers recently joined the Gentoo project:

  • none this week

Changes

The following developers recently changed roles within the Gentoo project:

  • none this week

6.  Gentoo security

Ktorrent: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in Ktorrent allowing for the remote execution of arbitrary code and a Denial of Service.

For more information, please see the GLSA Announcement

FreeType: User-assisted execution of arbitrary code

A vulnerability has been discovered in FreeType allowing for user-assisted remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Tomcat: Information disclosure

A vulnerability has been discovered in Tomcat that allows for the disclosure of sensitive information.

For more information, please see the GLSA Announcement

Apache mod_perl: Denial of Service

The mod_perl Apache module is vulnerable to a Denial of Service when processing regular expressions.

For more information, please see the GLSA Announcement

Quagga: Denial of Service

A vulnerability has been discovered in Quagga allowing for a Denial of Service.

For more information, please see the GLSA Announcement

X.Org X11 library: Multiple integer overflows

The X.Org X11 library contains multiple integer overflows, which could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

7.  Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Removals:

Package: Removal date: Contact:
kde-misc/metabar 01 May 2007 Carsten Lohrke
net-print/hpoj 01 May 2007 Denis Dupeyron
mail-mta/qmail 01 May 2007 Michael Hanselmann
dev-java/saxon-bin 02 May 2007 Petteri Räty
media-fonts/cjkuni-fonts 02 May 2007 Matsuu Takuto
sys-fs/raidtools 05 May 2007 Mike Frysinger
dev-libs/wxactivex 05 May 2007 Mike Frysinger
dev-libs/wx-xmingw 05 May 2007 Mike Frysinger

Additions:

Package: Addition date: Contact:
dev-perl/Sys-Syscall 30 Apr 2007 Robin H. Johnson
dev-perl/Danga-Socket 30 Apr 2007 Robin H. Johnson
dev-perl/Perlbal 30 Apr 2007 Robin H. Johnson
dev-perl/MogileFS-Client 30 Apr 2007 Robin H. Johnson
dev-perl/MogileFS-Utils 30 Apr 2007 Robin H. Johnson
dev-perl/mogilefs-server 30 Apr 2007 Robin H. Johnson
sys-fs/ncdu 01 May 2007 Wolfram Schlich
net-im/pidgin 01 May 2007 Olivier Crete
x11-plugins/pidgin-extprefs 01 May 2007 Olivier Crete
x11-plugins/pidgin-rhythmbox 01 May 2007 Olivier Crete
dev-ruby/maruku 01 May 2007 Aggelos Orfanakos
app-office/calcurse 01 May 2007 Cédric Krier
app-emacs/mode-compile 01 May 2007 Ulrich Müller
dev-java/jsr67 01 May 2007 Krzysiek Pawlik
dev-java/istack-commons-runtime 01 May 2007 Krzysiek Pawlik
dev-java/saaj 01 May 2007 Krzysiek Pawlik
dev-java/rngom 01 May 2007 Krzysiek Pawlik
dev-java/codemodel 01 May 2007 Krzysiek Pawlik
dev-java/sjsxp 01 May 2007 Krzysiek Pawlik
dev-java/stax-ex 01 May 2007 Krzysiek Pawlik
dev-java/sun-httpserver-bin 01 May 2007 Krzysiek Pawlik
dev-java/xmlstreambuffer 01 May 2007 Krzysiek Pawlik
dev-java/istack-commons-tools 01 May 2007 Krzysiek Pawlik
dev-java/fastinfoset 01 May 2007 Krzysiek Pawlik
dev-java/jsr101 01 May 2007 Krzysiek Pawlik
dev-java/jaxp 01 May 2007 Krzysiek Pawlik
dev-java/relaxngcc 01 May 2007 Krzysiek Pawlik
dev-java/xsom 01 May 2007 Krzysiek Pawlik
dev-java/txw2-runtime 01 May 2007 Krzysiek Pawlik
dev-java/jaxb 01 May 2007 Krzysiek Pawlik
dev-java/jax-ws-api 01 May 2007 Krzysiek Pawlik
dev-java/jax-ws 01 May 2007 Krzysiek Pawlik
dev-java/apt-mirror 01 May 2007 Krzysiek Pawlik
dev-java/sun-dtdparser 01 May 2007 Krzysiek Pawlik
dev-java/jaxb-tools 01 May 2007 Krzysiek Pawlik
dev-java/jsr93 01 May 2007 Krzysiek Pawlik
dev-java/jax-rpc 01 May 2007 Krzysiek Pawlik
dev-java/jax-ws-tools 01 May 2007 Krzysiek Pawlik
dev-java/jaxr 01 May 2007 Krzysiek Pawlik
x11-themes/mythtv-themes-extra 02 May 2007 Steve Dibb
x11-misc/slim 02 May 2007 Samuli Suominen
dev-python/decoratortools 02 May 2007 Rob Cakebread
x11-themes/slim-themes 02 May 2007 Samuli Suominen
gnome-extra/nm-applet 02 May 2007 Stephen Klimaszewski
net-analyzer/nipper 02 May 2007 Mike Auty
dev-perl/JSON-XS 03 May 2007 Christian Hartmann
dev-lang/scala 04 May 2007 Vlastimil Babka
www-apps/horde-mimp 05 May 2007 Mike Frysinger
dev-python/py 05 May 2007 Lukasz Strzygowski
dev-java/jibx-tools 05 May 2007 Krzysiek Pawlik
app-emacs/javascript 05 May 2007 Ulrich Müller
app-admin/python-updater 06 May 2007 Bryan Østergaard
dev-java/jid3 06 May 2007 Petteri Räty
xfce-extra/xfce4-time-out 06 May 2007 Samuli Suominen
app-vim/eselect-syntax 06 May 2007 Mike Kelly

Last Rites:

Package: Removal date: Contact:
dev-util/eclipse-cbg-editor 30 May 2007 Petteri Räty
dev-util/eclipse-cdt-bin 30 May 2007 Petteri Räty
dev-util/eclipse-emf-bin 30 May 2007 Petteri Räty
dev-util/eclipse-gef-bin 30 May 2007 Petteri Räty
dev-util/eclipse-pydev-bin 30 May 2007 Petteri Räty
dev-util/eclipse-subclipse-bin 30 May 2007 Petteri Räty
dev-util/eclipse-ve-bin 30 May 2007 Petteri Räty
dev-java/dbconnectionbroker-bin 30 May 2007 Vlastimil Babka
dev-java/infobus-bin 30 May 2007 Vlastimil Babka
x11-misc/login-app 2 Jun 2007 Samuli Suominen
dev-java/openjgraph 3 Jun 2007 Alistair Bush
app-misc/baobab 3 Jun 2007 Daniel Gryniewicz
dev-java/violinstrings 3 Jun 2007 Alistair Bush
dev-java/sun-fastinfoset-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-jaxb-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-jaxp-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-jaxr-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-jaxrpc-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-jaxws-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-jwsdp-shared-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-saaj-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-sjsxp-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-wsdp-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-xmldsig-bin 4 Jun 2007 Krzysiek Pawlik
dev-java/sun-xws-security-bin 4 Jun 2007 Krzysiek Pawlik

8.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 29 April 2007 and 06 May 2007, activity on the site has resulted in:

  • 565 new bugs during this period
  • 361 bugs closed or resolved during this period
  • 26 previously closed bugs were reopened this period
  • 123 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 104 bugs marked as duplicates during this period

Of the 10028 currently open bugs: 11 are labeled 'blocker', 116 are labeled 'critical', and 364 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

9.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

10.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

11.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated May 7, 2007

Summary: This is the Gentoo Weekly Newsletter for the week of 7 May 2007.

Chris Gianelloni
Editor

David Snider
Author

Donnie Berkholz
Author

Kyle Bishop
Author

Tobias Scherbaum
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.