---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/20030106-newsletter.xml
This is the Gentoo Weekly Newsletter for the week of January 6th, 2003.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Summary
-------
* Start the New Year with a Donation to the Gentoo Linux Project
* New Gentoo Linux Prelinking Guide
* Perl 5.8 and libperl
* Future improvements to Gentoo Linux in the works
Start the New Year with a Donation to the Gentoo Linux Project
--------------------------------------------------------------
As we enter the New Year, we invite everyone who has benefitted from their
use of Gentoo Linux to make a donation[1] to the Gentoo Project. Its
through your generous donations that the Gentoo Project is able to have a
presence at the upcoming LinuxWorld Expo[2]. Donations also help to
support other development efforts, such as sponsoring developers so they
can work full time on Gentoo Linux. Donations can be made via PayPal as
well as check.
1. http://www.gentoo.org
2. http://www.linuxworldexpo.com/
Additionally, if you know of a company that may be interested in
sponsoring the Gentoo Linux free software project through a regular
monthly donation, please email Daniel Robbins[3] directly. Among other
things, corporate sponsorships allow Gentoo developers to work full time
on Gentoo Linux.
3. drobbins@g.o
New Gentoo Linux Prelinking Guide
---------------------------------
A new Gentoo Linux Prelinking Guide[4] has been posted. Prelinking can cut
the startup times of applications, especially larger ones such as KDE and
GNOME, by as much as 50% or more. Many Mandrake and RedHat users have sung
the praises of prelinking and its effect on overall system speed, so it is
certainly a welcome addition to Gentoo Linux.
4. http://www.gentoo.org/doc/en/prelink-howto.xml
Perl 5.8 and libperl
--------------------
Recently, an issue was raised among the developers about how to
effectively deal with Perl 5.8. Perl 5.8 uses a shared library (libperl)
that is incompatible with earlier versions of Perl, including Perl 5.6.1.
Users upgrading to Perl 5.8 could find any apps previously compiled with
Perl 5.6.1 to now be broken given the libperl incompatiblity. The solution
for Gentoo Linux is to numerate the various versions of libperl to allow
multiple versions to coincide with each other. So, as an example:
* perl-5.6 gets libperl.so.0.5.6
* perl-5.8 gets libperl.so.1.5.8
* perl-x.y gets libperl.so.2.x.y
This solution should allow the Perl 5.6.1 --> Perl 5.8 upgrade to proceed
smoothly, and it will also serve as a solution for future binary
compatibility problems.
Future improvements to Gentoo Linux in the works
------------------------------------------------
While the current focus of the Gentoo developers is on getting Gentoo
Linux 1.4_final out the door, that doesn't mean future improvements aren't
also being discussed. In addition to the Gentoo Reference Platform, which
is designed to establish a stable baseline for Gentoo Linux, formal
in-house testing and approval of hardware may be on the horizon. This
process, which would provide users of Gentoo a set of components known to
work with Gentoo Linux, should help avid Gentoo users make future hardware
purchasing decisions. In addition to hardware testing, there are some
tantalizing improvements to Portage coming up as well, including:
* Caching of emerge messages for later display -- Anyone who has ever
emerged a list of packages has probably experienced the frustration of
seeing informational messages scroll past as Portage moves from package to
package. This feature will allow those messages to be cached in a safe
place so they can be displayed at a later time (such as at the end of an
entire 'emerge -u world'.
* Reverse dependency checking in Portage -- one of the most-often
requested Portage features, reverse dependency checking will warn you if
you try to unmerge a package that other installed packages depend upon.
* Dependency-based remerging -- this feature will allow certain packages
to be remerged if necessary, based on the dependencies of another package.
With this feature, upgrading CUPS will force Ghostscript to be rebuilt as
well, even if no upgrade of Ghostscript is available. This feature will go
a long way towards resolving shared library incompatibilities.
Nick Jones (carpaski) is working on these Portage improvements as well as
others and is quickly catching up on the backlog of Portage feature
requests. While no firm timeline exists for delivery of these features,
the future of Portage certainly looks bright.
==================
2. Gentoo Security
==================
Summary
-------
* GLSA: leafnode
* GLSA: xpdf
* GLSA: cups
* New Security Bug Reports
GLSA: leafnode
--------------
The leafnode NNTP server can be forced into an unterminated and
unresponsive loop when a particular article is requested, causing the
client to reconnect, creating a new process. Repitition of this cycle can
make the entire system unresponsive.
* Severity: moderate - remote DOS (process spawning)
* Packages Affected: leafnode-1.9.24 and earlier
* Rectification: Synchronize and emerge leafnode.
* GLSA Announcement[5]
5. http://forums.gentoo.org/viewtopic.php?t=28343
GLSA: xpdf
----------
The pdftops filter (included in Xpdf and CUPS) has an integer overflow bug
that can be exploited remotely to gain the privileges of the target user
or, in some circumstances, of the lp user.
* Severity: high - remote exploit in the wild
* Packages Affected: xpdf-1.01-r1 and earlier
* Rectification: Synchronize and emerge xpdf.
* GLSA Announcement[6]
* Advisory[7]
6. http://forums.gentoo.org/viewtopic.php?t=28342
7. http://www.idefense.com/advisory/12.23.02.txt
GLSA: cups
----------
Several vulnerabilities in the CUPS printing package (including the
integer overflow noted above) permit a number of exploits, including an
exploit of multiple vulnerabilities that permits root access to the file
system. The exploits have been demonstrated and published.
* Severity: critical - remote root exploit in the wild
* Packages Affected: cups-1.1.17_pre20021025 and earlier
* Rectification: Synchronize and emerge cups.
* GLSA Announcement[8]
* Advisory[9]
8. http://forums.gentoo.org/viewtopic.php?t=27949
9. http://www.idefense.com/advisory/12.19.02.txt
New Security Bug Reports
------------------------
The last two weeks saw many of the outstanding security bugs cleared with
new releases of the affected packages. The following new security bugs
have been posted:
* mod_php[10]
* dhcpd[11]
10. http://bugs.gentoo.org/show_bug.cgi?id=12811
11. http://bugs.gentoo.org/show_bug.cgi?id=12988
=========================
3. Heard In The Community
=========================
Web Forums
----------
Selective rsync strategies
This discussion raises its head every few months, meaning it probably has
a point. Some people wish to cut down on bandwidth usage when they
synchronize their portage tree by eliminating packages or classes they
definitely don't want, need or even imagine to install, ever. The
discussion and a few DIY ideas how to cope with the problem:
* a portage killfile[12]
* Selective emerge rsync to cut down on bandwidth usage[13]
12. http://forums.gentoo.org/viewtopic.php?t=28044
13. http://forums.gentoo.org/viewtopic.php?t=23607
PCMCIA Worries Anticipating Gentoo 1.4
A large number of forum regulars have begun expressing anxiety about the
missing pcmcia_cs and yenta_socket PCMCIA kernel modules in the second
release candidate, and by consequence, they fear, in the pending release
of Gentoo 1.4. A handful of threads are dominated by users of laptops and
notebooks without built-in NICs, who rely on PCMCIA for access to the
Internet (and eventually to a successful Gentoo installation). Their
worries are getting hard to overlook, and some appear to have given in and
use alternative install methods:
* yenta_socket on 1.4 rc2[14]
* Installing Gentoo on a laptop that needs yenta_socket[15]
* installing 1.4-rc1 and pcmcia_core[16]
It should be noted that the PCMCIA situation in linux in general is not
that great. With two sets of drivers (stock kernel drivers and pcmcia-cs
packages) that are incompatible with one another, ensuring support for all
PCMCIA devices is a challenge. Gentoo developers are working on including
support for both sets of drivers on the Gentoo Linux 1.4 LiveCD, which
should allow the widest range of compatiblity for all laptop users.
14. http://forums.gentoo.org/viewtopic.php?t=28281
15. http://forums.gentoo.org/viewtopic.php?t=28413
16. http://forums.gentoo.org/viewtopic.php?t=14894
If anyone has a spare laptop that they would be interested in donating to
the Gentoo Linux project, this would help greatly in improving PCMCIA
support on the LiveCDs. If you're interested in donating a laptop, please
contact Daniel Robbins[17] directly.
17. drobbins@g.o
Overclockers beware!
Forum moderator Phong pretty much sums it up: Overclocking is a bad idea
when all it does is break compilations for a mere 100 Mhz of performance
gain on the CPU, less than 5 percent on most of today's x86 PCs.
* Seg Fault Hell (thinking of dropping Gentoo)[18]
18. http://forums.gentoo.org/viewtopic.php?t=27564
gentoo-user
-----------
Round 689,554 of the Text Editor Holy War
There's nothing like starting off the New Year with a good flame war about
text editors, and gentoo-user has been having a great one over the past
few days. The festivities seem to have started with this post[19] and
proceeded from there. At last count, there were approximately 60
messages[20] in response to this post and the war continues on.
19. http://marc.theaimsgroup.com/?l=gentoo-user&m=104138315028463&w=2
20.
http://marc.theaimsgroup.com/?l=gentoo-user&w=2&r=1&s=Vi%2FNano+flames&q=b
New Docbook eclass solves SGML problems
Recent updates to the Docbook/SGML system in Gentoo caused some problems
for some users. Matthew Turk (satai) posted a message[21] that explains
how to fix these issues, along with a link to a more detailed
explanation[22].
21. http://marc.theaimsgroup.com/?l=gentoo-user&m=104144948228162&w=2
22. http://www.gentoo.org/~satai/sgmlfix.html
Gentoo's supported hardware
Freeman Tan asked for a list of official 'gentoo supported hardware'.
Those more familar with linux would agree with Tom von Schwerdtner's
statement; "distro supported hardware is mostly a misconecption". The
linux kernel provides support for hardware, and it is up to the distro's
'installer' to detect and add support for the present devices. Gentoo is
unique in that it doesn't have a formal installer but rather aids the
installee through the intimate process of setting up a linux system from
scratch. Providing you're able to boot into this system, you'll be able to
add support for your devices later. A google search for "[hardware]
+linux" will generally send you in the right direction. The thread[23]
concludes that "no, there is no official gentoo supported hardware".
However, as we noted above, formal in-house testing of hardware may be in
the works for Gentoo Linux. Stay tuned.
23. http://marc.theaimsgroup.com/?l=gentoo-user&m=104135883514141&w=2
How do I telnet into my new Gentoo box?
First and foremost it should be known that telnet is "obsolete, broken,
insecure, and should never be used". If you still want to live on the wild
side, make sure netkit-telnetd has been emerged, and you have an inetd
server setup. This discussion[24] has detailed instructions. Secure Shell
(sshd) is the highly recommended alternative to telnet and much easier to
install.
24. http://marc.theaimsgroup.com/?l=gentoo-user&m=104105195014103&w=2
gentoo-dev
----------
USE Aware Emerge. Martin Svenningsson posted a very nifty patch[25] to
allow emerge to display which USE flags affect the compilation of each
package!
25. http://article.gmane.org/gmane.linux.gentoo.devel/6303
Gentoo Stable Site Update.
Maik Schreiber posted an announcement[26] with the updates done on the
Gentoo Stable website[27]: "Hi, a few updates to the Gentoo Stable site
have been made: (1). The query page is now a little easier to use. For
example, you get selection boxes where possible (category, arch etc.).
(2). A new filter has been added: You can now filter on "Portage status on
{x86, ppc, sparc, alpha} {is, is not} {stable, unstable/testing, does not
work, unmarked}". (3). Various speed improvements regarding query have
been made. [...]". Joachim Blaabjerg chipped in[28] with "Are there any
tools available that scans the system for packages that are merged and
marked unstable (~), and submits those as "merged successfully on my
system"? I know I have a lot of unstable packages on my system, but I
haven't got the time to through all of them and submit them to the
Gentoo-stable site." and Peter Ruskin sent in a script[29] to do just
that!
26. http://article.gmane.org/gmane.linux.gentoo.devel/6350
27. http://gentoo-stable.iq-computing.de
28. http://article.gmane.org/gmane.linux.gentoo.devel/6361
29. http://article.gmane.org/gmane.linux.gentoo.devel/6362
=======================
4. Gentoo International
=======================
Gentoo UK Being Constituted
They're not exactly out of the starting blocks yet, but a handful of
British Gentoo users seems determined to follow their French, German,
Korean and Japanese counterparts' example in creating a more formal
support network for Gentooistsn their country. The thread[30] has just
begun to gain momentum. In particular, they are looking for a catchy
domain name, feel free to make suggestions...
30. http://forums.gentoo.org/viewtopic.php?t=28246
Iberian Peninsula Tops Spanish community
If a forum poll[31] is anything to go by, the vast majority of
Spanish-speaking Gentooist comes from Spain. They're being followed by
users in Argentina and Urugay, a few Mexicans and Spanish-speaking US
citizens, but a rather large proportion of people lives in a place oddly
called "other"...
31. http://forums.gentoo.org/viewtopic.php?t=11939
More Gentoo Linux Users Everywhere: ZetaGrid
A Gentoo team[32] has been formed for ZetaGrid[33] , a distributed
computing project sponsored by IBM Germany whose distinguishing technical
feature is the secure Java kernel it provides, preventing access from
outside and securing its communications. The current project is the
verification of Riemann's Hypothesis[34] : about 2500 computers are
working on it, calculating about 2 billion zeroes of the Riemann zeta
function each day. Sebastian Wedeniwski, the scientist who created
ZetaGrid, hopes to use ZetaGrid's results to come up with a proof for the
hypothesis. If he succeeds, he'll split the $1,000,000 prize from the Clay
Mathematics Institute[35] with the top 100 users; there are other prizes,
including one awarded to the user whose computer finds a result disproving
the hypothesis, if that happens instead. Tantive[36] has made an ebuild
for the client but it's still masked, for more information see Zetagrid -
team: Gentoo Linux Users Everywhere[37].
32. http://www.zetagrid.net/servlet/service/
teammembers?team=Gentoo+Linux+Users+Everywhere
33. http://www.zetagrid.net/
34. http://www.zetagrid.net/zeta/rh.html
35. http://www.claymath.org/
36. http://forums.gentoo.org/profile.php?mode=viewprofile&u=1326
37. http://forums.gentoo.org/viewtopic.php?t=28511
================
5. Portage Watch
================
Security Updates (see above)
----------------------------
* cups - fixed in cups-1.1.18
* xpdf - fixed in xpdf-2.01
* leafnode - fixed in leafnode 1.9.31
The following stable packages were added to portage this week
-------------------------------------------------------------
* app-emulation/blight_input : An input plugin for the mupen64 N64
emulator http://mupen64.emulation64.com/
* app-emulation/mupen64 : A Nintendo 64 (N64) emulator
http://mupen64.emulation64.com/
* app-emulation/nestra : NES Emulator http://nestra.linuxgames.com
* app-games/c++robots : ongoing 'King of the Hill' (KotH) tournament
http://www.gamerz.net/c++robots/
* app-games/emilia-pinball : SDL OpenGL pinball game
http://pinball.sourceforge.net/
* app-games/gxmame : GXMame is a frontend for XMame using the GTK
library, the goal is to provide the same GUI as mame32.
http://gxmame.sourceforge.net/
* app-misc/gcolor : A simple color selector.
http://gcolor.sourceforge.net/
* dev-libs/libhtmlparse : libhtmlparse is a HTML parsing library. It
takes HTML tags, text, etc and calls callbacks you define for each type of
token in the document. http://msalem.translator.cx/libhtmlparse.html
* dev-util/jam : jam (Just Another Make) - advanced make replacement
http://www.perforce.com/jam/jam.html
* dev-util/fenris : Fenris is a tracer, GUI debugger, analyzer, partial
decompiler and much more http://razor.bindview.com/tools/fenris/
* media-libs/libexif : Library for parsing, editing, and saving EXIF data
http://libexif.sf.net/
* media-sound/jack-cvs : A low-latency audio server - cvs version
http://jackit.sourceforge.net/
* net-dialup/mingetty : A compact getty program for virtual consoles
only. [38]
* net-misc/udhcp : udhcp Server/Client Package http://udhcp.busybox.net/
* net-misc/ksambaplugin : KSambaPlugin is a KDE 3 plugin for configuring
a SAMBA server. http://ksambakdeplugin.sourceforge.net
* net-news/sn : Hassle-free Usenet news system for small sites
http://infa.abo.fi/~patrik/sn/
* net-p2p/giftoxic : A GTK+2 giFT frontend
http://giftoxic.sourceforge.net/
* net-www/fetch : Fetch is a simple, fast, and flexible HTTP download
tool built on the HTTP Fetcher library. http://cs.nmu.edu/~lhanson/fetch/
* net-www/http-fetcher : HTTP Fetcher is a small, robust, flexible
library for downloading files via HTTP using the GET method.
http://cs.nmu.edu/~lhanson/http_fetcher/
* sys-apps/hfsplusutils : HFS+ Filesystem Access Utilities (PPC Only)
http://ftp.penguinppc.org/users/hasi/
* sys-apps/tinylogin : worlds smallest login/passwd/getty/etc
http://tinylogin.busybox.net/
* sys-devel/prelink : Modifies executables so runtime libraries load
faster ftp://people.redhat.com/jakub/prelink
* sys-devel/kgcc : Modern GCC C compiler for building kernels
http://www.gnu.org/software/gcc/gcc.html
Updates to notable packages
---------------------------
* sys-apps/portage - portage-2.0.46-r3.ebuild; portage-2.0.46-r4.ebuild;
portage-2.0.46-r5.ebuild;
* sys-libs/glibc - glibc-2.3.1-r3.ebuild;
* sys-kernel/* - aa-sources-2.4.21_pre2-r2.ebuild;
development-sources-2.5.54.ebuild; lolo-sources-2.4.20.1_pre9.ebuild;
lolo-sources-2.4.20.1_rc1.ebuild; lolo-sources-2.4.20.1_rc2.ebuild;
* dev-php/php - php-4.3.0.ebuild;
* dev-db/postgresql - postgresql-7.3.1.ebuild;
New USE variables
-----------------
* ev6 - Assume Alpha processor is EV6 or better
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Bugs of Note
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[39]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. In the last 7 days, activity on the site has resulted
in:
* 269 new bugs this week
* 1322 total bugs currently marked 'new'
* 524 total bugs curently assigned to developers
* 47 bugs that were previously closed have been reopened.
There are currently 1893 bugs open in bugzilla. Of these: 40 are labelled
'blocker', 74 are labelled 'critical', and 113 are labelled 'major'.
39. http://bugs.gentoo.org
The developers and teams with the highest apparent bug-related workload
are:
* Nicholas Jones[40], with 271 open bugs
* Martin Schlemmer[41], with 133 open bugs
* Brandon Low[42], with 107 open bugs
* The KDE Team[43], with 105 open bugs
* Daniel Robbins[44], with 83 open bugs
Please lend them (and the entire development team) your good thoughts,
left-over turkey, and ongoing support.
40. mailto://carpaski@g.o
41. mailto://azarah@g.o
42. mailto://lostlogic@g.o
43. mailto://kde@g.o
44. mailto://drobbins@g.o
Bugs of Note
------------
Each week, we will single out a few bugs for special mention, because they
have been provoking significant discussions, they are particularly
problematic, they are amusing or simply because they struck our fancy.
This week's featured bugs are (in no particular order):
* Bug 13055[45] describes problems with portage wanting to uninstall
newer versions of packages, probably because of an issue with counter
values in /var/db/pkg/. Maik Schrieber provides a script to fix the issue.
* Bug 13074[46] discusses a problem with emerging xmms, possibly because
of the xmms ebuild depending on an incompatible autoconf/automake version.
An excellent example of reporter/developer interaction.
* Bug 8539[47] discusses a frequently cross-reported problem of
OpenOffice emerges destroying fonts on affected systems. The bug report
includes two workarounds and remains open.
* Bug 5152[48] provides a fix to the mysql start script that provides
for user modifications to the default data directory. This is a nice
example of community members providing patches via the bugzilla interface.
* Bug 9849[49] describes ebuild failures when cdroms are mounted or
directories (like /home) are NFS mounts.
45. http://bugs.gentoo.org/show_bug.cgi?id=13055
46. http://bugs.gentoo.org/show_bug.cgi?id=13074
47. http://bugs.gentoo.org/show_bug.cgi?id=8539
48. http://bugs.gentoo.org/show_bug.cgi?id=5152
49. http://bugs.gentoo.org/show_bug.cgi?id=9849
==================
7. Tips and Tricks
==================
Updating a Gentoo system
Most Gentoo users are familiar with the Portage system used to install
software. One of the features that you may not be familiar with is that
Portage can also update your entire system at once. This is known as an
'update world'.
To run an update world, use the following command:
---------------------------------------------------------------------------
| Code Listing 7.1: |
---------------------------------------------------------------------------
| |
|# emerge --update world |
| |
---------------------------------------------------------------------------
Sometimes that doesn't get everything though. To make the upgrade even
more complete, use the --deep option.
---------------------------------------------------------------------------
| Code Listing 7.2: |
---------------------------------------------------------------------------
| |
|# emerge --update --deep world |
| |
---------------------------------------------------------------------------
This option calculates the dependencies of the dependencies to ensure that
everything on your system is brought up to date.
==========================
8. Moves, Adds and Changes
==========================
Moves
-----
The following developers recently left the Gentoo team:
* none this week
Adds
----
The following developers recently joined the Gentoo team:
* Nicholas Wourms (dragon) -- MIPS
* Tobias Eichert (viz) -- xfs-sources
* Matthew J. Fanto (mattjf) -- secure-gentoo, kernels
* Yannik Koehler (ykoehler) -- KDE
* Luca Barbato (lu_zero) -- ATI, LiveCD
Changes
-------
The following developers recently changed roles within the Gentoo project.
* Jared Hudson (jhhudso) -- Gentoo Linux 1.4 QA Testing Coordinator
====================================
9. Subscribe to the GWN mailing list
====================================
Subscribe to our mailing list by sending a blank email to
gentoo-gwn-subscribe@g.o
=====================
10. Contribute to GWN
=====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[50]
50. gwn-feedback@g.o
================
11. GWN Feedback
================
Please send us your feedback[51] and help make GWN better.
51. gwn-feedback@g.o
===============
12. GWN Credits
===============
Kurt Lieber <klieber@g.o> - Editor
AJ Armstrong <aja@...> - Contributor
Brice Burgess <nesta@...> - Contributor
Yuji Carlos Kosugi <carlos@...> - Contributor
Rafael Cordones Marcos <rcm@...> - Contributor
David Narayan <david@...> - Contributor
Ulrich Plate <plate@...> - Contributor
Peter Sharp <mail@...> - Contributor
Mathy Vanvoorden <matje@...> - Dutch Translation
Tom Van Laerhoven <tom.vanlaerhoven@...> - Dutch Translation
Nicolas Ledez <nicolas.ledez@...> - French Translation
Guillaume Plessis <gui@...> - French Translation
Eric St-Georges <thevedge@...> - French Translation
John Berry <anfini@...> - French Translation
Martin Prieto <riverdale@...> - French Translation
Michael Kohl <citizen428@...> - German Translation
Steffan Lassahn <lassahn@...> - German Translation
Matthias Brandstetter <haim@...> - German Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Marco Mascherpa <mush@...> - Italian Translation
Claudio Merloni <paper@...> - Italian Translation
Ventura Barbeiro <venturasbarbeiro@...> - Portuguese (Brazil)
Translation
Lanark <lanark@...> - Spanish Translation
Rafael Cordones Marcos <rcm@...> - Spanish Translation
|
