Gentoo Archives: gentoo-gwn

From: Kurt Lieber <klieber@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter -- Volume 2, Issue 1
Date: Mon, 06 Jan 2003 03:13:01
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of January 6th, 2003.
1. Gentoo News


 * Start the New Year with a Donation to the Gentoo Linux Project 
 * New Gentoo Linux Prelinking Guide 
 * Perl 5.8 and libperl 
 * Future improvements to Gentoo Linux in the works 

Start the New Year with a Donation to the Gentoo Linux Project
As we enter the New Year, we invite everyone who has benefitted from their 
use of Gentoo Linux to make a donation[1] to the Gentoo Project. Its 
through your generous donations that the Gentoo Project is able to have a 
presence at the upcoming LinuxWorld Expo[2]. Donations also help to 
support other development efforts, such as sponsoring developers so they 
can work full time on Gentoo Linux. Donations can be made via PayPal as 
well as check. 

Additionally, if you know of a company that may be interested in 
sponsoring the Gentoo Linux free software project through a regular 
monthly donation, please email Daniel Robbins[3] directly. Among other 
things, corporate sponsorships allow Gentoo developers to work full time 
on Gentoo Linux. 

 3. drobbins@g.o

New Gentoo Linux Prelinking Guide
A new Gentoo Linux Prelinking Guide[4] has been posted. Prelinking can cut 
the startup times of applications, especially larger ones such as KDE and 
GNOME, by as much as 50% or more. Many Mandrake and RedHat users have sung 
the praises of prelinking and its effect on overall system speed, so it is 
certainly a welcome addition to Gentoo Linux. 


Perl 5.8 and libperl
Recently, an issue was raised among the developers about how to 
effectively deal with Perl 5.8. Perl 5.8 uses a shared library (libperl) 
that is incompatible with earlier versions of Perl, including Perl 5.6.1. 
Users upgrading to Perl 5.8 could find any apps previously compiled with 
Perl 5.6.1 to now be broken given the libperl incompatiblity. The solution 
for Gentoo Linux is to numerate the various versions of libperl to allow 
multiple versions to coincide with each other. So, as an example: 

 * perl-5.6 gets 
 * perl-5.8 gets 
 * perl-x.y gets 

This solution should allow the Perl 5.6.1 --> Perl 5.8 upgrade to proceed 
smoothly, and it will also serve as a solution for future binary 
compatibility problems. 

Future improvements to Gentoo Linux in the works
While the current focus of the Gentoo developers is on getting Gentoo 
Linux 1.4_final out the door, that doesn't mean future improvements aren't 
also being discussed. In addition to the Gentoo Reference Platform, which 
is designed to establish a stable baseline for Gentoo Linux, formal 
in-house testing and approval of hardware may be on the horizon. This 
process, which would provide users of Gentoo a set of components known to 
work with Gentoo Linux, should help avid Gentoo users make future hardware 
purchasing decisions. In addition to hardware testing, there are some 
tantalizing improvements to Portage coming up as well, including: 

 * Caching of emerge messages for later display -- Anyone who has ever 
emerged a list of packages has probably experienced the frustration of 
seeing informational messages scroll past as Portage moves from package to 
package. This feature will allow those messages to be cached in a safe 
place so they can be displayed at a later time (such as at the end of an 
entire 'emerge -u world'. 
 * Reverse dependency checking in Portage -- one of the most-often 
requested Portage features, reverse dependency checking will warn you if 
you try to unmerge a package that other installed packages depend upon. 
 * Dependency-based remerging -- this feature will allow certain packages 
to be remerged if necessary, based on the dependencies of another package. 
With this feature, upgrading CUPS will force Ghostscript to be rebuilt as 
well, even if no upgrade of Ghostscript is available. This feature will go 
a long way towards resolving shared library incompatibilities. 

Nick Jones (carpaski) is working on these Portage improvements as well as 
others and is quickly catching up on the backlog of Portage feature 
requests. While no firm timeline exists for delivery of these features, 
the future of Portage certainly looks bright. 
2. Gentoo Security

 * GLSA: leafnode 
 * GLSA: xpdf 
 * GLSA: cups 
 * New Security Bug Reports 

GLSA: leafnode
The leafnode NNTP server can be forced into an unterminated and 
unresponsive loop when a particular article is requested, causing the 
client to reconnect, creating a new process. Repitition of this cycle can 
make the entire system unresponsive. 

 * Severity: moderate - remote DOS (process spawning) 
 * Packages Affected: leafnode-1.9.24 and earlier 
 * Rectification: Synchronize and emerge leafnode. 
 * GLSA Announcement[5] 


GLSA: xpdf
The pdftops filter (included in Xpdf and CUPS) has an integer overflow bug 
that can be exploited remotely to gain the privileges of the target user 
or, in some circumstances, of the lp user. 

 * Severity: high - remote exploit in the wild 
 * Packages Affected: xpdf-1.01-r1 and earlier 
 * Rectification: Synchronize and emerge xpdf. 
 * GLSA Announcement[6] 
 * Advisory[7] 


GLSA: cups
Several vulnerabilities in the CUPS printing package (including the 
integer overflow noted above) permit a number of exploits, including an 
exploit of multiple vulnerabilities that permits root access to the file 
system. The exploits have been demonstrated and published. 

 * Severity: critical - remote root exploit in the wild 
 * Packages Affected: cups-1.1.17_pre20021025 and earlier 
 * Rectification: Synchronize and emerge cups. 
 * GLSA Announcement[8] 
 * Advisory[9] 


New Security Bug Reports
The last two weeks saw many of the outstanding security bugs cleared with 
new releases of the affected packages. The following new security bugs 
have been posted: 

 * mod_php[10] 
 * dhcpd[11] 

3. Heard In The Community
Web Forums
Selective rsync strategies
This discussion raises its head every few months, meaning it probably has 
a point. Some people wish to cut down on bandwidth usage when they 
synchronize their portage tree by eliminating packages or classes they 
definitely don't want, need or even imagine to install, ever. The 
discussion and a few DIY ideas how to cope with the problem: 

 * a portage killfile[12] 
 * Selective emerge rsync to cut down on bandwidth usage[13] 

PCMCIA Worries Anticipating Gentoo 1.4
A large number of forum regulars have begun expressing anxiety about the 
missing pcmcia_cs and yenta_socket PCMCIA kernel modules in the second 
release candidate, and by consequence, they fear, in the pending release 
of Gentoo 1.4. A handful of threads are dominated by users of laptops and 
notebooks without built-in NICs, who rely on PCMCIA for access to the 
Internet (and eventually to a successful Gentoo installation). Their 
worries are getting hard to overlook, and some appear to have given in and 
use alternative install methods: 

 * yenta_socket on 1.4 rc2[14] 
 * Installing Gentoo on a laptop that needs yenta_socket[15] 
 * installing 1.4-rc1 and pcmcia_core[16] 

It should be noted that the PCMCIA situation in linux in general is not 
that great. With two sets of drivers (stock kernel drivers and pcmcia-cs 
packages) that are incompatible with one another, ensuring support for all 
PCMCIA devices is a challenge. Gentoo developers are working on including 
support for both sets of drivers on the Gentoo Linux 1.4 LiveCD, which 
should allow the widest range of compatiblity for all laptop users. 

If anyone has a spare laptop that they would be interested in donating to 
the Gentoo Linux project, this would help greatly in improving PCMCIA 
support on the LiveCDs. If you're interested in donating a laptop, please 
contact Daniel Robbins[17] directly. 

 17. drobbins@g.o
Overclockers beware!
Forum moderator Phong pretty much sums it up: Overclocking is a bad idea 
when all it does is break compilations for a mere 100 Mhz of performance 
gain on the CPU, less than 5 percent on most of today's x86 PCs. 

 * Seg Fault Hell (thinking of dropping Gentoo)[18]


Round 689,554 of the Text Editor Holy War
There's nothing like starting off the New Year with a good flame war about 
text editors, and gentoo-user has been having a great one over the past 
few days. The festivities seem to have started with this post[19] and 
proceeded from there. At last count, there were approximately 60 
messages[20] in response to this post and the war continues on. 

New Docbook eclass solves SGML problems
Recent updates to the Docbook/SGML system in Gentoo caused some problems 
for some users. Matthew Turk (satai) posted a message[21] that explains 
how to fix these issues, along with a link to a more detailed 

Gentoo's supported hardware
Freeman Tan asked for a list of official 'gentoo supported hardware'. 
Those more familar with linux would agree with Tom von Schwerdtner's 
statement; "distro supported hardware is mostly a misconecption". The 
linux kernel provides support for hardware, and it is up to the distro's 
'installer' to detect and add support for the present devices. Gentoo is 
unique in that it doesn't have a formal installer but rather aids the 
installee through the intimate process of setting up a linux system from 
scratch. Providing you're able to boot into this system, you'll be able to 
add support for your devices later. A google search for "[hardware] 
+linux" will generally send you in the right direction. The thread[23] 
concludes that "no, there is no official gentoo supported hardware". 
However, as we noted above, formal in-house testing of hardware may be in 
the works for Gentoo Linux. Stay tuned. 

How do I telnet into my new Gentoo box?
First and foremost it should be known that telnet is "obsolete, broken, 
insecure, and should never be used". If you still want to live on the wild 
side, make sure netkit-telnetd has been emerged, and you have an inetd 
server setup. This discussion[24] has detailed instructions. Secure Shell 
(sshd) is the highly recommended alternative to telnet and much easier to 


USE Aware Emerge. Martin Svenningsson posted a very nifty patch[25] to 
allow emerge to display which USE flags affect the compilation of each 

Gentoo Stable Site Update.
Maik Schreiber posted an announcement[26] with the updates done on the 
Gentoo Stable website[27]: "Hi, a few updates to the Gentoo Stable site 
have been made: (1). The query page is now a little easier to use. For 
example, you get selection boxes where possible (category, arch etc.). 
(2). A new filter has been added: You can now filter on "Portage status on 
{x86, ppc, sparc, alpha} {is, is not} {stable, unstable/testing, does not 
work, unmarked}". (3). Various speed improvements regarding query have 
been made. [...]". Joachim Blaabjerg chipped in[28] with "Are there any 
tools available that scans the system for packages that are merged and 
marked unstable (~), and submits those as "merged successfully on my 
system"? I know I have a lot of unstable packages on my system, but I 
haven't got the time to through all of them and submit them to the 
Gentoo-stable site." and Peter Ruskin sent in a script[29] to do just 

4. Gentoo International

Gentoo UK Being Constituted
They're not exactly out of the starting blocks yet, but a handful of 
British Gentoo users seems determined to follow their French, German, 
Korean and Japanese counterparts' example in creating a more formal 
support network for Gentooistsn their country. The thread[30] has just 
begun to gain momentum. In particular, they are looking for a catchy 
domain name, feel free to make suggestions...


Iberian Peninsula Tops Spanish community
If a forum poll[31] is anything to go by, the vast majority of 
Spanish-speaking Gentooist comes from Spain. They're being followed by 
users in Argentina and Urugay, a few Mexicans and Spanish-speaking US 
citizens, but a rather large proportion of people lives in a place oddly 
called "other"... 


More Gentoo Linux Users Everywhere: ZetaGrid
A  Gentoo team[32] has been formed for ZetaGrid[33] , a distributed 
computing project sponsored by IBM Germany whose distinguishing technical 
feature is the secure Java kernel it provides, preventing access from 
outside and securing its communications. The current project is the 
verification of Riemann's Hypothesis[34] : about 2500 computers are 
working on it, calculating about 2 billion zeroes of the Riemann zeta 
function each day. Sebastian Wedeniwski, the scientist who created 
ZetaGrid, hopes to use ZetaGrid's results to come up with a proof for the 
hypothesis. If he succeeds, he'll split the $1,000,000 prize from the Clay 
Mathematics Institute[35] with the top 100 users; there are other prizes, 
including one awarded to the user whose computer finds a result disproving 
the hypothesis, if that happens instead.  Tantive[36] has made an ebuild 
for the client but it's still masked, for more information see Zetagrid - 
team: Gentoo Linux Users Everywhere[37]. 

5. Portage Watch

Security Updates (see above)

 * cups - fixed in cups-1.1.18 
 * xpdf - fixed in xpdf-2.01 
 * leafnode - fixed in leafnode 1.9.31 

The following stable packages were added to portage this week

 * app-emulation/blight_input : An input plugin for the mupen64 N64 
 * app-emulation/mupen64 : A Nintendo 64 (N64) emulator 
 * app-emulation/nestra : NES Emulator 
 * app-games/c++robots : ongoing 'King of the Hill' (KotH) tournament 
 * app-games/emilia-pinball : SDL OpenGL pinball game 
 * app-games/gxmame : GXMame is a frontend for XMame using the GTK 
library, the goal is to provide the same GUI as mame32. 
 * app-misc/gcolor : A simple color selector. 
 * dev-libs/libhtmlparse : libhtmlparse is a HTML parsing library. It 
takes HTML tags, text, etc and calls callbacks you define for each type of 
token in the document. 
 * dev-util/jam : jam (Just Another Make) - advanced make replacement 
 * dev-util/fenris : Fenris is a tracer, GUI debugger, analyzer, partial 
decompiler and much more 
 * media-libs/libexif : Library for parsing, editing, and saving EXIF data 
 * media-sound/jack-cvs : A low-latency audio server - cvs version 
 * net-dialup/mingetty : A compact getty program for virtual consoles 
only. [38] 
 * net-misc/udhcp : udhcp Server/Client Package 
 * net-misc/ksambaplugin : KSambaPlugin is a KDE 3 plugin for configuring 
a SAMBA server. 
 * net-news/sn : Hassle-free Usenet news system for small sites 
 * net-p2p/giftoxic : A GTK+2 giFT frontend 
 * net-www/fetch : Fetch is a simple, fast, and flexible HTTP download 
tool built on the HTTP Fetcher library. 
 * net-www/http-fetcher : HTTP Fetcher is a small, robust, flexible 
library for downloading files via HTTP using the GET method. 
 * sys-apps/hfsplusutils : HFS+ Filesystem Access Utilities (PPC Only) 
 * sys-apps/tinylogin : worlds smallest login/passwd/getty/etc 
 * sys-devel/prelink : Modifies executables so runtime libraries load 
 * sys-devel/kgcc : Modern GCC C compiler for building kernels 

Updates to notable packages

 * sys-apps/portage - portage-2.0.46-r3.ebuild; portage-2.0.46-r4.ebuild; 
 * sys-libs/glibc - glibc-2.3.1-r3.ebuild;  
 * sys-kernel/* - aa-sources-2.4.21_pre2-r2.ebuild; 
development-sources-2.5.54.ebuild; lolo-sources-; 
lolo-sources-; lolo-sources-;  
 * dev-php/php - php-4.3.0.ebuild;  
 * dev-db/postgresql - postgresql-7.3.1.ebuild;  

New USE variables

 * ev6 - Assume Alpha processor is EV6 or better 
6. Bugzilla


 * Statistics 
 * Bugs of Note 

The Gentoo community uses Bugzilla ([39]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. In the last 7 days, activity on the site has resulted 

 * 269 new bugs this week 
 * 1322 total bugs currently marked 'new' 
 * 524 total bugs curently assigned to developers 
 * 47 bugs that were previously closed have been reopened. 

There are currently 1893 bugs open in bugzilla. Of these: 40 are labelled 
'blocker', 74 are labelled 'critical', and 113 are labelled 'major'. 

The developers and teams with the highest apparent bug-related workload 

 * Nicholas Jones[40], with 271 open bugs 
 * Martin Schlemmer[41], with 133 open bugs 
 * Brandon Low[42], with 107 open bugs 
 * The KDE Team[43], with 105 open bugs 
 * Daniel Robbins[44], with 83 open bugs 

Please lend them (and the entire development team) your good thoughts, 
left-over turkey, and ongoing support. 

 40. mailto://carpaski@g.o
 41. mailto://azarah@g.o
 42. mailto://lostlogic@g.o
 43. mailto://kde@g.o
 44. mailto://drobbins@g.o

Bugs of Note
Each week, we will single out a few bugs for special mention, because they 
have been provoking significant discussions, they are particularly 
problematic, they are amusing or simply because they struck our fancy. 
This week's featured bugs are (in no particular order): 

 *  Bug 13055[45] describes problems with portage wanting to uninstall 
newer versions of packages, probably because of an issue with counter 
values in /var/db/pkg/. Maik Schrieber provides a script to fix the issue. 
 *  Bug 13074[46] discusses a problem with emerging xmms, possibly because 
of the xmms ebuild depending on an incompatible autoconf/automake version. 
An excellent example of reporter/developer interaction. 
 *  Bug 8539[47] discusses a frequently cross-reported problem of 
OpenOffice emerges destroying fonts on affected systems. The bug report 
includes two workarounds and remains open. 
 *  Bug 5152[48] provides a fix to the mysql start script that provides 
for user modifications to the default data directory. This is a nice 
example of community members providing patches via the bugzilla interface. 
 *  Bug 9849[49] describes ebuild failures when cdroms are mounted or 
directories (like /home) are NFS mounts. 

7. Tips and Tricks

Updating a Gentoo system
Most Gentoo users are familiar with the Portage system used to install 
software. One of the features that you may not be familiar with is that 
Portage can also update your entire system at once. This is known as an 
'update world'.
 To run an update world, use the following command: 

| Code Listing 7.1:                                                       |
|                                                                         |
|# emerge --update world                                                  |
|                                                                         |
Sometimes that doesn't get everything though. To make the upgrade even 
more complete, use the --deep option.
| Code Listing 7.2:                                                       |
|                                                                         |
|# emerge --update --deep world                                           |
|                                                                         |
This option calculates the dependencies of the dependencies to ensure that 
everything on your system is brought up to date.
8. Moves, Adds and Changes

The following developers recently left the Gentoo team: 

 * none this week 

The following developers recently joined the Gentoo team: 

 * Nicholas Wourms (dragon) -- MIPS 
 * Tobias Eichert (viz) -- xfs-sources 
 * Matthew J. Fanto (mattjf) -- secure-gentoo, kernels 
 * Yannik Koehler (ykoehler) -- KDE 
 * Luca Barbato (lu_zero) -- ATI, LiveCD 

The following developers recently changed roles within the Gentoo project. 

 * Jared Hudson (jhhudso) -- Gentoo Linux 1.4 QA Testing Coordinator 
9. Subscribe to the GWN mailing list
Subscribe to our mailing list by sending a blank email to
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 50. gwn-feedback@g.o
11. GWN Feedback
Please send us your feedback[51] and help make GWN better.

 51. gwn-feedback@g.o

12. GWN Credits

Kurt Lieber <klieber@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brice Burgess <nesta@×××××××.net> - Contributor
Yuji Carlos Kosugi <carlos@××××××××.net> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
Ulrich Plate <plate@×××.com> - Contributor
Peter Sharp <mail@××××××××××××××.net> - Contributor
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation
Tom Van Laerhoven <tom.vanlaerhoven@××××××.be> - Dutch Translation
Nicolas Ledez <nicolas.ledez@××××.fr> - French Translation
Guillaume Plessis <gui@×××××××××.com> - French Translation
Eric St-Georges <thevedge@××××××××.net> - French Translation
John Berry <anfini@××××.fr> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Michael Kohl <citizen428@××××××.org> - German Translation
Steffan Lassahn <lassahn@×××.de> - German Translation
Matthias Brandstetter <haim@××××.at> - German Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Lanark <lanark@××××××××××.ar> - Spanish Translation
Rafael Cordones Marcos <rcm@×××××××.net> - Spanish Translation