Gentoo Weekly Newsletter 7 May 2007

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 7 May 2007

Chris Gianelloni
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 7 May 2007.

1. Gentoo News

Gentoo 2007.0, code named "Secret Sauce", is released

The Gentoo Release Engineering[1] project is pleased to announce the
much-delayed release of Gentoo Linux 2007.0, code named "Secret Sauce". This
release met with several delays due to an abnormally high number of security
vulnerabilities in large packages which had to be rebuilt using the newer,
secure versions of the packages. There was also a complete re-snapshot done
about half-way through the release period due to the release taking so long
and the packages becoming stale.


You can find out more information about the release in the official press
release[2]. To get the new release, grab it from


Recent Coreutils update and shell script issues

If you recently updated coreutils, or are planning your next emerge -avNDu
world while reading this, you might want to take note of some important
changes. The recent update to sys-apps/coreutils moved some utilities around
a bit. Some moved from /bin to /usr/bin, others, maybe because they felt the
inodes were greener in the other directory, flipped from /usr/bin to /bin.
While there are many important reasons these files moved, including to
provide access to the tools while in single user mode, for instance, what is
more important for those affected is knowing what this means for your shell
scripts. How to look for problems, and, if necessary, how to fix your

For many people, most scripts are run as root through cron, and might have
taken the precaution of hard coding the path of each and every binary in the
script (it is generally considered a more secure method of scripting, you
can get more detail at
Hopefully, those paths to the location of the binaries in a variable at the
beginning of the script, such as:

| Code Listing 1.1                                                          |
| Example script                                                            |
| #!/bin/bash                                                               |
| MYNOHUP=/usr/bin/nohup                                                    |
| MYCOMMAND=/usr/local/bin/somecommand                                      |
| $MYNOHUP $MYCOMMAND                                                       |

This way, there is only one edit to make in the script. Of course, this
isn't the only solution. In a recent discussion on the gentoo-dev mailing
list, many potential solutions were offered. You can read the thread at One potential solution
is to completely forgo the full path to binaries in your shell scripts. By
ensuring that the PATH variable is properly set at the beginning of your
scripts, this entire issue is completely avoidable. In fact, for those that
currently subscribe to this method of shell scripting, the coreutils update
may have gone completely unnoticed. A good default for the PATH variable in
your scripts would be:

| Code Listing 1.2                                                          |
| Default PATH example                                                      |
| PATH=${PATH}:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin |

Obviously, one might want to check the path of the binaries for more
esoteric paths, for example /opt/vmware/server/bin is the location for
VMWare Server utilities. Another option mentioned was the command -p program
method. From the man page, command -p will "perform the command search using
a default value for PATH that is guaranteed to find all of the standard
utilities". This appears to be a fairly safe method of executing a command,
albeit at the cost of a few extra keystrokes. Also, since command is a built
in bash utility, it doesn't actually exist on the file system and is
therefore immune to the changes made by coreutils. This of course assumes
one is using the bash shell by default, which is a safe bet for most Linux

Similar to command, env runs a program in a modified environment. Simply
calling env program will run your utility with a drastically stripped-down
path; /bin:/usr/bin according to the email thread. Contrary to the command
utility, env is a file on the local file system and exists, via symbolic
links, in both /bin and /usr/bin.

Ultimately, the solution you choose is largely a matter of preference and
personal experience. Your best bet is to experiment with the solutions
listed above to find the one with which you are most comfortable. With your
new-found knowledge, there is one last thing to do. You will need to make
sure that you find the scripts running on your system and test them for
problems. You can manually ran each of them in debug mode to look for

| Code Listing 1.3                                                          |
| Running a bash command in debug mode                                      |
| $ bash -x sample_cron_job                                                 |
| + /bin/echo 'Hello World!'                                                |
| Hello World!                                                              |

You will also want to look in /usr/local/bin for scripts (if that is where
you keep them) and also /etc/conf.d/local.start and /etc/conf.d/local.stop.
If everything works, then you are in great shape!

2. Heard in the community

Status of Gentoo MIPS

Developer Alexander Færøy writes into his blog about the current optimistic
status of the MIPS herd. With the addition of Bryan Østergaard, who will be
working on general porting, and Richard Brown, who will be working on ruby
support, the progress of bringing this architecture up to speed is
accelerating toward the 2007.0 release. Alexander also mentions that they
are seeking new recruits to "join the coolest team within Gentoo" and talks
about his successes with their new Movidis[3] box.




Do it all, minus one

Jesse Adelman wrote into gentoo-user to ask how to be able to do an emerge
-uDN world, but have portage not update one package. Jesse had a version of
MythTV that had been removed from the tree that he wished to keep. However,
the version in the tree was between a newer and older version, thus causing
portage to want to downgrade if he simply put the newer version in
package.mask. Vikas Kumar suggested the often forgotten
/etc/portage/profile/package.provided. A package placed in this file will
not be updated unless another package necessarily depends on a newer
version. More information about package.provided is available in the portage
man page. Developer Zac Medico suggested to instead simply mask the package
versions that are both higher and lower than the version Jesse wanted to
keep, which is the best solution.



Daniel Drake[4] is looking for one or more people to help out with
gentoo-sources-2.6 maintenance. Knowledge of kernel internals and kernel
hacking is not required, but motivation to learn is the main qualification.
Being a Gentoo developer is not required to offer assistance and could be a
good way for an interested person to get a foot in the door towards becoming
a developer. Interested parties should contact Daniel privately, or on IRC.

   4. [hidden email]


3. Gentoo International

HSM looking for Gentoo specialists

HSM is a renowned, high profile software service provider headquartered in
Paderborn / Germany. Their strength is the development of interfaces and
add-ons to standard software programs and databases, programming of
customer-specific software, provision of standard software in the areas
security, ERP and emulations.

HSM is searching for Linux specialists with strong Gentoo knowledge for
further development and customer support for their Linux-based universal
firewall-software with a new and unique product concept. Successful
candidates will have ample Linux experience, which especially covers TCP/IP
and Routing, Perl, PHP and BASH Scripting, Apache, Bind, DNS, SQUID, Postfix
and MySQL, plus communicative skills, organised work habits and consequent
customer orientation.

This position offers candidates with the respective long-term professional
experience the possibility of ascending to a managing position. For
candidates with initial professional experiences we provide attractive
training and further qualification possibilities. For further information
contact HSM's HR Consultant, Mr. Wolf Geldmacher[5].

   5. [hidden email]

4. Gentoo in the press

Linux Magazine (26 April, 2007)

Linux Magazine posted an article about Gentoo Linux and portage. The feature
article is entirely about Gentoo and is available to Linux Magazine
subscribers only. If you are a Linux Magazine subscriber, check out the


5. Gentoo developer moves


The following developers recently left the Gentoo project:

  * none this week


The following developers recently joined the Gentoo project:

  * none this week


The following developers recently changed roles within the Gentoo project:

  * none this week

6. Gentoo security

Ktorrent: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in Ktorrent allowing for the
remote execution of arbitrary code and a Denial of Service.

For more information, please see the GLSA Announcement[6]


FreeType: User-assisted execution of arbitrary code

A vulnerability has been discovered in FreeType allowing for user-assisted
remote execution of arbitrary code.

For more information, please see the GLSA Announcement[7]


Tomcat: Information disclosure

A vulnerability has been discovered in Tomcat that allows for the disclosure
of sensitive information.

For more information, please see the GLSA Announcement[8]


Apache mod_perl: Denial of Service

The mod_perl Apache module is vulnerable to a Denial of Service when
processing regular expressions.

For more information, please see the GLSA Announcement[9]


Quagga: Denial of Service

A vulnerability has been discovered in Quagga allowing for a Denial of

For more information, please see the GLSA Announcement[10]


X.Org X11 library: Multiple integer overflows

The X.Org X11 library contains multiple integer overflows, which could lead
to the execution of arbitrary code.

For more information, please see the GLSA Announcement[11]


7. Gentoo package moves

This section lists packages that have either been moved or added to the tree
and packages that have had their "last rites" announcement given to be
removed in the future. The package removals come from many locations,
including the Treecleaners[12] and various developers. Most packages which
are listed under the Last Rites section are in need of some love and care
and can remain in the tree if proper maintainership is established.



Package:                 Removal date: Contact:
kde-misc/metabar         01 May 2007   Carsten Lohrke[13]
net-print/hpoj           01 May 2007   Denis Dupeyron[14]
mail-mta/qmail           01 May 2007   Michael Hanselmann[15]
dev-java/saxon-bin       02 May 2007   Petteri Räty[16]
media-fonts/cjkuni-fonts 02 May 2007   Matsuu Takuto[17]
sys-fs/raidtools         05 May 2007   Mike Frysinger[18]
dev-libs/wxactivex       05 May 2007   Mike Frysinger[18]
dev-libs/wx-xmingw       05 May 2007   Mike Frysinger[18]

  13. [hidden email]
  14. [hidden email]
  15. [hidden email]
  16. [hidden email]
  17. [hidden email]
  18. [hidden email]


Package:                            Addition date: Contact:
dev-perl/Sys-Syscall[19]            30 Apr 2007    Robin H. Johnson[20]
dev-perl/Danga-Socket[21]           30 Apr 2007    Robin H. Johnson[20]
dev-perl/Perlbal[22]                30 Apr 2007    Robin H. Johnson[20]
dev-perl/MogileFS-Client[23]        30 Apr 2007    Robin H. Johnson[20]
dev-perl/MogileFS-Utils[24]         30 Apr 2007    Robin H. Johnson[20]
dev-perl/mogilefs-server[25]        30 Apr 2007    Robin H. Johnson[20]
sys-fs/ncdu[26]                     01 May 2007    Wolfram Schlich[27]
net-im/pidgin[28]                   01 May 2007    Olivier Crete[29]
x11-plugins/pidgin-extprefs[30]     01 May 2007    Olivier Crete[29]
x11-plugins/pidgin-rhythmbox[31]    01 May 2007    Olivier Crete[29]
dev-ruby/maruku[32]                 01 May 2007    Aggelos Orfanakos[33]
app-office/calcurse[34]             01 May 2007    Cédric Krier[35]
app-emacs/mode-compile[36]          01 May 2007    Ulrich Müller[37]
dev-java/jsr67[38]                  01 May 2007    Krzysiek Pawlik[39]
dev-java/istack-commons-runtime[40] 01 May 2007    Krzysiek Pawlik[39]
dev-java/saaj[41]                   01 May 2007    Krzysiek Pawlik[39]
dev-java/rngom[42]                  01 May 2007    Krzysiek Pawlik[39]
dev-java/codemodel[43]              01 May 2007    Krzysiek Pawlik[39]
dev-java/sjsxp[44]                  01 May 2007    Krzysiek Pawlik[39]
dev-java/stax-ex[45]                01 May 2007    Krzysiek Pawlik[39]
dev-java/sun-httpserver-bin[46]     01 May 2007    Krzysiek Pawlik[39]
dev-java/xmlstreambuffer[47]        01 May 2007    Krzysiek Pawlik[39]
dev-java/istack-commons-tools[48]   01 May 2007    Krzysiek Pawlik[39]
dev-java/fastinfoset[49]            01 May 2007    Krzysiek Pawlik[39]
dev-java/jsr101[50]                 01 May 2007    Krzysiek Pawlik[39]
dev-java/jaxp[51]                   01 May 2007    Krzysiek Pawlik[39]
dev-java/relaxngcc[52]              01 May 2007    Krzysiek Pawlik[39]
dev-java/xsom[53]                   01 May 2007    Krzysiek Pawlik[39]
dev-java/txw2-runtime[54]           01 May 2007    Krzysiek Pawlik[39]
dev-java/jaxb[55]                   01 May 2007    Krzysiek Pawlik[39]
dev-java/jax-ws-api[56]             01 May 2007    Krzysiek Pawlik[39]
dev-java/jax-ws[57]                 01 May 2007    Krzysiek Pawlik[39]
dev-java/apt-mirror[58]             01 May 2007    Krzysiek Pawlik[39]
dev-java/sun-dtdparser[59]          01 May 2007    Krzysiek Pawlik[39]
dev-java/jaxb-tools[60]             01 May 2007    Krzysiek Pawlik[39]
dev-java/jsr93[61]                  01 May 2007    Krzysiek Pawlik[39]
dev-java/jax-rpc[62]                01 May 2007    Krzysiek Pawlik[39]
dev-java/jax-ws-tools[63]           01 May 2007    Krzysiek Pawlik[39]
dev-java/jaxr[64]                   01 May 2007    Krzysiek Pawlik[39]
x11-themes/mythtv-themes-extra[65]  02 May 2007    Steve Dibb[66]
x11-misc/slim[67]                   02 May 2007    Samuli Suominen[68]
dev-python/decoratortools[69]       02 May 2007    Rob Cakebread[70]
x11-themes/slim-themes[71]          02 May 2007    Samuli Suominen[68]
gnome-extra/nm-applet[72]           02 May 2007    Stephen Klimaszewski[73]
net-analyzer/nipper[74]             02 May 2007    Mike Auty[75]
dev-perl/JSON-XS[76]                03 May 2007    Christian Hartmann[77]
dev-lang/scala[78]                  04 May 2007    Vlastimil Babka[79]
www-apps/horde-mimp[80]             05 May 2007    Mike Frysinger[18]
dev-python/py[81]                   05 May 2007    Lukasz Strzygowski[82]
dev-java/jibx-tools[83]             05 May 2007    Krzysiek Pawlik[39]
app-emacs/javascript[84]            05 May 2007    Ulrich Müller[37]
app-admin/python-updater[85]        06 May 2007    Bryan Østergaard[86]
dev-java/jid3[87]                   06 May 2007    Petteri Räty[16]
xfce-extra/xfce4-time-out[88]       06 May 2007    Samuli Suominen[68]
app-vim/eselect-syntax[89]          06 May 2007    Mike Kelly[90]

  16. [hidden email]
  18. [hidden email]
  20. [hidden email]
  27. [hidden email]
  29. [hidden email]
  33. [hidden email]
  35. [hidden email]
  37. [hidden email]
  39. [hidden email]
  66. [hidden email]
  68. [hidden email]
  70. [hidden email]
  73. [hidden email]
  75. [hidden email]
  77. [hidden email]
  79. [hidden email]
  82. [hidden email]
  86. [hidden email]
  90. [hidden email]

Last Rites:

Package:                            Removal date: Contact:
dev-util/eclipse-cbg-editor[91]     30 May 2007   Petteri Räty[16]
dev-util/eclipse-cdt-bin[92]        30 May 2007   Petteri Räty[16]
dev-util/eclipse-emf-bin[93]        30 May 2007   Petteri Räty[16]
dev-util/eclipse-gef-bin[94]        30 May 2007   Petteri Räty[16]
dev-util/eclipse-pydev-bin[95]      30 May 2007   Petteri Räty[16]
dev-util/eclipse-subclipse-bin[96]  30 May 2007   Petteri Räty[16]
dev-util/eclipse-ve-bin[97]         30 May 2007   Petteri Räty[16]
dev-java/dbconnectionbroker-bin[98] 30 May 2007   Vlastimil Babka[79]
dev-java/infobus-bin[99]            30 May 2007   Vlastimil Babka[79]
x11-misc/login-app[100]             2 Jun 2007    Samuli Suominen[68]
dev-java/openjgraph[101]            3 Jun 2007    Alistair Bush[102]
app-misc/baobab[103]                3 Jun 2007    Daniel Gryniewicz[104]
dev-java/violinstrings[105]         3 Jun 2007    Alistair Bush[102]
dev-java/sun-fastinfoset-bin[106]   4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-jaxb-bin[107]          4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-jaxp-bin[108]          4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-jaxr-bin[109]          4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-jaxrpc-bin[110]        4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-jaxws-bin[111]         4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-jwsdp-shared-bin[112]  4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-saaj-bin[113]          4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-sjsxp-bin[114]         4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-wsdp-bin[115]          4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-xmldsig-bin[116]       4 Jun 2007    Krzysiek Pawlik[39]
dev-java/sun-xws-security-bin[117]  4 Jun 2007    Krzysiek Pawlik[39]

  16. [hidden email]
  39. [hidden email]
  68. [hidden email]
  79. [hidden email]
 102. [hidden email]
 104. [hidden email]

8. Bugzilla


  * Statistics
  * Closed bug ranking
  * New bug rankings


The Gentoo community uses Bugzilla ([118]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 29 April 2007 and 06 May 2007, activity on the
site has resulted in:


  * 565 new bugs during this period
  * 361 bugs closed or resolved during this period
  * 26 previously closed bugs were reopened this period
  * 104 bugs marked as duplicates during this period

Of the 10028 currently open bugs: 11 are labeled 'blocker', 116 are labeled
'critical', and 364 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period

  * Gentoo's Team for Core System packages[119], with 35 closed
  * Java team[121], with 17 closed bugs[122]
  * Gentoo Security[123], with 16 closed bugs[124]
  * Gentoo KDE team[125], with 15 closed bugs[126]
  * Gentoo net-im Herd[127], with 13 closed bugs[128]
  * ppc64 architecture team[129], with 10 closed bugs[130]
  * Gentoo X-windows packagers[131], with 9 closed bugs[132]
  * SpanKY[18], with 9 closed bugs[133]

  18. [hidden email]
 119. [hidden email]
 121. [hidden email]
 123. [hidden email]
 125. [hidden email]
 127. [hidden email]
 129. [hidden email]
 131. [hidden email]

New bug rankings

The developers and teams who have been assigned the most new bugs during
this period are:

  * Default Assignee for New Packages[134], with 21 new bugs[135]
  * Gentoo X-windows packagers[131], with 13 new bugs[136]
  * AMD64 Project[137], with 10 new bugs[138]
  * media-video herd[139], with 8 new bugs[140]
  * Gentoo's Team for Core System packages[119], with 7 new bugs[141]
  * Gentoo Ruby Team[142], with 6 new bugs[143]
  * Robin Johnson[20], with 6 new bugs[144]
  * Gentoo net-im Herd[127], with 5 new bugs[145]

  20. [hidden email]
 119. [hidden email]
 127. [hidden email]
 131. [hidden email]
 134. [hidden email]
 137. [hidden email]
 139. [hidden email]
 142. [hidden email]

9. GWN feedback

The GWN is staffed by volunteers and members of the community who submit
ideas and articles. If you are interested in writing for the GWN, have
feedback on an article that we have posted, or just have an idea or article
that you would like to submit to the GWN, please send us your feedback[146]
and help make the GWN better.

 146. [hidden email]

10. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email].

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email] from the e-mail address you are subscribed

11. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

  * Chinese (Simplified)[147]
  * Dutch[148]
  * English[149]
  * German[150]
  * Greek[151]
  * French[152]
  * Korean[153]
  * Japanese[154]
  * Italian[155]
  * Polish[156]
  * Portuguese (Brazil)[157]
  * Portuguese (Portugal)[158]
  * Russian[159]
  * Slovak[160]
  * Spanish[161]
  * Turkish[162]


Chris Gianelloni <[hidden email]> - Editor
David Snider <[hidden email]> - Author
Donnie Berkholz <[hidden email]> - Author
Kyle Bishop <[hidden email]> - Author
Tobias Scherbaum <[hidden email]> - Author

[hidden email] mailing list