I have just performed an emerge -u world, which included an upgrade from xorg-server-1.0.2-r3 to xorg-server-1.0.2-r4. Unfortunately this left me with an xserver which was unusable because the display was completely mangled. However I was unable to roll back to where I was because 1.0.2-r3 had already been removed from portage. I then tried to switch to the only other available ebuild -- xorg-server-1.0.99.902-r1 -- but this would not even start at all. In other words I am completely unable to launch an xserver at the moment. Please could you do two things: 1. Restore xorg-server-1.0.2-r3 to portage immediately. You may not like it, but it works for me while the versions currently in portage definitely don't. 2. Make sure that, in future, the rollback path is not removed so quickly for any upgrade or security update to any package whatsoever. Irreversible system-hosing updates is the Microsoft way. It shouldn't be the gentoo way.
Yes, it had a serious security bug. Not coming back for sure.
*** Bug 132606 has been marked as a duplicate of this bug. ***
*** Bug 132605 has been marked as a duplicate of this bug. ***
Look. An upgrade to xorg-server has left me unable to use any desktop applications short of booting into knoppix. I understand that security is very important, but wouldn 't it be enough simply to hard mask 1.0.2-r3? That way anybody continuing to use it would be alerted to the fact that there was something seriously amiss with it and be able to make an informed choice. My machine is behind a home firewall and is therefore not as vulnerable to attack as would be, say, the gentoo.org servers. I would therefore prefer to take a moderate risk behind my firewall than to be barred from using my desktop. However it seems that you have decided that I am going to be barred from my desktop until I work out how to downgrade to xorg-6.8.2. You may not consider this a bug, but when I, as a user, find portage starting to be this capricious and unpredictable, all advantage to using gentoo is lost and it starts to look like time to switch to a more reliable distro. Please reinstate xorg-server-1.0.2-r3 -- hard masked is fine -- until you can come up with a replacement that actually works.
> Please reinstate xorg-server-1.0.2-r3 -- hard masked is fine -- until you can > come up with a replacement that actually works. No. File a useful bug about what doesn't work for you, so that it can get fixed. The version with a huge security hole ain't making it back. http://sources.gentoo.org/viewcvs.py/gentoo-x86/x11-base/xorg-server/?hideattic=0
I think what I really needed to know was that ebuilds which have been removed from portage are still accessible from the portage CVS attic -- http://www.gentoo.org/cgi-bin/viewcvs.cgi/ -- if you need them. 1.0.2-r4 now seems to be working, btw (albeit with a minor bug). Don't know what happened there. Maybe some fglrx stuff.
