Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 6 February 2006
Date: Mon, 06 Feb 2006 01:09:48
Message-Id: 20060206014334.516a2ddd.plate@gentoo.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 6 February 2005.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo news
9 ==============
10
11 GNOME 2.12 moved to stable
12 --------------------------
13
14 GNOME 2.12 was moved into stable on 22 January 2006. An updated upgrade
15 guide[1] is available. If you experience any issues, please search
16 bugzilla[2], wander into #gentoo-desktop on irc.freenode.net, or file a
17 new bug.
18
19 1.
20 http://www.gentoo.org/proj/en/desktop/gnome/howtos/gnome-2.12-upgrade.xml
21 2. http://bugs.gentoo.org
22
23 Note: If you were helping us test 2.12 by having the packages in your
24 package.keywords file, please remove them all since we will be adding
25 newer releases such as 2.12.3 and the 2.13 beta.
26
27 Wi-Spy device donation
28 ----------------------
29
30 Following up on a recent weblog entry[3], Ryan Woodings, president of
31 MetaGeek, LLC[4], has generously donated a free Wi-Spy spectrum analyzer
32 to Gentoo developer Henrik Brix Andersen[5]. The device will assist in
33 debugging the various IEEE 802.11 wireless LAN drivers available in
34 Portage. A huge thank you to Ryan for his donation.
35
36 3.
37 http://planet.gentoo.org/developers/brix/2006/01/21/low_cost_2_4ghz_spectrum_analyzer
38 4. http://www.metageek.net/
39 5. brix@g.o
40
41 The first edition of the third-party open-source tools[6] for the Wi-Spy
42 device are now available in Gentoo Portage under
43 net-wireless/wispy-tools[7].
44
45 6. http://www.kismetwireless.net/wispy.shtml
46 7.
47 http://packages.gentoo.org/packages/?category=net-wireless;name=wispy-tools
48
49 Poppler and KPDF
50 ----------------
51
52 People interested in Gentoo's security announcements (GLSA) will have seen
53 the many security bugs in the xpdf code that have been discovered over the
54 last year. To make fixing them easier -- so that users only have to
55 upgrade one package -- the "Poppler" library was introduced. Unfortunately
56 the Poppler library was not used by kpdf to display PDFs because some
57 patches in the KDE xpdf copy were missing in poppler. Thanks to Gentoo
58 developer Stefan Schweizer[8] who helped to get a big patch into Poppler,
59 almost everything needed for kpdf-integration[9] now seems to be
60 integrated.
61
62 8. genstef@g.o
63 9. http://freedesktop.org/wiki/Software_2fpoppler
64
65 However upstream KPDF is not yet using Poppler because KDE 3.5 is
66 dependency-frozen, no new dependency can be added. Kubuntu has integrated
67 a patch by Jonathan Riddell to make KPDF use Poppler, and Gentoo is now
68 also using a -- slightly improved -- version thanks to Diego Pettenò[10].
69
70 10. flameeyes@g.o
71
72 While this is mostly important for maintainers, as it greatly simplifies
73 the security process, this change has some implications for users, too. As
74 KPDF now is using Poppler directly, it creates a new dependency for
75 kdegraphics and kpdf. The poppler-bindings are already a dependency for
76 kpdf, and for kdegraphics with USE="pdf"). Reducing the duplication of
77 code means that KPDF takes less time to build and occupies less space, and
78 also seems notably faster than before.
79
80 Note: Xpdf has also been ported to using Poppler. The current xpdf ebuild
81 in Portage uses only Poppler for rendering.
82
83 =========================
84 2. Heard in the community
85 =========================
86
87 Web forums
88 ----------
89
90 EVDO access for Gentoo
91
92 Living in Japan, the US or anywhere else where EVDO, the broadband data
93 standard on CDMA2000 mobile phone networks is common? Here's a brandnew
94 howto for those who'd like to use an EVDO PCMCIA card in their laptops,
95 then:
96
97 * How-To: EVDO on Gentoo Linux[11]
98 11. https://forums.gentoo.org/viewtopic-t-427992.html
99
100
101 gentoo-dev
102 ----------
103
104 Make logrotate a global USE flag?
105
106 A lengthy discussion on the merits of making logrotate a global useflag
107 happened this week. While some ebuilds offer a (local) logrotate useflag
108 it is not optimal to toggle this through a USE flag - changing log
109 handling should be a config option and not force a recompile!
110
111 * Make logrotate a global USE flag? [12]
112 * Default ebuild behaviour [13]
113 12. http://thread.gmane.org/gmane.linux.gentoo.devel/35675
114 13. http://thread.gmane.org/gmane.linux.gentoo.devel/35753
115
116
117 USE flag change: pdflib --> pdf
118
119 Merging three existing USE flags that all basically did the same thing is
120 what Marius Mauch[14] had in mind when he proposed a new unified USE="pdf"
121 flag.
122
123 14. genone@g.o
124
125 * pdf use flags[15]
126 15. http://thread.gmane.org/gmane.linux.gentoo.devel/35234
127
128
129 =======================
130 3. Gentoo international
131 =======================
132
133 Switzerland: Diet Pentoo released
134 ---------------------------------
135
136 Mini-Pentoo[16] is a trimmed version of the Pentoo LiveCD[17], a
137 "penetration testing distribution" based on Gentoo Linux and maintained by
138 Basel-based Michael Zanetta[18]. It features tools for auditing and
139 testing a network environment, from scanning and discovery to exploiting
140 vulnerabilities. Its 186MB fit on a mini-CD or a 256MB USB stick, and the
141 new version features a number of enhancements, including a 2.6.14 kernel
142 with unionfs, support for package modules like Slax, non-volatile storage
143 for Nessus plugins, SecurityForest's ExploitTree or config files, and
144 enhanced wireless support.
145
146 16. http://www.pentoo.ch
147 17. http://www.gentoo.org/news/en/gwn/20050425-newsletter.xml#doc_chap5
148 18. grimmlin@××××××.ch
149
150 Figure 3.1: 'Sexiest window manager available' -- Pentoo's new
151 Enlightenment theme
152 http://www.gentoo.org/images/gwn/20060206_pentoo.png
153
154 Note: Gentoo developer Marcelo Góes has written a review of Pentoo that's
155 worth reading if you want to know more about what it contains, and
156 check Pentoo's complete list of tools for detailed information.
157
158 Japan: OSC Tokyo coming up
159 --------------------------
160
161 GentooJP[19] is busily preparing for the next open-source conference in
162 Tokyo: the spring edition of Japan's dedicated open-source events series,
163 OSC[20]. The upcoming event is going to be held on 17 and 18 March at the
164 usual venue, the Japan Electronics College[21] in Ogikubo. Admission will
165 be free, please use the GentooJP mailing list
166 (gentoojp-misc@××××××××××××.jp) in case you'd like to offer your help at
167 the booth.
168
169 19. http://www.gentoo.gr.jp
170 20. http://www.ospn.jp/osc2006
171 21. http://www.jec.ac.jp/sc_intro/sc_access.html
172
173 UK: EUsecwest security conference in London
174 -------------------------------------------
175
176 Andrea Barisani[22], Gentoo developer featured in the 9 January 2006
177 edition[23] of the GWN, will be one of the speakers at EUSecWest[24], a
178 security conference held in London on 20 and 21 February. His talk,
179 entitled "Lessons in open-source security: the tale of a 0-day
180 incident"[25], will describe how the rsync exploit (see GLSA 200312-01[26]
181 and GLSA 200312-03[27] for details) was handled by Gentoo and the rsync
182 maintainers. Further topics include security in open-source environments
183 with Hardened Gentoo as one of the covered examples.
184
185 22. lcars@g.o
186 23. http://www.gentoo.org/news/en/gwn/20060109-newsletter.xml#doc_chap2
187 24. http://eusecwest.com
188 25. http://www.inversepath.com/news.html
189 26. http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml
190 27. http://www.gentoo.org/security/en/glsa/glsa-200312-03.xml
191
192 ======================
193 4. Gentoo in the press
194 ======================
195
196 eWeek.com (29 January 2006)
197 ---------------------------
198
199 Lee Thompson, VP at E-Trade.com, gives a flamboyant testimonial to why he
200 thinks that Gentoo Linux appeals so much from a technology management
201 perspective: "the rate of patches coming out of the vendor" is so much
202 faster than with any other operating system that "the amount of change
203 that you are sustaining on a Gentoo system is orders of magnitude larger."
204 In his job as CEO of E-Trade, he knows that change can destabilize at
205 times, but it's still good, and worth the extra effort: "If you can
206 sustain change faster than somebody else, you're going to survive, and the
207 person who can't sustain the change is not going to evolve, and they're
208 going to die off." The only thing he's missing is a dedicated Gentoo
209 flavor for production servers -- which are still running RedHat, while
210 Gentoo only powers his laptop. The article[28] contains much more than
211 just Thompson's love for Gentoo, explaining how open-source development
212 can be leveraged for commercial success at a company like E-Trade, and he
213 managed to stir up Steven J. Vaughn-Nichols who wrote another article at
214 Linux Watch[29] where he references Thompsons testimonial, titled "Selling
215 Linux to bean-counters."
216
217 28. http://www.eweek.com/article2/0,1895,1916587,00.asp
218 29. http://www.linux-watch.com/news/NS7303540276.html
219
220 Wine Headquarter (31 January 2006)
221 ----------------------------------
222
223 Lo' and behold: Wine, the non-emulator for non-Linux applications on
224 Linux, is actually faster than Windows XP when it comes to running Windows
225 applications, claims a benchmark test from WineHQ[30]. our mileage will
226 vary depending on your Linux config, Wine version and Hardware," says
227 author Tom Wickline, but it seems to hold true when the test was done with
228 Wine 0.9.5 on a Gentoo Linux system...
229
230 30. http://wiki.winehq.org/BenchMark-0.9.5
231
232 =========================
233 5. Gentoo developer moves
234 =========================
235
236 Moves
237 -----
238
239 The following developers recently left the Gentoo project:
240
241 * None this week
242
243 Adds
244 ----
245
246 The following developers recently joined the Gentoo project:
247
248 * Zac Medico (zmedico) - Portage
249 * Alec Warner (antarus) - Portage
250 * Gérald Fenoy (djay) - app-sci herd
251
252 Changes
253 -------
254
255 The following developers recently changed roles within the Gentoo project:
256
257 * None this week
258
259 ==================
260 6. Gentoo Security
261 ==================
262
263 MyDNS: Denial of Service
264 ------------------------
265
266 MyDNS contains a vulnerability that may lead to a Denial of Service
267 attack.
268
269 For more information, please see the GLSA Announcement[31]
270
271 31. http://www.gentoo.org/security/en/glsa/glsa-200601-16.xml
272
273 Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
274 ------------------------------------------------------------
275
276 Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer
277 overflows that may be exploited to execute arbitrary code.
278
279 For more information, please see the GLSA Announcement[32]
280
281 32. http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml
282
283 GStreamer FFmpeg plugin: Heap-based buffer overflow
284 ---------------------------------------------------
285
286 The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be
287 exploited by attackers to execute arbitrary code.
288
289 For more information, please see the GLSA Announcement[33]
290
291 33. http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml
292
293 ===========
294 7. Bugzilla
295 ===========
296
297 Statistics
298 ----------
299
300 The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and
301 track bugs, notifications, suggestions and other interactions with the
302 development team. Between 29 January 2006 and 05 February 2006, activity
303 on the site has resulted in:
304
305 34. http://bugs.gentoo.org
306
307 * 830 new bugs during this period
308 * 435 bugs closed or resolved during this period
309 * 26 previously closed bugs were reopened this period
310
311 Of the 9240 currently open bugs: 75 are labeled 'blocker', 169 are labeled
312 'critical', and 505 are labeled 'major'.
313
314 Closed bug rankings
315 -------------------
316
317 The developers and teams who have closed the most bugs during this period
318 are:
319
320 * Gentoo's Team for Core System packages[35], with 23 closed bugs[36]
321 * Gentoo KDE team[37], with 20 closed bugs[38]
322 * Simon Stelling[39], with 20 closed bugs[40]
323 * Gentoo Security[41], with 14 closed bugs[42]
324 * AMD64 Porting Team[43], with 13 closed bugs[44]
325 * Stefano Rossi[45], with 12 closed bugs[46]
326 * Volkov Peter[47], with 12 closed bugs[48]
327 * Printing Team[49], with 12 closed bugs[50]
328 35. base-system@g.o
329 36.
330 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=base-system@g.o
331 37. kde@g.o
332 38.
333 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=kde@g.o
334 39. blubb@g.o
335 40.
336 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=blubb@g.o
337 41. security@g.o
338 42.
339 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=security@g.o
340 43. amd64@g.o
341 44.
342 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=amd64@g.o
343 45. so@g.o
344 46.
345 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=so@g.o
346 47. pva@g.o
347 48.
348 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=pva@g.o
349 49. printing@g.o
350 50.
351 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=printing@g.o
352
353
354 New bug rankings
355 ----------------
356
357 The developers and teams who have been assigned the most new bugs during
358 this period are:
359
360 * Default Assignee for New Packages[51], with 71 new bugs[52]
361 * Gentoo Games[53], with 9 new bugs[54]
362 * AMD64 Porting Team[55], with 9 new bugs[56]
363 * Gentoo KDE team[57], with 8 new bugs[58]
364 * Default Assignee for Orphaned Packages[59], with 7 new bugs[60]
365 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[61], with 7 new
366 bugs[62]
367 * Gentoo's Team for Core System packages[63], with 7 new bugs[64]
368 * Python Gentoo Team[65], with 6 new bugs[66]
369 51. maintainer-wanted@g.o
370 52.
371 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=maintainer-wanted@g.o
372 53. games@g.o
373 54.
374 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=games@g.o
375 55. amd64@g.o
376 56.
377 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=amd64@g.o
378 57. kde@g.o
379 58.
380 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=kde@g.o
381 59. maintainer-needed@g.o
382 60.
383 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=maintainer-needed@g.o
384 61. kernel@g.o
385 62.
386 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=kernel@g.o
387 63. base-system@g.o
388 64.
389 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=base-system@g.o
390 65. python@g.o
391 66.
392 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=python@g.o
393
394
395 ===============
396 8. GWN feedback
397 ===============
398
399 Please send us your feedback[67] and help make the GWN better.
400
401 67. gwn-feedback@g.o
402
403 ===============================
404 9. GWN subscription information
405 ===============================
406
407 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
408 gentoo-gwn+subscribe@g.o.
409
410 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
411 gentoo-gwn+unsubscribe@g.o from the email address you are
412 subscribed under.
413
414 ===================
415 10. Other languages
416 ===================
417
418 The Gentoo Weekly Newsletter is also available in the following languages:
419
420 * Danish[68]
421 * Dutch[69]
422 * English[70]
423 * German[71]
424 * French[72]
425 * Korean[73]
426 * Japanese[74]
427 * Italian[75]
428 * Polish[76]
429 * Portuguese (Brazil)[77]
430 * Portuguese (Portugal)[78]
431 * Russian[79]
432 * Spanish[80]
433 * Turkish[81]
434 68. http://www.gentoo.org/news/da/gwn/gwn.xml
435 69. http://www.gentoo.org/news/nl/gwn/gwn.xml
436 70. http://www.gentoo.org/news/en/gwn/gwn.xml
437 71. http://www.gentoo.org/news/de/gwn/gwn.xml
438 72. http://www.gentoo.org/news/fr/gwn/gwn.xml
439 73. http://www.gentoo.org/news/ko/gwn/gwn.xml
440 74. http://www.gentoo.org/news/ja/gwn/gwn.xml
441 75. http://www.gentoo.org/news/it/gwn/gwn.xml
442 76. http://www.gentoo.org/news/pl/gwn/gwn.xml
443 77. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
444 78. http://www.gentoo.org/news/pt/gwn/gwn.xml
445 79. http://www.gentoo.org/news/ru/gwn/gwn.xml
446 80. http://www.gentoo.org/news/es/gwn/gwn.xml
447 81. http://www.gentoo.org/news/tr/gwn/gwn.xml
448
449
450 Ulrich Plate <plate@g.o> - Editor
451 Henrik Brix Andersen <brix@g.o> - Author
452 Stefan Schweizer <genstef@g.o> - Author
453
454 --
455 gentoo-gwn@g.o mailing list