Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@××××××××××××.org
Subject: [gentoo-gwn] CORRECTED Gentoo Weekly Newsletter 24 January 2005
Date: Tue, 25 Jan 2005 03:53:12
The Mac Mini story got accidentally dropped from the earlier 
version of this newsletter. We apologize for the inconvenience.

GWN editor
Ulrich Plate

Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 24 January 2005.
1. Gentoo News
Only few hours ahead of the first of many components[1] of the complete 
Solaris source code being publicly released under Sun's brand new, 
OSI-approved CDDL open-source license, Gentoo is pleased to announce plans 
to add OpenSolaris[2] support to Portage. Gentoo Senior Manager and 
OpenSolaris pilot program participant, Pieter Van den Abeele, has been 
working closely with Sun's management, legal and engineering teams to 
prepare this move. Gentoo will be leveraging the hard work of long-time 
Solaris users and Gentoo Developers-in-training Sunil Kumar and Jason 
Wohlgemuth, whose "Portaris" project has been running on top of Solaris 9 
and 10 builds for quite a while already[3].
Figure 1.1: OpenSolaris + Looking Glass - an interesting alternative for 
the open-source desktop market
With "Sun going back to its roots by open-sourcing the code," Pieter 
expects OpenSolaris to have a huge impact on the open-source market. "With 
their service and support network and their expertise, they can redefine 
at least part of the open-source landscape in the enterprise," says 
Pieter. And he expects Gentoo to become an important factor for 
OpenSolaris' success: "We're able to build on prior experience with Gentoo 
ports to non-Linux operating systems, we've had the technology preview of 
Gentoo for Mac OS X[4], we've got developers working full-time on 
Opendarwin support, and we're well out of the starting blocks for the race 
to Gentoo-ifiedBSD kernels and userland applications[5]," he says. "But 
even I wasn't quite prepared for my Sparc booting with a Gentoo 
bootsplash," laughs Pieter.
The unofficial Portaris[6] or "Portage for Solaris" project has been 
maintaining Gentoo's package management system on top of Solaris 9 and 10 
systems. Its two biggest contributors, Sunil Kumar and Jason Wohlgemuth 
(who, like Pieter, is a member of Sun's pilot program for open-sourcing 
Solaris), have invested a tremendous amount of their time in this project, 
culminating in a veritable installer for Solaris[7] that has been 
available to a small, knowledgeable Solaris user community for several 
months already.
New kernel profiles for 2005.0
In view of the 2005.0 release date, the Gentoo developers on the kernel 
team have been working very hard amalgamating the sources in the Portage 
tree. Since the 2.6 kernel tree will become the default for all supported 
architectures except Sparc, the separate kernel categories in Portage are 
being abolished and replaced by the same generic names formerly used for 
the 2.4 versions of the same sources. This is the first time that the new 
"cascading profiles" feature in Portage has been used to manage the 
dependancy requirements of a package. In essence, this means that the same 
package - say, gentoo-sources - will automatically decide whether its 2.6 
or 2.4 version is being requested, based on the specifications in the 
chosen sub-profile. By linking /etc/make.profile to either the 2.4 or 2.6 
subprofile (whichever may exist for your profile) 
in/usr/portage/profiles/default-[OS]/[arch]/2005.0/, you can choose which 
one you want as your personal default, while the other version will be 
masked.If you don't choose a subprofile, 2.6 will automatically become the 
default, where applicable. 
"If you're currently still running 2.4 kernels, but don't care all that 
much about staying, this would be a perfect moment to switch," suggests 
Gentoo kernel devJohn Mylchreest[8]. "We do recommend switching to 2.6 
wherever possible, and you can catch up on what's involved by reading our 
kernel migration guide[9]." Sparc being the only architecture with a 
number of unresolved issues preventing a move to 2.6 as default, the newer 
version will become the standard for virtually everybody else. Users with 
any of the following kernel sources currently installed on their systems 
need to be aware that these are going to be removed at the same time as 
the 2005.0 release. Their replacements are also listed:
 8. johnm@g.o
 * development-sources will become vanilla-sources  
 * gentoo-dev-sources will become gentoo-sources  
 * rsbac-dev-sources will become rsbac-sources  
 * hardened-dev-sources will become hardened-sources  
The switch is going to be automatic for users who follow a steady rsync 
and emerge world diet. When the next version of their kernel sources 
becomes available, an emerge --update will pull in the source tarball 
under its new name, and update accordingly. While the Gentoo kernel team 
recommends switching, this also works for users with specific reasons to 
keep their 2.4 series: They just have to make sure they link to a 2.4 
subprofile, and emerge --update for them will consequently only fetch and 
install newer versions in the 2.4 tree, not 2.6.
The move on to the new profile that sets 2.6 by default will involve 
changing from the old linux26-headers to linux-headers at the same time. 
An emerge glibc - or emerge system - may be a good idea at that point.
Except for the pegasos-dev-sources that have already been moved 
topegasos-sources, the changeover will occur at the same time as the 
2005.0 release. More detailed information, including specific instructions 
for linking /etc/make.profile to the right subprofile will be made 
available at that time.
Genesi Open Desktop Workstation sales - Gentoo Linux pre-installed
>From 1 March 2005, Luxembourg-based Genesi[10] will start selling their
Open Desktop Workstation in a configuration with Gentoo Linux pre-installed - for a price of $999 USD, ten percent of which will be donated to the Gentoo Foundation! Bill Buck, CEO of Genesi, explains the new sponsoring deal: "For every workstation we sell thanks to a referral from Gentoo's website, we'll donate 100 USD to the Foundation." As many Gentoo users have been looking for attractive opportunities to support Gentoo financially, sales are expected to soar now that the ODWs are clearly benefitting the project as a whole. Moreover, Genesi is offering their Gentoo-ified models at a considerable rebate compared to their own standard offers of desktop and server configurations for $1399 and $1799 USD. 10. Figure 1.1: Open Desktop Workstations with Gentoo Linux/PPC, shipping soon! The Open Desktop Workstation is configured as follows: * Pegasos II with 1GHz G4 processor * 256MB of PC2100 DDR RAM * CDRW drive * 40GB ATA100 Hard Disk * Radeon 9200SE 128MB AGP Graphics with DVI, VGA, and TV-Out * Low profile small footprint case - tower or desktop orientation Thirteen of these ODWs had previously been donated to Gentoo developers for thorough testing and feature development, and consequently Gentoo fully supports the PegasosPPC. The pre-installed version is based on the 2004.3 release of Gentoo Linux/PPC. Pre-ordering is available right away. Sales will begin on 1 March 2005 - detailed information about how to order will be sent to everyone expressing interest. To be alerted when orders for the ODWs with Gentoo Linux can be placed, send a message toodw@g.o. Rumour confirmed - Gentoo first to run on Mac Mini! --------------------------------------------------- Gentoo/PPC developer Daniel Ostrow[11] has succeeded in bringing the Mac Mini into the family of Gentoo supported PowerPC based machines. The system will be fully supported by 2005.0 and boots cleanly using 2004.3. 11. dostrow@g.o Figure 1.1: Fresh out of the box, running Gentoo Linux/PPC: Apple's new Mac Mini The next step will be getting the attached 20" display to behave under X. The machine will be on display at the Gentoo booth at Linux World Expo - Boston edition[12] on 12 to 14 February, and FOSDEM[13] in Brussels later that month. 12. 13. ============== 2. Future Zone ============== Renovating the Forums - phpBB brush-up and other changes -------------------------------------------------------- Something's afoot in the Forums, and we asked one of the admins,Christian Hartmann[14] (ian), what was going on. The following interview sheds some light on what we can expect to happen in the very near future: 14. ian@g.o Q: The Forums footer says: Powered by phpBB 2.0.x © 2001, 2002 phpBB Group. What version are we actually using at the moment? A: At the moment we are using a heavily patched version of the phpBB 2.0 branch. All security related bugs have been patched. Furthermore we applied some performance tweaks and other modifications[15]. 15. Q: Why aren't you just using a vanilla phpBB 2.0.11 instead? A:That's a very frequently asked question. First of all we will indeed switch to the latest stable phpBB release soon. Backporting all the patches we applied to their 2.0.x codebase will almost be done by the time you read this. Q: What about all the feature requests in Gentoo Forums Feedback[16]? 16. A: We look at every post in Gentoo Forums Feedback and know exactly what our users demand. After installing the new forums software we will have a look at implementing a lot of new and exciting stuff. Expect a period where we'll have something new almost every week... Q: Does that mean that you will also make use of mods? A: Exactly! That is one of the reasons why we are switching to the latest phpBB release. This will make adding modifications much easier. Q: Adding modifications to the forums were a "no-no" for a long time. Whatmade you change your mind? A: Gentoo is project based entirely on the work of volunteers, and so is its Infrastructure team. We just didn't have the resources to do any of the more sophisticated things. Now that we do, it was about time we changed our policy and started working on it. Q: Talking about modifications and additions, what can we expect to see? A: We'll have to move the forums web service to a different server soon, and we'll start making use of the new forums software when switching to that new server. The user hopefully will not even realize that we switched to different software. It will be mostly the same as it is now, just with a clean codebase, and with some of the earlier itches like the search bug[17] ironed out. More corrections will be made to the language packs, and after that we will add two more forums, one each for our Turkish and our Arab users. There's a lot more on our todo-list, but we can talk about those additions once we're done with the first batch. 17. ================== 3. Gentoo security ================== Squid: Multiple vulnerabilities ------------------------------- Squid contains vulnerabilities in the the code handling NTLM (NT Lan Manager), Gopher to HTML and WCCP (Web Cache Communication Protocol) which could lead to denial of service and arbitrary code execution. For more information, please see the GLSA Announcement[18] 18. ImageMagick: PSD decoding heap overflow --------------------------------------- ImageMagick is vulnerable to a heap overflow when decoding Photoshop Document (PSD) files, which could lead to arbitrary code execution. For more information, please see the GLSA Announcement[19] 19. Ethereal: Multiple vulnerabilities ---------------------------------- Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization. For more information, please see the GLSA Announcement[20] 20. Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2 --------------------------------------------------- A stack overflow was discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issue. For more information, please see the GLSA Announcement[21] 21. Mailman: Cross-site scripting vulnerability ------------------------------------------- Mailman is vulnerable to cross-site scripting attacks. For more information, please see the GLSA Announcement[22] 22. CUPS: Stack overflow in included Xpdf code ------------------------------------------ CUPS includes Xpdf code and therefore is vulnerable to the recent stack overflow issue, potentially resulting in the remote execution of arbitrary code. For more information, please see the GLSA Announcement[23] 23. teTeX, pTeX, CSTeX: Multiple vulnerabilities -------------------------------------------- teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to temporary file handling issues. For more information, please see the GLSA Announcement[24] 24. KPdf, KOffice: Stack overflow in included Xpdf code --------------------------------------------------- KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code. For more information, please see the GLSA Announcement[25] 25. MySQL: Insecure temporary file creation --------------------------------------- MySQL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. For more information, please see the GLSA Announcement[26] 26. ======================= 4. Gentoo International ======================= Belgium: Gentoo Developer Meeting at FOSDEM ( --------------------------------------------- Gentoo will again be present at FOSDEM[27] in Brussels, the annual non-commercial Free and Open Source Software Developers' European Meeting. It will take place at the Université Libre de Bruxelles[28] on the weekend of 26 and 27 February. The Gentoo community will be represented by more than 25 developers from Belgium, the Netherlands, France, Germany, Denmark, Spain, Italy, and even the U.S. This time we have our own Developers' Room[29], an amphitheatre with 59 seats, open on Saturday and Sunday. 27. 28. 29. A full schedule of presentations[30] has been set up by Gentoo's Fosdem organizer for the Developers' room, Lars Weiler[31]. In addition to this, one of Gentoo's portage developers, Marius Mauch[32], will give a presentation about portage as part Fosdem's main track. 30. 31. pylon@g.o 32. As usual we will also show hardware which is supported by Gentoo, like Genesi's[33] PegasosPPC, an UltraSparc and an SGI Octane. Several MacMinis are also expected to get thrown in the mix. Gentoo LiveCDs will be available for purchase at FOSDEM. 33. USA: CPLUG Security Conference (5 March) ---------------------------------------- Central PA Linux Users Group[34] will be hosting a Security Conference[35] at Messiah College near Harrisburg, Pennsylvania, on 5 March 2005. The all-day event will feature several speakers covering topics with a technical focus on Linux-related networking and security, including Gentoo Hardened developer Brandon Hale[36] who will make a presentation on "Advanced Memory Protections with Linux". Registrations have already started and accomodation is provided by the organizers upon request. Admission to the event is $5 USD, including lunch. 34. 35. 36. zhen@g.o ====================== 5. Gentoo in the press ====================== Wildlife Photographer of the Year 2004 -------------------------------------- Gentoos are "busily coming and going, squabbling and fighting, raucously greeting each other," and - before you start thinking we're reporting from a developer conference here - "stealing stones from their neighbours' nests." Nah, we'd never do that, of course. Swedish photographer Lars-Olof Johansson received a "Highly commended" mention at the BBC Wildlife Magazine's and The Natural History Museum's "Wildlife Photographer of the Year" contest, for his extraordinarily intimateshot of two Gentoo chicks and their mother[37]. Disclaimer: We don't do that, either... 37. &posdescrip2=hc&picnumb=24 =========== 6. Bugzilla =========== Summary ------- * Statistics * Closed bug ranking * New bug rankings Statistics ---------- The Gentoo community uses Bugzilla ([38]) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 16 January 2005 and 23 January 2005, activity on the site has resulted in: 38. * 990 new bugs during this period * 546 bugs closed or resolved during this period * 35 previously closed bugs were reopened this period Of the 7976 currently open bugs: 109 are labeled 'blocker', 230 are labeled 'critical', and 593 are labeled 'major'. Closed bug rankings ------------------- The developers and teams who have closed the most bugs during this period are: * Gentoo KDE team[39], with 41 closed bugs[40] * OpenOffice Team[41], with 27 closed bugs[42] * Gentoo Games[43], with 26 closed bugs[44] * AMD64 Porting Team[45], with 21 closed bugs[46] * Vim Maintainers[47], with 20 closed bugs[48] * Java team[49], with 20 closed bugs[50] * media-video herd[51], with 19 closed bugs[52] * Gentoo's Team for Core System packages[53], with 17 closed bugs[54] 39. kde@g.o 40. 41. openoffice@g.o 42. 43. games@g.o 44. 45. amd64@g.o 46. 47. vim@g.o 48. 49. java@g.o 50. 51. media-video@g.o 52. 53. base-system@g.o 54. New bug rankings ---------------- The developers and teams who have been assigned the most new bugs during this period are: * Gentoo Sound Team[55], with 17 new bugs[56] * Gentoo Linux Gnome Desktop Team[57], with 17 new bugs[58] * Gentoo X-windows packagers[59], with 16 new bugs[60] * Gentoo's Team for Core System packages[61], with 14 new bugs[62] * Gentoo Kernel Bug Wranglers and Kernel Maintainers[63], with 13 new bugs[64] * AMD64 Porting Team[65], with 13 new bugs[66] * Gentoo KDE team[67], with 12 new bugs[68] * media-video herd[69], with 11 new bugs[70] 55. sound@g.o 56. 57. gnome@g.o 58. 59. x11@g.o 60. 61. base-system@g.o 62. 63. kernel@g.o 64. 65. amd64@g.o 66. 67. kde@g.o 68. 69. media-video@g.o 70. ================== 7. Tips and Tricks ================== Watching logfiles on your desktop: root-tail -------------------------------------------- A good sysadmin should be able to take care of what's going on his system at any time. To keep up with what's going on it would be best to see the logfiles just scrolling by on the desktop, but most utilities, like tail -f, cannot handle more than one file at a time. Moreover, it's a little tricky to configure a terminal so that it becomes borderless and transparent. Enter x11-terms/root-tail[71]. This handy utility opens a window on your desktop and lets you look at any given logfile's entries as they're made. There is only one problem: Most modern Window Managers occupy the desktop and show a background-image on it. But there are workarounds, and one (for xfce4) is shown here: 71. --------------------------------------------------------------------------- | Code Listing 7.1: | |Script for starting root-tail in | xfce4---------------------------------------------------------------------- --- | | |#!/bin/bash | |deskid=`xwininfo -int -name 'Desktop' | grep 'Desktop' | awk -F' ' '{ | print $4 }';` |root-tail -g 900x150+50+575 -font 6x10 -outline -minspace -id ${deskid} | -f \ | /var/log/emerge.log,yellow \ | | /var/log/messages,lightblue | | | --------------------------------------------------------------------------- This script will find out the PID of xfce4's desktop-process, then forkroot-tail into the background with a given size, place and font upon the desktop where the ID is now known, and will show two logfiles, printing messages in different colours. Bear in mind that if you are using a localized environemnt, Desktop could be named differently, of course. =========================== 8. Moves, adds, and changes =========================== Moves ----- The following developers recently left the Gentoo team: * None this week Adds ---- The following developers recently joined the Gentoo Linux team: * Fernando J. Pereda (ferdy) - net-mail Changes ------- The following developers recently changed roles within the Gentoo Linux project: * None this week ==================== 9. Contribute to GWN ==================== Interested in contributing to the Gentoo Weekly Newsletter? Send us an email[72]. 72. gwn-feedback@g.o ================ 10. GWN feedback ================ Please send us your feedback[73] and help make the GWN better. 73. gwn-feedback@g.o ================================ 11. GWN subscription information ================================ To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@g.o. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@g.o from the email address you are subscribed under. =================== 12. Other languages =================== The Gentoo Weekly Newsletter is also available in the following languages: * Danish[74] * Dutch[75] * English[76] * German[77] * French[78] * Japanese[79] * Italian[80] * Polish[81] * Portuguese (Brazil)[82] * Portuguese (Portugal)[83] * Russian[84] * Spanish[85] * Turkish[86] 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. Ulrich Plate <plate@g.o> - Editor AJ Armstrong <aja@×××××××××××××.com> - Author Christian Hartmann <ian@g.o> - Author Patrick Lauer <patrick@g.o> - Author Daniel Ostrow <dostrow@g.o> - Author Lars Weiler <pylon@g.o> - Author -- gentoo-gwn@g.o mailing list