1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of 6 February 2005. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo news |
9 |
============== |
10 |
|
11 |
GNOME 2.12 moved to stable |
12 |
-------------------------- |
13 |
|
14 |
GNOME 2.12 was moved into stable on 22 January 2006. An updated upgrade |
15 |
guide[1] is available. If you experience any issues, please search |
16 |
bugzilla[2], wander into #gentoo-desktop on irc.freenode.net, or file a |
17 |
new bug. |
18 |
|
19 |
1. |
20 |
http://www.gentoo.org/proj/en/desktop/gnome/howtos/gnome-2.12-upgrade.xml |
21 |
2. http://bugs.gentoo.org |
22 |
|
23 |
Note: If you were helping us test 2.12 by having the packages in your |
24 |
package.keywords file, please remove them all since we will be adding |
25 |
newer releases such as 2.12.3 and the 2.13 beta. |
26 |
|
27 |
Wi-Spy device donation |
28 |
---------------------- |
29 |
|
30 |
Following up on a recent weblog entry[3], Ryan Woodings, president of |
31 |
MetaGeek, LLC[4], has generously donated a free Wi-Spy spectrum analyzer |
32 |
to Gentoo developer Henrik Brix Andersen[5]. The device will assist in |
33 |
debugging the various IEEE 802.11 wireless LAN drivers available in |
34 |
Portage. A huge thank you to Ryan for his donation. |
35 |
|
36 |
3. |
37 |
http://planet.gentoo.org/developers/brix/2006/01/21/low_cost_2_4ghz_spectrum_analyzer |
38 |
4. http://www.metageek.net/ |
39 |
5. brix@g.o |
40 |
|
41 |
The first edition of the third-party open-source tools[6] for the Wi-Spy |
42 |
device are now available in Gentoo Portage under |
43 |
net-wireless/wispy-tools[7]. |
44 |
|
45 |
6. http://www.kismetwireless.net/wispy.shtml |
46 |
7. |
47 |
http://packages.gentoo.org/packages/?category=net-wireless;name=wispy-tools |
48 |
|
49 |
Poppler and KPDF |
50 |
---------------- |
51 |
|
52 |
People interested in Gentoo's security announcements (GLSA) will have seen |
53 |
the many security bugs in the xpdf code that have been discovered over the |
54 |
last year. To make fixing them easier -- so that users only have to |
55 |
upgrade one package -- the "Poppler" library was introduced. Unfortunately |
56 |
the Poppler library was not used by kpdf to display PDFs because some |
57 |
patches in the KDE xpdf copy were missing in poppler. Thanks to Gentoo |
58 |
developer Stefan Schweizer[8] who helped to get a big patch into Poppler, |
59 |
almost everything needed for kpdf-integration[9] now seems to be |
60 |
integrated. |
61 |
|
62 |
8. genstef@g.o |
63 |
9. http://freedesktop.org/wiki/Software_2fpoppler |
64 |
|
65 |
However upstream KPDF is not yet using Poppler because KDE 3.5 is |
66 |
dependency-frozen, no new dependency can be added. Kubuntu has integrated |
67 |
a patch by Jonathan Riddell to make KPDF use Poppler, and Gentoo is now |
68 |
also using a -- slightly improved -- version thanks to Diego Pettenò[10]. |
69 |
|
70 |
10. flameeyes@g.o |
71 |
|
72 |
While this is mostly important for maintainers, as it greatly simplifies |
73 |
the security process, this change has some implications for users, too. As |
74 |
KPDF now is using Poppler directly, it creates a new dependency for |
75 |
kdegraphics and kpdf. The poppler-bindings are already a dependency for |
76 |
kpdf, and for kdegraphics with USE="pdf"). Reducing the duplication of |
77 |
code means that KPDF takes less time to build and occupies less space, and |
78 |
also seems notably faster than before. |
79 |
|
80 |
Note: Xpdf has also been ported to using Poppler. The current xpdf ebuild |
81 |
in Portage uses only Poppler for rendering. |
82 |
|
83 |
========================= |
84 |
2. Heard in the community |
85 |
========================= |
86 |
|
87 |
Web forums |
88 |
---------- |
89 |
|
90 |
EVDO access for Gentoo |
91 |
|
92 |
Living in Japan, the US or anywhere else where EVDO, the broadband data |
93 |
standard on CDMA2000 mobile phone networks is common? Here's a brandnew |
94 |
howto for those who'd like to use an EVDO PCMCIA card in their laptops, |
95 |
then: |
96 |
|
97 |
* How-To: EVDO on Gentoo Linux[11] |
98 |
11. https://forums.gentoo.org/viewtopic-t-427992.html |
99 |
|
100 |
|
101 |
gentoo-dev |
102 |
---------- |
103 |
|
104 |
Make logrotate a global USE flag? |
105 |
|
106 |
A lengthy discussion on the merits of making logrotate a global useflag |
107 |
happened this week. While some ebuilds offer a (local) logrotate useflag |
108 |
it is not optimal to toggle this through a USE flag - changing log |
109 |
handling should be a config option and not force a recompile! |
110 |
|
111 |
* Make logrotate a global USE flag? [12] |
112 |
* Default ebuild behaviour [13] |
113 |
12. http://thread.gmane.org/gmane.linux.gentoo.devel/35675 |
114 |
13. http://thread.gmane.org/gmane.linux.gentoo.devel/35753 |
115 |
|
116 |
|
117 |
USE flag change: pdflib --> pdf |
118 |
|
119 |
Merging three existing USE flags that all basically did the same thing is |
120 |
what Marius Mauch[14] had in mind when he proposed a new unified USE="pdf" |
121 |
flag. |
122 |
|
123 |
14. genone@g.o |
124 |
|
125 |
* pdf use flags[15] |
126 |
15. http://thread.gmane.org/gmane.linux.gentoo.devel/35234 |
127 |
|
128 |
|
129 |
======================= |
130 |
3. Gentoo international |
131 |
======================= |
132 |
|
133 |
Switzerland: Diet Pentoo released |
134 |
--------------------------------- |
135 |
|
136 |
Mini-Pentoo[16] is a trimmed version of the Pentoo LiveCD[17], a |
137 |
"penetration testing distribution" based on Gentoo Linux and maintained by |
138 |
Basel-based Michael Zanetta[18]. It features tools for auditing and |
139 |
testing a network environment, from scanning and discovery to exploiting |
140 |
vulnerabilities. Its 186MB fit on a mini-CD or a 256MB USB stick, and the |
141 |
new version features a number of enhancements, including a 2.6.14 kernel |
142 |
with unionfs, support for package modules like Slax, non-volatile storage |
143 |
for Nessus plugins, SecurityForest's ExploitTree or config files, and |
144 |
enhanced wireless support. |
145 |
|
146 |
16. http://www.pentoo.ch |
147 |
17. http://www.gentoo.org/news/en/gwn/20050425-newsletter.xml#doc_chap5 |
148 |
18. grimmlin@××××××.ch |
149 |
|
150 |
Figure 3.1: 'Sexiest window manager available' -- Pentoo's new |
151 |
Enlightenment theme |
152 |
http://www.gentoo.org/images/gwn/20060206_pentoo.png |
153 |
|
154 |
Note: Gentoo developer Marcelo Góes has written a review of Pentoo that's |
155 |
worth reading if you want to know more about what it contains, and |
156 |
check Pentoo's complete list of tools for detailed information. |
157 |
|
158 |
Japan: OSC Tokyo coming up |
159 |
-------------------------- |
160 |
|
161 |
GentooJP[19] is busily preparing for the next open-source conference in |
162 |
Tokyo: the spring edition of Japan's dedicated open-source events series, |
163 |
OSC[20]. The upcoming event is going to be held on 17 and 18 March at the |
164 |
usual venue, the Japan Electronics College[21] in Ogikubo. Admission will |
165 |
be free, please use the GentooJP mailing list |
166 |
(gentoojp-misc@××××××××××××.jp) in case you'd like to offer your help at |
167 |
the booth. |
168 |
|
169 |
19. http://www.gentoo.gr.jp |
170 |
20. http://www.ospn.jp/osc2006 |
171 |
21. http://www.jec.ac.jp/sc_intro/sc_access.html |
172 |
|
173 |
UK: EUsecwest security conference in London |
174 |
------------------------------------------- |
175 |
|
176 |
Andrea Barisani[22], Gentoo developer featured in the 9 January 2006 |
177 |
edition[23] of the GWN, will be one of the speakers at EUSecWest[24], a |
178 |
security conference held in London on 20 and 21 February. His talk, |
179 |
entitled "Lessons in open-source security: the tale of a 0-day |
180 |
incident"[25], will describe how the rsync exploit (see GLSA 200312-01[26] |
181 |
and GLSA 200312-03[27] for details) was handled by Gentoo and the rsync |
182 |
maintainers. Further topics include security in open-source environments |
183 |
with Hardened Gentoo as one of the covered examples. |
184 |
|
185 |
22. lcars@g.o |
186 |
23. http://www.gentoo.org/news/en/gwn/20060109-newsletter.xml#doc_chap2 |
187 |
24. http://eusecwest.com |
188 |
25. http://www.inversepath.com/news.html |
189 |
26. http://www.gentoo.org/security/en/glsa/glsa-200312-01.xml |
190 |
27. http://www.gentoo.org/security/en/glsa/glsa-200312-03.xml |
191 |
|
192 |
====================== |
193 |
4. Gentoo in the press |
194 |
====================== |
195 |
|
196 |
eWeek.com (29 January 2006) |
197 |
--------------------------- |
198 |
|
199 |
Lee Thompson, VP at E-Trade.com, gives a flamboyant testimonial to why he |
200 |
thinks that Gentoo Linux appeals so much from a technology management |
201 |
perspective: "the rate of patches coming out of the vendor" is so much |
202 |
faster than with any other operating system that "the amount of change |
203 |
that you are sustaining on a Gentoo system is orders of magnitude larger." |
204 |
In his job as CEO of E-Trade, he knows that change can destabilize at |
205 |
times, but it's still good, and worth the extra effort: "If you can |
206 |
sustain change faster than somebody else, you're going to survive, and the |
207 |
person who can't sustain the change is not going to evolve, and they're |
208 |
going to die off." The only thing he's missing is a dedicated Gentoo |
209 |
flavor for production servers -- which are still running RedHat, while |
210 |
Gentoo only powers his laptop. The article[28] contains much more than |
211 |
just Thompson's love for Gentoo, explaining how open-source development |
212 |
can be leveraged for commercial success at a company like E-Trade, and he |
213 |
managed to stir up Steven J. Vaughn-Nichols who wrote another article at |
214 |
Linux Watch[29] where he references Thompsons testimonial, titled "Selling |
215 |
Linux to bean-counters." |
216 |
|
217 |
28. http://www.eweek.com/article2/0,1895,1916587,00.asp |
218 |
29. http://www.linux-watch.com/news/NS7303540276.html |
219 |
|
220 |
Wine Headquarter (31 January 2006) |
221 |
---------------------------------- |
222 |
|
223 |
Lo' and behold: Wine, the non-emulator for non-Linux applications on |
224 |
Linux, is actually faster than Windows XP when it comes to running Windows |
225 |
applications, claims a benchmark test from WineHQ[30]. our mileage will |
226 |
vary depending on your Linux config, Wine version and Hardware," says |
227 |
author Tom Wickline, but it seems to hold true when the test was done with |
228 |
Wine 0.9.5 on a Gentoo Linux system... |
229 |
|
230 |
30. http://wiki.winehq.org/BenchMark-0.9.5 |
231 |
|
232 |
========================= |
233 |
5. Gentoo developer moves |
234 |
========================= |
235 |
|
236 |
Moves |
237 |
----- |
238 |
|
239 |
The following developers recently left the Gentoo project: |
240 |
|
241 |
* None this week |
242 |
|
243 |
Adds |
244 |
---- |
245 |
|
246 |
The following developers recently joined the Gentoo project: |
247 |
|
248 |
* Zac Medico (zmedico) - Portage |
249 |
* Alec Warner (antarus) - Portage |
250 |
* Gérald Fenoy (djay) - app-sci herd |
251 |
|
252 |
Changes |
253 |
------- |
254 |
|
255 |
The following developers recently changed roles within the Gentoo project: |
256 |
|
257 |
* None this week |
258 |
|
259 |
================== |
260 |
6. Gentoo Security |
261 |
================== |
262 |
|
263 |
MyDNS: Denial of Service |
264 |
------------------------ |
265 |
|
266 |
MyDNS contains a vulnerability that may lead to a Denial of Service |
267 |
attack. |
268 |
|
269 |
For more information, please see the GLSA Announcement[31] |
270 |
|
271 |
31. http://www.gentoo.org/security/en/glsa/glsa-200601-16.xml |
272 |
|
273 |
Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows |
274 |
------------------------------------------------------------ |
275 |
|
276 |
Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer |
277 |
overflows that may be exploited to execute arbitrary code. |
278 |
|
279 |
For more information, please see the GLSA Announcement[32] |
280 |
|
281 |
32. http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml |
282 |
|
283 |
GStreamer FFmpeg plugin: Heap-based buffer overflow |
284 |
--------------------------------------------------- |
285 |
|
286 |
The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be |
287 |
exploited by attackers to execute arbitrary code. |
288 |
|
289 |
For more information, please see the GLSA Announcement[33] |
290 |
|
291 |
33. http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml |
292 |
|
293 |
=========== |
294 |
7. Bugzilla |
295 |
=========== |
296 |
|
297 |
Statistics |
298 |
---------- |
299 |
|
300 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and |
301 |
track bugs, notifications, suggestions and other interactions with the |
302 |
development team. Between 29 January 2006 and 05 February 2006, activity |
303 |
on the site has resulted in: |
304 |
|
305 |
34. http://bugs.gentoo.org |
306 |
|
307 |
* 830 new bugs during this period |
308 |
* 435 bugs closed or resolved during this period |
309 |
* 26 previously closed bugs were reopened this period |
310 |
|
311 |
Of the 9240 currently open bugs: 75 are labeled 'blocker', 169 are labeled |
312 |
'critical', and 505 are labeled 'major'. |
313 |
|
314 |
Closed bug rankings |
315 |
------------------- |
316 |
|
317 |
The developers and teams who have closed the most bugs during this period |
318 |
are: |
319 |
|
320 |
* Gentoo's Team for Core System packages[35], with 23 closed bugs[36] |
321 |
* Gentoo KDE team[37], with 20 closed bugs[38] |
322 |
* Simon Stelling[39], with 20 closed bugs[40] |
323 |
* Gentoo Security[41], with 14 closed bugs[42] |
324 |
* AMD64 Porting Team[43], with 13 closed bugs[44] |
325 |
* Stefano Rossi[45], with 12 closed bugs[46] |
326 |
* Volkov Peter[47], with 12 closed bugs[48] |
327 |
* Printing Team[49], with 12 closed bugs[50] |
328 |
35. base-system@g.o |
329 |
36. |
330 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=base-system@g.o |
331 |
37. kde@g.o |
332 |
38. |
333 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=kde@g.o |
334 |
39. blubb@g.o |
335 |
40. |
336 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=blubb@g.o |
337 |
41. security@g.o |
338 |
42. |
339 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=security@g.o |
340 |
43. amd64@g.o |
341 |
44. |
342 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=amd64@g.o |
343 |
45. so@g.o |
344 |
46. |
345 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=so@g.o |
346 |
47. pva@g.o |
347 |
48. |
348 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=pva@g.o |
349 |
49. printing@g.o |
350 |
50. |
351 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2006-01-29&chfieldto=2006-02-05&resolution=FIXED&assigned_to=printing@g.o |
352 |
|
353 |
|
354 |
New bug rankings |
355 |
---------------- |
356 |
|
357 |
The developers and teams who have been assigned the most new bugs during |
358 |
this period are: |
359 |
|
360 |
* Default Assignee for New Packages[51], with 71 new bugs[52] |
361 |
* Gentoo Games[53], with 9 new bugs[54] |
362 |
* AMD64 Porting Team[55], with 9 new bugs[56] |
363 |
* Gentoo KDE team[57], with 8 new bugs[58] |
364 |
* Default Assignee for Orphaned Packages[59], with 7 new bugs[60] |
365 |
* Gentoo Kernel Bug Wranglers and Kernel Maintainers[61], with 7 new |
366 |
bugs[62] |
367 |
* Gentoo's Team for Core System packages[63], with 7 new bugs[64] |
368 |
* Python Gentoo Team[65], with 6 new bugs[66] |
369 |
51. maintainer-wanted@g.o |
370 |
52. |
371 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=maintainer-wanted@g.o |
372 |
53. games@g.o |
373 |
54. |
374 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=games@g.o |
375 |
55. amd64@g.o |
376 |
56. |
377 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=amd64@g.o |
378 |
57. kde@g.o |
379 |
58. |
380 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=kde@g.o |
381 |
59. maintainer-needed@g.o |
382 |
60. |
383 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=maintainer-needed@g.o |
384 |
61. kernel@g.o |
385 |
62. |
386 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=kernel@g.o |
387 |
63. base-system@g.o |
388 |
64. |
389 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=base-system@g.o |
390 |
65. python@g.o |
391 |
66. |
392 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2006-01-29&chfieldto=2006-02-05&assigned_to=python@g.o |
393 |
|
394 |
|
395 |
=============== |
396 |
8. GWN feedback |
397 |
=============== |
398 |
|
399 |
Please send us your feedback[67] and help make the GWN better. |
400 |
|
401 |
67. gwn-feedback@g.o |
402 |
|
403 |
=============================== |
404 |
9. GWN subscription information |
405 |
=============================== |
406 |
|
407 |
To subscribe to the Gentoo Weekly Newsletter, send a blank email to |
408 |
gentoo-gwn+subscribe@g.o. |
409 |
|
410 |
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to |
411 |
gentoo-gwn+unsubscribe@g.o from the email address you are |
412 |
subscribed under. |
413 |
|
414 |
=================== |
415 |
10. Other languages |
416 |
=================== |
417 |
|
418 |
The Gentoo Weekly Newsletter is also available in the following languages: |
419 |
|
420 |
* Danish[68] |
421 |
* Dutch[69] |
422 |
* English[70] |
423 |
* German[71] |
424 |
* French[72] |
425 |
* Korean[73] |
426 |
* Japanese[74] |
427 |
* Italian[75] |
428 |
* Polish[76] |
429 |
* Portuguese (Brazil)[77] |
430 |
* Portuguese (Portugal)[78] |
431 |
* Russian[79] |
432 |
* Spanish[80] |
433 |
* Turkish[81] |
434 |
68. http://www.gentoo.org/news/da/gwn/gwn.xml |
435 |
69. http://www.gentoo.org/news/nl/gwn/gwn.xml |
436 |
70. http://www.gentoo.org/news/en/gwn/gwn.xml |
437 |
71. http://www.gentoo.org/news/de/gwn/gwn.xml |
438 |
72. http://www.gentoo.org/news/fr/gwn/gwn.xml |
439 |
73. http://www.gentoo.org/news/ko/gwn/gwn.xml |
440 |
74. http://www.gentoo.org/news/ja/gwn/gwn.xml |
441 |
75. http://www.gentoo.org/news/it/gwn/gwn.xml |
442 |
76. http://www.gentoo.org/news/pl/gwn/gwn.xml |
443 |
77. http://www.gentoo.org/news/pt_br/gwn/gwn.xml |
444 |
78. http://www.gentoo.org/news/pt/gwn/gwn.xml |
445 |
79. http://www.gentoo.org/news/ru/gwn/gwn.xml |
446 |
80. http://www.gentoo.org/news/es/gwn/gwn.xml |
447 |
81. http://www.gentoo.org/news/tr/gwn/gwn.xml |
448 |
|
449 |
|
450 |
Ulrich Plate <plate@g.o> - Editor |
451 |
Henrik Brix Andersen <brix@g.o> - Author |
452 |
Stefan Schweizer <genstef@g.o> - Author |
453 |
|
454 |
-- |
455 |
gentoo-gwn@g.o mailing list |