Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 6 February 2006
Date: Mon, 06 Feb 2006 01:09:48
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 6 February 2005.
1. Gentoo news
GNOME 2.12 moved to stable
GNOME 2.12 was moved into stable on 22 January 2006. An updated upgrade 
guide[1] is available. If you experience any issues, please search 
bugzilla[2], wander into #gentoo-desktop on, or file a 
new bug. 

Note: If you were helping us test 2.12 by having the packages in your 
package.keywords file, please remove them all since we will be adding 
newer releases such as 2.12.3 and the 2.13 beta. 
Wi-Spy device donation
Following up on a recent weblog entry[3], Ryan Woodings, president of 
MetaGeek, LLC[4], has generously donated a free Wi-Spy spectrum analyzer 
to Gentoo developer Henrik Brix Andersen[5]. The device will assist in 
debugging the various IEEE 802.11 wireless LAN drivers available in 
Portage. A huge thank you to Ryan for his donation. 

 5. brix@g.o
The first edition of the third-party open-source tools[6] for the Wi-Spy 
device are now available in Gentoo Portage under 

Poppler and KPDF
People interested in Gentoo's security announcements (GLSA) will have seen 
the many security bugs in the xpdf code that have been discovered over the 
last year. To make fixing them easier -- so that users only have to 
upgrade one package -- the "Poppler" library was introduced. Unfortunately 
the Poppler library was not used by kpdf to display PDFs because some 
patches in the KDE xpdf copy were missing in poppler. Thanks to Gentoo 
developer Stefan Schweizer[8] who helped to get a big patch into Poppler, 
almost everything needed for kpdf-integration[9] now seems to be 

 8. genstef@g.o
However upstream KPDF is not yet using Poppler because KDE 3.5 is 
dependency-frozen, no new dependency can be added. Kubuntu has integrated 
a patch by Jonathan Riddell to make KPDF use Poppler, and Gentoo is now 
also using a -- slightly improved -- version thanks to Diego Pettenò[10]. 

 10. flameeyes@g.o
While this is mostly important for maintainers, as it greatly simplifies 
the security process, this change has some implications for users, too. As 
KPDF now is using Poppler directly, it creates a new dependency for 
kdegraphics and kpdf. The poppler-bindings are already a dependency for 
kpdf, and for kdegraphics with USE="pdf"). Reducing the duplication of 
code means that KPDF takes less time to build and occupies less space, and 
also seems notably faster than before. 
Note: Xpdf has also been ported to using Poppler. The current xpdf ebuild 
in Portage uses only Poppler for rendering.
2. Heard in the community
Web forums
EVDO access for Gentoo
Living in Japan, the US or anywhere else where EVDO, the broadband data 
standard on CDMA2000 mobile phone networks is common? Here's a brandnew 
howto for those who'd like to use an EVDO PCMCIA card in their laptops, 
 * How-To: EVDO on Gentoo Linux[11] 

Make logrotate a global USE flag?
A lengthy discussion on the merits of making logrotate a global useflag 
happened this week. While some ebuilds offer a (local) logrotate useflag 
it is not optimal to toggle this through a USE flag - changing log 
handling should be a config option and not force a recompile! 
 * Make logrotate a global USE flag? [12] 
 * Default ebuild behaviour [13] 

USE flag change: pdflib --> pdf
Merging three existing USE flags that all basically did the same thing is 
what Marius Mauch[14] had in mind when he proposed a new unified USE="pdf" 

 14. genone@g.o
 * pdf use flags[15] 

3. Gentoo international
Switzerland: Diet Pentoo released
Mini-Pentoo[16] is a trimmed version of the Pentoo LiveCD[17], a 
"penetration testing distribution" based on Gentoo Linux and maintained by 
Basel-based Michael Zanetta[18]. It features tools for auditing and 
testing a network environment, from scanning and discovery to exploiting 
vulnerabilities. Its 186MB fit on a mini-CD or a 256MB USB stick, and the 
new version features a number of enhancements, including a 2.6.14 kernel 
with unionfs, support for package modules like Slax, non-volatile storage 
for Nessus plugins, SecurityForest's ExploitTree or config files, and 
enhanced wireless support. 

 18. grimmlin@××××××.ch
Figure 3.1: 'Sexiest window manager available' -- Pentoo's new 
Enlightenment theme
Note:  Gentoo developer Marcelo Góes has written a review of Pentoo that's 
worth reading if you want to know more about what it contains, and 
check Pentoo's complete list of tools for detailed information. 
Japan: OSC Tokyo coming up
GentooJP[19] is busily preparing for the next open-source conference in 
Tokyo: the spring edition of Japan's dedicated open-source events series, 
OSC[20]. The upcoming event is going to be held on 17 and 18 March at the 
usual venue, the Japan Electronics College[21] in Ogikubo. Admission will 
be free, please use the GentooJP mailing list 
(gentoojp-misc@××××××××××××.jp) in case you'd like to offer your help at 
the booth. 

UK: EUsecwest security conference in London
Andrea Barisani[22], Gentoo developer featured in the 9 January 2006 
edition[23] of the GWN, will be one of the speakers at EUSecWest[24], a 
security conference held in London on 20 and 21 February. His talk, 
entitled "Lessons in open-source security: the tale of a 0-day 
incident"[25], will describe how the rsync exploit (see GLSA 200312-01[26] 
and GLSA 200312-03[27] for details) was handled by Gentoo and the rsync 
maintainers. Further topics include security in open-source environments 
with Hardened Gentoo as one of the covered examples.

 22. lcars@g.o
4. Gentoo in the press
====================== (29 January 2006)
Lee Thompson, VP at, gives a flamboyant testimonial to why he 
thinks that Gentoo Linux appeals so much from a technology management 
perspective: "the rate of patches coming out of the vendor" is so much 
faster than with any other operating system that "the amount of change 
that you are sustaining on a Gentoo system is orders of magnitude larger." 
In his job as CEO of E-Trade, he knows that change can destabilize at 
times, but it's still good, and worth the extra effort: "If you can 
sustain change faster than somebody else, you're going to survive, and the 
person who can't sustain the change is not going to evolve, and they're 
going to die off." The only thing he's missing is a dedicated Gentoo 
flavor for production servers -- which are still running RedHat, while 
Gentoo only powers his laptop. The article[28] contains much more than 
just Thompson's love for Gentoo, explaining how open-source development 
can be leveraged for commercial success at a company like E-Trade, and he 
managed to stir up Steven J. Vaughn-Nichols who wrote another article at 
Linux Watch[29] where he references Thompsons testimonial, titled "Selling 
Linux to bean-counters." 

Wine Headquarter (31 January 2006)
Lo' and behold: Wine, the non-emulator for non-Linux applications on 
Linux, is actually faster than Windows XP when it comes to running Windows 
applications, claims a benchmark test from WineHQ[30]. our mileage will 
vary depending on your Linux config, Wine version and Hardware," says 
author Tom Wickline, but it seems to hold true when the test was done with 
Wine 0.9.5 on a Gentoo Linux system... 

5. Gentoo developer moves
The following developers recently left the Gentoo project: 
 * None this week 
The following developers recently joined the Gentoo project: 
 * Zac Medico (zmedico) - Portage  
 * Alec Warner (antarus) - Portage  
 * Gérald Fenoy (djay) - app-sci herd  
The following developers recently changed roles within the Gentoo project:
 * None this week 
6. Gentoo Security
MyDNS: Denial of Service
MyDNS contains a vulnerability that may lead to a Denial of Service 
For more information, please see the GLSA Announcement[31] 

Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer 
overflows that may be exploited to execute arbitrary code. 
For more information, please see the GLSA Announcement[32] 

GStreamer FFmpeg plugin: Heap-based buffer overflow
The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be 
exploited by attackers to execute arbitrary code. 
For more information, please see the GLSA Announcement[33] 

7. Bugzilla
The Gentoo community uses Bugzilla ([34]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 29 January 2006 and 05 February 2006, activity 
on the site has resulted in: 

 * 830 new bugs during this period 
 * 435 bugs closed or resolved during this period 
 * 26 previously closed bugs were reopened this period 
Of the 9240 currently open bugs: 75 are labeled 'blocker', 169 are labeled 
'critical', and 505 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo's Team for Core System packages[35], with 23 closed bugs[36]  
 * Gentoo KDE team[37], with 20 closed bugs[38]  
 * Simon Stelling[39], with 20 closed bugs[40]  
 * Gentoo Security[41], with 14 closed bugs[42]  
 * AMD64 Porting Team[43], with 13 closed bugs[44]  
 * Stefano Rossi[45], with 12 closed bugs[46]  
 * Volkov Peter[47], with 12 closed bugs[48]  
 * Printing Team[49], with 12 closed bugs[50]  
 35. base-system@g.o
 37. kde@g.o
 39. blubb@g.o
 41. security@g.o
 43. amd64@g.o
 45. so@g.o
 47. pva@g.o
 49. printing@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[51], with 71 new bugs[52]  
 * Gentoo Games[53], with 9 new bugs[54]  
 * AMD64 Porting Team[55], with 9 new bugs[56]  
 * Gentoo KDE team[57], with 8 new bugs[58]  
 * Default Assignee for Orphaned Packages[59], with 7 new bugs[60]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[61], with 7 new 
 * Gentoo's Team for Core System packages[63], with 7 new bugs[64]  
 * Python Gentoo Team[65], with 6 new bugs[66]  
 51. maintainer-wanted@g.o
 53. games@g.o
 55. amd64@g.o
 57. kde@g.o
 59. maintainer-needed@g.o
 61. kernel@g.o
 63. base-system@g.o
 65. python@g.o

8. GWN feedback
Please send us your feedback[67] and help make the GWN better. 

 67. gwn-feedback@g.o
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
10. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[68]  
 * Dutch[69]  
 * English[70]  
 * German[71]  
 * French[72]  
 * Korean[73]  
 * Japanese[74]  
 * Italian[75]  
 * Polish[76]  
 * Portuguese (Brazil)[77]  
 * Portuguese (Portugal)[78]  
 * Russian[79]  
 * Spanish[80]  
 * Turkish[81]  

Ulrich Plate <plate@g.o> - Editor
Henrik Brix Andersen <brix@g.o> - Author
Stefan Schweizer <genstef@g.o> - Author

gentoo-gwn@g.o mailing list