Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@××××××××××××.org
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 7 February 2005
Date: Mon, 07 Feb 2005 02:44:59
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 7 February 2005.
1. Gentoo News
Gentoo at the Linux World Expo, Boston edition
With just a week to go before the U.S. east coast version of the LWE[1] 
opens its gates, the Gentoo line-up is complete. Gentoo developers manning 
the booth will include Mike Frysinger, Chris Gianelloni, Dylan Carlson, 
Daniel Ostrow, Luke Macken, Jeffrey Forman, Rajiv Aaron Manglani and Chris 
Aniszczyk, aided by local organiser Andrew Fant who's been busy preparing 
everything to go smoothly at booth #6 on the exhibition floor at Boston's 
Hynes Convention Center. Visitors to the Gentoo stand will find Sparcs and 
x86, and a Mac Mini running Gentoo Linux/PPC among the architectures on 
display. The exhibition starts on Tuesday 15 February and lasts until 
Thursday 17, open daily from 10:00 to 17:00 (16:00 on Thursday). 
Two million posts
Yet another record for the Gentoo Forums: The 2,000,000th post since the 
creation of Gentoo's phpBB user support forum was registered last Monday. 
While dozens of Forum regulars were watching the total post count move up 
towards the magic number, Naib[2] from Birmingham in the United Kingdom 
finally hit the submit button at exactly the right time. His post, 
combining both clarity of expression and snotty Brum poetry, was in reply 
to someone asking for fullscreen capabilities in terminal programs. Naib's 
answer, scheduled for immortality: "Ctrl-Alt-F1"[3] 
Figure 1.1: Post counter on, 31 January 2005 at around 
20:15 UTC
New IRC channel, mailing list for Gentoo media packages
Jan Brinkmann[4] announced two new support platforms for the evergrowing 
number of packages in Portage dealing with audio and video applications. 
#gentoo-media is a new channel on where media package 
maintainers congregate, and a new mailing list, gentoo-media@g.o, 
has also been created to improve the communication between the developers 
in media related herds. "We also intended to make it easier for desktop 
users to get in touch with maintainers of software which is related to 
these herds," says Jan Brinkmann, hoping both the new IRC channel and 
mailing list will soon become both "popular and populated," especially in 
view of recruiting additional developers for the understaffed media herds. 
To subscribe to the mailing list, send a blank email to 
gentoo-media-subscribe@g.o. If you would like to help with 
development on sound and video applications, contact Jan Brinkmann 
 4. luckyduck@g.o
2. Future Zone
The Gentoo/FreeBSD project officially started in August 2004 as a set of 
system ebuilds based on FreeBSD 5.2.1 and a portage overlay provided by 
Grant Goodyear (g2boojum). As the release of FreeBSD 5.3 became imminent, 
the project slowly ported base system ebuilds to this new version, which 
is the actual base for our project.
The Gentoo/FreeBSD project, as its name implies, is an effort to have the 
whole set of Gentoo components running on top of a FreeBSD base system. 
This means that, for example, instead of having a Linux kernel and GNU 
LibC, one will have FreeBSD's kernel and FreeBSD's LibC. In addition, the 
project is also working on porting baselayout to Gentoo/FreeBSD in such a 
way that makes the management of startup services as easy as in Gentoo 
Although this project is fairly young, a fair amount of progress has been 
achieved. The most important accomplishments include: 
 * Portage now runs without needing to be patched. 
 * the set of ebuilds that downloads and install specific FreeBSD system 
packages is now almost stable and the process of building it is, in 
general, painless. 
 * we have defined a system profile as well as some non-FreeBSD packages 
that should be available. 
At this moment, we are working on stabilizing the content of source 
tarballs in such a way that they provide all the reasonable things for 
their category (system sources tarballs, in Gentoo/FreeBSD are separated 
by category, like freebsd-lib, freebsd-usbin, etc). 
Our efforts with baselayout have mainly been oriented towards getting 
Gentoo's dependency-based init system working with FreeBSD's userland. 
Unsurprisingly, certain parts (mainly involving gawk) have been 
problematic, but we currently have a package that can bring up a 
functional FreeBSD system, and should allow the initscripts in the main 
Portage tree to work unchanged. More work is needed to write initscripts 
for the less common parts of the FreeBSD system, and possibly to update 
the system to baselayout 1.11 when that becomes stable. 
Goals for the immediate future include a set of stages that will be used 
to install Gentoo/FreeBSD, completion of the baselayout port, and finally, 
a release. 
In a separate effort we are also looking into porting the glibc and GNU 
userland to the FreeBSD kernel. If you are interested in working on this, 
contact Dylan Carlson[5]. (see also the post by Robert Millan to the 
gentoo-dev mailing list referenced below).
 5. absinthe@g.o
3. Gentoo security
Gallery: Cross-site scripting vulnerability
Gallery is vulnerable to cross-site scripting attacks. 
For more information, please see the GLSA Announcement[6] 
ClamAV: Multiple issues
ClamAV contains two vulnerabilities that could lead to Denial of Service 
and evasion of virus scanning. 
For more information, please see the GLSA Announcement[7] 
ncpfs: Multiple vulnerabilities
The ncpfs utilities contain multiple flaws, potentially resulting in the 
remote execution of arbitrary code or local file access with elevated 
For more information, please see the GLSA Announcement[8] 
FireHOL: Insecure temporary file creation
FireHOL is vulnerable to symlink attacks, potentially allowing a local 
user to overwrite arbitrary files. 
For more information, please see the GLSA Announcement[9] 
UW IMAP: CRAM-MD5 authentication bypass
UW IMAP contains a vulnerability in the code handling CRAM-MD5 
authentication allowing authentication bypass. 
For more information, please see the GLSA Announcement[10] 
enscript: Multiple vulnerabilities
enscript suffers from vulnerabilities and design flaws, potentially 
resulting in the execution of arbitrary code. 
For more information, please see the GLSA Announcement[11] 
Squid: Multiple vulnerabilities
Squid contains vulnerabilities in the code handling WCCP, HTTP and LDAP 
which could lead to Denial of Service, access control bypass, web cache 
and log poisoning. 
For more information, please see the GLSA Announcement[12] 
Newspost: Buffer overflow vulnerability
A buffer overflow can be exploited to crash Newspost remotely and 
potentially execute arbitrary code. 
For more information, please see the GLSA Announcement[13] 
LessTif: Multiple vulnerabilities in libXpm
Multiple vulnerabilities have been discovered in libXpm, which is included 
in LessTif, that can potentially lead to remote code execution. 
For more information, please see the GLSA Announcement[14] 
4. Heard in the community
Visiting Debian developer Robert Millan[15] posted to announce his work on 
porting the glibc and GNU userland to the FreeBSD kernel: "I started from 
the existing Gentoo FreeBSD system and gradually migrated it to Glibc." 
 15. rmh@××××××.org
 * Gentoo GNU/kFreeBSD[16] 
GWN independence?
Grant Goodyear[17] tries to come to terms with the status of the Gentoo 
Weekly Newsletter: "Is the GWN an official Gentoo newsletter that promotes 
Gentoo, or is it a quasi-independent newsletter that is free to criticize 
as well as evangelize?" How much influence should developers have on its 
 17. g2boojum@g.o
 * GWN independence?[18] 
Proper if/else blocks in bash
Once again, Ciaran McCreesh[19] gives some important info on bash syntax. 
This should be especially interesting for those among you that contribute 
ebuilds. Also, he does not point us at the not existing draft of  the 
doc[20] which, if it existed, would be a good ressource for all ebuild 
 19. ciaranm@g.o
 * Proper if/else blocks in bash[21] 
gcc-4 support in Gentoo
For all Gentooists who like new ans shiny toys, Mike Frysinger[22] has 
added gcc-4 ebuilds to portage. They are masked at the moment and totally 
unsupported, so if you wish to use them it's at your own risk! First 
reports are quite mixed, from random segfaults to flawless working 
everything seems to be possible. Enjoy! 
 22. vapier@g.o
 * gcc-4 support in Gentoo[23] 
autotools confusion
Some time ago, the autoconf / automake / libtool ebuilds were modified. 
Many users now complain that portage wants to install all available 
versions, but as Mike Frysinger[24] explains: "The old ebuilds 
(autoconf-2.59-r5 / automake-1.8.5-r1 / libtool-1.5.2-r7) actually 
downloaded and installed multiple versions of each package. You thought 
you had just one autoconf, but boy oh boy were you wrong !" 
 24. vapier@g.o
 * autotools confusion[25] 
5. Gentoo International
Germany: Oberhausen GUM on Friday 11 February
Oberhausen, home to the "Friends of Gentoo e.V." and several active 
developers, is again the venue for a Gentoo User Meeting at the Gasthof 
Harlos, itself on the way to become an institution in the German Gentoo 
microcosmos. This week, preparations for the FOSDEM conference in Belgium 
later this month are on the agenda, as is the notorious Schnitzelplatte, a 
copious amount of meat traditionally served at Oberhausen GUMs. The 
organisers are also trying to bring one of the used Sun Blade 100[26] that 
have been bought recently by several German developers from a Swiss 
university to the meeting, which is going to take place on 11 February, 
starting at around 19:00 CET. 
6. Gentoo in the press
Linux Magazin (Issue 3/2005)
The German Linux Magazin carries an article by Gentoo developer Michael 
Kohl[27] in its latest number. Michael explains the catalyst release 
engineering tool and the release process for Gentoo Linux on three pages 
full of interesting details, mentioning examples for using catalyst to 
create variant LiveCDs like the German "Fizzle Wizzle" release that 
includes a complete KDE environment running Knoppix-like from the CD 
without the need to install on the harddisk. The printed magazine is 
available at newsstands in Germany since Thursday last week, and also 
includes an additional Gentoo installation rundown by editor Oliver 
 27. citizen428
David Berlind's blog (31 January 2005)
CNET columnist David Berlind posted a clarification to his earlier article 
on Gentoo and OpenSolaris we referenced last week[28]. In his new article 
"Gentoo: We're not the Napster of Open Source"[29] he quotes from mails 
going back and forth between Gentoo developer Pieter Van den Abeele and 
himself, acknowledging that "the folks at Gentoo are disputing my 
characterization of their Portaris and Portage technologies as being 
Napster-like facilitators that can grease the wheels of open source 
license violation." 
7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([30]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 31 January 2005 and 07 February 2005, activity 
on the site has resulted in: 
 * 875 new bugs during this period 
 * 661 bugs closed or resolved during this period 
 * 28 previously closed bugs were reopened this period 
Of the 8006 currently open bugs: 105 are labeled 'blocker', 245 are 
labeled 'critical', and 601 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * osx porters[31], with 173 closed bugs[32]  
 * AMD64 Porting Team[33], with 33 closed bugs[34]  
 * Gentoo's Team for Core System packages[35], with 30 closed bugs[36]  
 * media-video herd[37], with 23 closed bugs[38]  
 * Java team[39], with 21 closed bugs[40]  
 * Gentoo KDE team[41], with 20 closed bugs[42]  
 * Gentoo Security[43], with 19 closed bugs[44]  
 * Xavier Neys[45], with 16 closed bugs[46]  
 31. osx@g.o
 33. amd64@g.o
 35. base-system@g.o
 37. media-video@g.o
 39. java@g.o
 41. kde@g.o
 43. security@g.o
 45. neysx@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * AMD64 Porting Team[47], with 37 new bugs[48]  
 * Gentoo X-windows packagers[49], with 21 new bugs[50]  
 * Gentoo Sound Team[51], with 17 new bugs[52]  
 * media-video herd[53], with 15 new bugs[54]  
 * Gentoo's Team for Core System packages[55], with 15 new bugs[56]  
 * Mozilla Gentoo Team[57], with 13 new bugs[58]  
 * marduk[59], with 11 new bugs[60]  
 * XFCE Team[61], with 7 new bugs[62]  
 47. amd64@g.o
 49. x11@g.o
 51. sound@g.o
 53. media-video@g.o
 55. base-system@g.o
 57. mozilla@g.o
 59. marduk@g.o
 61. xfce@g.o
8. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * Alexander Gabert  
 * Andrew Bevitt (temporary leave)  
The following developers recently joined the Gentoo Linux team:
 * Stefano Rossi (so) - Documentation 
 * Andreas Pokorny (DieMumiee) - AMD64 
 * Shigehiro Idani (idani) - Japanese translation 
The following developers recently changed roles within the Gentoo Linux 
 * Chris Gianelloni (wolf31o2) - Changed from Release Engineering 
Operational to Strategic Lead 
 * Tim Yamin (plasmaroo) - New Release Engineering Operational Lead 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
 63. gwn-feedback@g.o
10. GWN feedback
Please send us your feedback[64] and help make the GWN better.
 64. gwn-feedback@g.o
11. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[65]  
 * Dutch[66]  
 * English[67]  
 * German[68]  
 * French[69]  
 * Japanese[70]  
 * Italian[71]  
 * Polish[72]  
 * Portuguese (Brazil)[73]  
 * Portuguese (Portugal)[74]  
 * Russian[75]  
 * Spanish[76]  
 * Turkish[77]  
Ulrich Plate <plate@g.o> - Editor
Stephen Bennett <spb@g.o> - Author
Dylan Carlson <absinthe@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Otavio R. Piske <angusyoung@g.o> - Author

gentoo-gwn@g.o mailing list