Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@××××××××××××.org
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 29 November 2004
Date: Mon, 29 Nov 2004 00:19:58
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 29 November 2004.
1. Gentoo News
Genesi starts shipping PegasosPPC with Gentoo Linux preinstalled
The Luxemburg-based company Genesi S.à.r.l.[1] has announced that sales of 
their PegasosPPC Open Desktop Workstations (ODW) equipped with Gentoo 
Linux 2004.3 will start this week. Just hours after ordering of the ODW 
had become "quietly" available on the Freescale (i.e. the CPU 
manufacturer's) website[2] on Thanksgiving Day, orders started pouring in, 
says Bill Buck, Genesi's CEO. The units are to be shipped to South Korea 
and will be the first to sport Gentoo Linux, on top of the previously 
included Debian and Yellowdog. 
Figure 1.1: Fan-less assembled Pegasos II motherboard
According to Genesi, the PowerPC-based ODW offers "an anchor for the whole 
enterprise infrastructure." Optimized performance and lower price levels 
are the prime objectives, offering a solution to collapse the IT 
infrastructure into one family of scalable and upgradable hardware, and an 
open-source operating system and application base. "We think there will be 
a lot of interest in this concept, especially for national IT 
infrastructures where a progressively developing software resource based 
on GNU/Linux can significantly reduce the total cost of ownership," says 
Bill Buck. He wants a low-foot-print, low-power 32bit PowerPC solution 
"with a strong link to Gentoo and other non-commercial GNU/Linux 
distributions as a foundation." Genesi and Freescale foster development on 
their current Open Desktop Workstations, with the next hardware generation 
being tuned to market: The PegasosPPCs donated last month to Gentoo Linux 
and other developers are predominantly positioned as development machines, 
but they can serve as thin clients, workstation, netcom devices, file 
servers or clusters alike.
Figure 1.2: What's inside a Pegasos?
Amidst MySQL servers and efforts at building Pegasos blade clusters, 
Gentoo developer David Holm[3] and colleagues have been working on a 
Linux/PPC-based network firewall and mail filter application running on 
the Pegasos hardware. By utilising AltiVec to do parallel processing of 
data they hope to increase the maximum throughput of both network packets 
and e-mails. Developers at the Romanian subsidiary of Freescale[4] are 
integrating their AltiVec enhanced VPN enciphering modules with this 
product. The base system is built by using the Gentoo uclibc stages in 
order to minimise the footprint so that it will fit on flash storage. 
Parts of the code developed for this project will be released as (L)GPL, 
the systems are scheduled to ship in early 2005.
 3. dholm@g.o
Gentoo script repository
As the script-aided administration of Gentoo systems is clearly a very 
useful concept, the idea of a central script repository had already been 
formalized in an early Gentoo Linux Enhancement Proposal (GLEP)[5]. Lack 
of manpower has prevented this from finishing yet, but Gentoo developer 
Patrick Lauer now offers a provisional repository[6], awaiting integration 
into the official collection when GLEP #15 is finally implemented. This 
space is open to all users, not just official developers. For the time 
being, if you want to contribute, send your script(s) with a short 
description (and in case they are not in the public domain, some license 
information attached to it) directly to Patrick[7]. 
 7. patrick@g.o
News from the Gentoo translators projects
With the announcement of the Japanese translator team[8] that their 
version of the Gentoo Handbook for x86 now reflects all changes done for 
the 2004.3 release, there are currently six alternative languages 
available with a mostly or even completely up-to-date translation of the 
English default handbook. While the German version had already been in 
sync with the English documentation since the day of the release, Danish, 
French, Spanish and traditional Chinese have been added over the course of 
the last two weeks. Other languages are bound to follow, and you can speed 
up things by helping the translation teams in your language: contact the 
project leads listed here[9] if you would like to contribute your time. 
2. Future zone
Shifting to 2.6 kernel as default
Traditionally, our installation documentation has instructed users to 
install a Linux 2.4 kernel to power their Gentoo installation. Linux 2.4 
is now in maintenance mode and has been superseded by Linux 2.6.
Linux 2.6, initially released at the end of 2003, is the result of years 
of rapid development, providing many new features and improvements. 
Notable changes include much improved desktop interactivity, multimedia 
improvements such as new sound drivers (ALSA), improved hardware and 
architecture support, additional security capabilities, improved 
multi-processor (SMP) efficiency, and many other changes. Linux 2.6 is 
still under constant development and has now reached a mature stage.
Gentoo Linux has always provided and semi-supported Linux 2.6 for an 
option for users, and a few architectures have recently moved to making 
this their recommended kernel (ppc, ppc64, amd64, ia64). For other 
architectures such as x86, the default supported kernel is still Linux 
2.4. For the 2005.0 release, the Gentoo kernel developers are working to 
make Linux 2.6 the default kernel for all supported architectures upon 
which 2.6 runs well. All new installations will run Linux 2.6, and at time 
of release, existing 2.4 users will be encouraged to migrate.
Preparation for this switch has already begun. Our 2004.3 LiveCD, unlike 
previous releases, runs the Linux 2.6 kernel internally by default, and 
feedback from this has been very positive. Our Gentoo-supported Linux 2.6 
package, gentoo-dev-sources, has been extended to be supported by as many 
architectures as possible, whereas its 2.4 predecessor (gentoo-sources) is 
really only aimed at x86 users. Thankfully, the process of migration from 
Linux 2.4 to 2.6 is relatively simple, but documentation is in development 
to highlight caveats in the migration[10].
For the 2005.0 release, the 2.6-based gentoo-dev-sources package will be 
merged into gentoo-sources. Other kernel packages will undergo similar 
operations (e.g. development-sources merging into vanilla-sources), and 
the 2.6 releases will be the default kernels under these package titles. 
Linux 2.4 will still be supported, and will be selectable through an 
alternative Portage profile. We have some more work to do beforehand, but 
we will provide complete documentation when this change settles into place.
3. Gentoo security
X.Org, XFree86: libXpm vulnerabilities
libXpm contains several vulnerabilities that could lead to a Denial of 
Service and arbitrary code execution. 
For more information, please see the GLSA Announcement[11] 
unarj: Long filenames buffer overflow and a path traversal vulnerability
unarj contains a buffer overflow and a directory traversal vulnerability. 
This could lead to overwriting of arbitrary files or the execution of 
arbitrary code. 
For more information, please see the GLSA Announcement[12] 
pdftohtml: Vulnerabilities in included Xpdf
pdftohtml includes vulnerable Xpdf code to handle PDF files, making it 
vulnerable to execution of arbitrary code upon converting a malicious PDF 
For more information, please see the GLSA Announcement[13] 
ProZilla: Multiple vulnerabilities
ProZilla contains several buffer overflow vulnerabilities that can be 
exploited by a malicious server to execute arbitrary code with the rights 
of the user running ProZilla. 
For more information, please see the GLSA Announcement[14] 
phpBB: Remote command execution
phpBB contains a vulnerability which allows a remote attacker to execute 
arbitrary commands with the rights of the web server user. 
For more information, please see the GLSA Announcement[15] 
TWiki: Arbitrary command execution
A bug in the TWiki search function allows an attacker to execute arbitrary 
commands with the permissions of the user running TWiki. 
For more information, please see the GLSA Announcement[16] 
Cyrus IMAP Server: Multiple remote vulnerabilities
The Cyrus IMAP Server contains multiple vulnerabilities which could lead 
to remote execution of arbitrary code. 
For more information, please see the GLSA Announcement[17] 
phpWebSite: HTTP response splitting vulnerability
phpWebSite is vulnerable to possible HTTP response splitting attacks. 
For more information, please see the GLSA Announcement[18] 
phpMyAdmin: Multiple XSS vulnerabilities
phpMyAdmin is vulnerable to cross-site scripting attacks. 
For more information, please see the GLSA Announcement[19] 
4. Heard in the community
Web forums
The udderly mysterious Larry the Cow
In preparation for the Italian G-Day (see our article[20] in last week's 
GWN), Peach[21] has designed a few posters, and thought he'd share his 
artwork with the community. Note that "If it moves, compile it" doesn't 
become the official motto for Gentoo Linux just by repetition... 
 * Larry The Cow unveiled and Gentoo Posters[22] 
Gentoo on low end systems
Gentoo is primarily installed on modern hardware because it demands CPU 
power when doing most Portage operations. However, Gentoo's "only what you 
need" approach is great for systems that only need a select set of 
services running, or machines with meager hardware available. Check out 
this quick thread for a few tips if you're planning on installing Gentoo 
on an aging machine.
 * Gentoo Tips for Lower End Systems?[23] 
Copying kernel config files
Here's a quick tip that we've mentioned before; but can be such a time 
saver that it is worth bringing up every so often. When upgrading Linux 
kernels, use the command stated in this thread to carry over the settings 
from your previous kernel version.
 * Q: Copying kernel config files[24] 
Thanksgiving shopping tips
For our readers in the U.S., what kind of holiday week would it be without 
mentioning shopping the day after Thanksgiving? This sprawling thread 
covered just about every old tip and advice in the book. A bit off topic, 
but right on time. Enjoy!
 * When to shop during thanksgiving?[25] 
Thanksgiving thanks given
With Thanksgiving just over and Christmas approaching, both users and 
developers have expressed their gratitude for Gentoo's existence. In the 
first thread, Christian Hoenig expresses his gratitude for being able to 
run Gentoo for two years without reinstall, and just a few hours before, 
Jeremy Huddleston[26] was all warm and mushy inside after eating his 
Thanksgiving turkey, and just felt like writing a happy "thank you all!" 
 26. eradicator@g.o
 * Big thanks for my 2nd anniversary, devs![27] 
 * thank you all![28] 
Beeping nuisance
Roman Gaufman[29] writes: "Someone was bound to complain. I set xorg to 
emerge and go to sleep. I fall asleep and it starts beeping! GRR! Doesnt 
it bother anyone? -- under no circumstances do I want beeping." This 
common "bug" has already been taken care of, but the documentation for 
EBEEP_IGNORE is not yet publically available. Check the thread to see how 
you can silence Portage if you have to! 
 29. hackeron@×××××.com
 * Gentoo beeping at me?[30] 
5. Gentoo International
Turkey: New Gentoo website, GWN mailing list
Gentoo Türkiye, the Turkish Gentoo User Group, has announced their 
soon-to-be website[31], still very much under construction at the time of 
this writing. According to admin Bahadır Kandemir (who is doubling as lead 
GWN translator for Turkish), the team running the site is working on their 
own XML content management system, and will go live as soon as possible. 
More importantly, the revived Turkish GWN version can now be subscribed 
to, via a brandnew mailing list "bulten@×××××××××.org" (bulten = 
newsletter), operational only since last week. If you would like to 
receive the Turkish GWN regularly (with a delay of just a few hours 
compared to the English original), send an empty mail to 
bulten-subscribe@×××××××××.org. Interestingly enough, Gentoo Türkiye's 
website and mailing list are sponsored by a Moscow-based hosting company,[32]. In case you'd like to support their efforts, come and 
meet the Turkish Gentoo user community where they usually hang out: in the 
#turklug channel on
Poland: Bialystok EVDT conference
Last Saturday, 20 November 2004, a group of open-source amateurs using the 
colorful label "Electric Vodka Developer Team" (EVDT) held a conference on 
"Alternative platforms and operating systems"[33] in their home town 
Bialystok, an all-day event hosted at the local Technical University. 
Papers on the history of operating systems, on cluster, embedded, and real 
time systems, and about the differences between x86 and PowerPC 
architectures were being presented to about 80 participants. The PPC side 
was further explored in talks about the Altivec units in PowerPC G4 
processors and how to make use of them with the help of gcc, and in a 
closing presentation about the PegasosPPC platform (see above) and its 
native MorphOS system. Between the sessions and after the last one had 
finished, visitors were able to see and touch some live hardware and 
software. There were PowerPC (G3 and G4) with MorphOS on display, and x86 
desktops with QNX, Slackware, Debian, and of course Gentoo Linux 
installed. Everyone was free to check the differences between several 
Linux flairs, alternative operating systems, and assorted hardware. Some 
photos and a longer report from the event are available here[34] (polish 
Figure 5.1: Power of diversity: alternative platforms on display at the 
Germany: Bowling for Gänsebein
The notorious Ruhr region Gentooists are meeting on 10 December for a 
friendly Christmas dinner party at the equally notorious Gasthof 
Harlos[35] in Oberhausen. The menu is still being discussed, available 
options include Gänsekeulen (goose legs) and Rinderrouladen (beef rolls). 
After dinner the attendants and their ample supply of Glühwein (German 
mulled wine) will retreat to the bowling alley. If you intend to join 
them, post to this forum thread[36].
6. Gentoo in the press
ZDNet UK (25 November 2004)
In her article[37] published shortly after Gentoo Linux 2004.3 was made 
available to the public, Ingrid Marson from ZDNet UK already reports about 
the preparations for Gentoo's next release, 2005.0, due in February next 
year. The article is mostly based on an interview with Gentoo release 
engineer Chris Gianelloni[38] and points out a graphical installation and 
the planned ability to run Gentoo Linux completely off the LiveCD.
 38. wolf31o2@g.o
7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([39]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 14 November 2004 and 28 November 2004, activity 
on the site has resulted in: 
 * 1563 new bugs during this period 
 * 847 bugs closed or resolved during this period 
 * 47 previously closed bugs were reopened this period 
Of the 7645 currently open bugs: 135 are labeled 'blocker', 248 are 
labeled 'critical', and 562 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[40], with 50 closed bugs[41]  
 * Xavier Neys[42], with 34 closed bugs[43]  
 * Gentoo Games[44], with 33 closed bugs[45]  
 * Mozilla Gentoo Team[46], with 29 closed bugs[47]  
 * ppc64 architecture team[48], with 27 closed bugs[49]  
 * Gentoo Linux Gnome Desktop Team[50], with 27 closed bugs[51]  
 * Jeremy Huddleston[52], with 25 closed bugs[53]  
 * Gentoo Linux bug wranglers[54], with 23 closed bugs[55]  
 40. amd64@g.o
 42. neysx@g.o
 44. games@g.o
 46. mozilla@g.o
 48. ppc64@g.o
 50. gnome@g.o
 52. eradicator@g.o
 54. bug-wranglers@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Gentoo's Team for Core System packages[56], with 32 new bugs[57]  
 * AMD64 Porting Team[58], with 28 new bugs[59]  
 * Gentoo X-windows packagers[60], with 23 new bugs[61]  
 * media-video herd[62], with 20 new bugs[63]  
 * Java team[64], with 20 new bugs[65]  
 * Portage team[66], with 15 new bugs[67]  
 * SpanKY[68], with 13 new bugs[69]  
 * netmon herd[70], with 13 new bugs[71]  
 56. base-system@g.o
 58. amd64@g.o
 60. x11@g.o
 62. media-video@g.o
 64. java@g.o
 66. dev-portage@g.o
 68. vapier@g.o
 70. netmon@g.o
8. Tips and Tricks
Portage GUIs
Larry the Cow became just a bit frustrated with Portage and its textual 
frontend. There used to be the legendary KPortage to sooth his craving for 
a graphical user interface, but its development stalled, and it vanished 
from the Portage tree a long time ago. 
Then Larry tried guitoo and porthole. He was impressed. He found two 
up-to-date Portage frontends with ongoing development. All of a sudden, 
Larry the Cow was in control. And he liked it. 
First off, Guitoo[72] is a KDE application offering most functions of 
Portage, such as views of installed and generally available packages. It 
helps you keep your system up to date, lets you view logs and keeps its 
own queue for the installation of multiple packages. Very interesting and 
rather more advanced than its predecessor KPortage it's equipped with a 
systemtray ("kicker") application called Gentoo Watcher, which is pulling 
in rss feeds from the Gentoo website, raking in all available information 
on the latest packages and the Gentoo Linux Security Advisories (GLSA). 
Using the watcher, pending security updates are just one click away as 
they can be pushed to Guitoo for emerging.
| Code Listing 8.1:                                                       |
|Emerge                                                                   |
|                                                                         |
|# echo "app-portage/guitoo ~x86" >> /etc/portage/package.keywords (if    |
|# emerge guitoo                                                          |
|                                                                         |
And then there's Porthole[73]. GTK+-2 rather than Qt-based, it gives you 
control over the basic Portage features, i.e. emerge, unmerge, sync and 
update. While guitoo only gets the output of emerge --pretend to show you 
the dependencies a package has, porthole can show you directly which 
dependencies are met and which are not. 
| Code Listing 8.2:                                                       |
|Emerge                                                                   |
|                                                                         |
|# echo "app-portage/porthole ~x86" >> /etc/portage/package.keywords (if  |
|# emerge porthole                                                        |
|                                                                         |
Larry, being happy about having the tools in the first place, is rather 
indifferent at this point as to which one is preferrable. He suggests you 
try both, and decide for yourself. Choice to the user. 
Figure 8.1: Screenshots of Porthole (left) and Guitoo (right, including 
the watcher)
9. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * Micheal Marineau (marineam) - Kernel patches 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
 74. gwn-feedback@g.o
11. GWN feedback
Please send us your feedback[75] and help make the GWN better.
 75. gwn-feedback@g.o
12. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
13. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[76] 
 * Dutch[77] 
 * English[78] 
 * German[79] 
 * French[80] 
 * Japanese[81] 
 * Italian[82] 
 * Polish[83] 
 * Portuguese (Brazil)[84] 
 * Portuguese (Portugal)[85] 
 * Russian[86] 
 * Spanish[87] 
 * Turkish[88] 
Ulrich Plate <plate@g.o> - Editor
Rafał Ciszyński <r.ciszynski@××.pl> - Author
Brian Downey <bdowney@×××××××××××.net> - Author
Daniel Drake <dsd@g.o> - Author
Michael Imhof <tantive@g.o> - Author
Patrick Lauer <patrick@g.o> - Author

gentoo-gwn@g.o mailing list