Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 4 October 2004
Date: Sun, 03 Oct 2004 23:02:05
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 4 October 2004.
1. Gentoo News
Website redesign finalists up for voting
The Gentoo Foundation's website redesign contest has reached its final 
stage. More than 30 designs had been submitted to the preselection 
committee, and choosing only five candidates was not easy for the jury. 
Now the finalists are up for public assessment at the contest webpage[1], 
and Gentoo users get to vote for their favorite design. A poll has been 
set up at the Gentoo Forums, and registered users can enter their vote 
here[2] no later than 8 October 2004. 

Gentoo PPC developers meet in Germany
Among the remarkable things to happen at the first international Gentoo 
PPC developer meeting was the mere appearance of one of its participants: 
Bryon Roche[3], who pioneered the port of Gentoo to the PPC platform in 
early 2002, had disappeared from active Gentoo development more than half 
a year ago when he joined the U.S. infantry. Last Thursday he was reunited 
with his European developer colleagues at Kransberg Castle, which is just 
a 20-minute drive from his German outpost...

 3. kain@g.o
Figure 1.1: Gentoo PPC co-founder Bryon Roche
Working together exclusively over IRC and mailing lists may be only a 
substitute for real-life interaction, but getting together in the flesh 
for the first time, in the Taunus mountain area just north of Frankfurt am 
Main, really was like meeting old friends. Only a few of the participants 
knew each other from FOSDEM in Brussels earlier this year, making this new 
opportunity attractive enough for e.g. Michael Hanselmann[4] from 
Switzerland to spontaneously decide on Thursday morning to hop on the next 
train to Frankfurt to be there, too. David Holm[5] (Sweden) and Luca 
Barbato[6] (Italy) had attended the Freescale Smart Networks Developer 
Forum[7] in Frankfurt since Tuesday, and Lars Weiler[8] (Germany) and 
Damien Krotkine[9] (France) joined for the last day of that conference, 
dedicated to introductory seminars for the recipients of free PegasosPPC 
desktop computers handed out by the organizers. Four of those donated 
Pegasos machines (with Debian and Yellow Dog Linux plus the exotic MorphOS 
operating system pre-installed) ended up at the castle, one of them not 
lasting 10 minutes before a Gentoo LiveCD was spinning on it. Like G.I. 
Kain, Pieter van den Abeele[10] and Jochen Maes[11] (both from Belgium) 
and guest dev Benjamin Judas[12] (Germany), the release engineer for x86, 
only came to attend the Gentoo gathering.

 4. hansmi@g.o
 5. dholm@g.o
 6. lu_zero@g.o
 8. pylon@g.o
 9. dams@g.o
 10. pvdabeel@g.o
 11. sejo@g.o
 12. beejay@g.o
Figure 1.2: Screen shot of a Pegasos desktop PC running Gentoo Linux from 
a PPC-LiveCD
On top of the Gentoo PPC meeting's agenda was the release engineering for 
2004.3, centering on questions like choosing udev for device handling, and 
whether to address hardware issues in the kernel. Pvdabeel announced a new 
KDE/Gnome LiveDVD for PPC, SeJo reported from talks he had had with 
Benjamin Herrenschmidt, the PPC kernel maintainer, and motioned for Java 
1.5 to be masked at this stage, because of its lack of backward 
compatibility. A tentative roadmap for PPC development in 2005 was also 
drafted, and old and new reponsibilities were discussed and assigned to 
individual developers. 
Figure 1.3: From left to right, above: plate, beejay, pvdabeel, dams; 
below: pylon and lu_zero
Figure 1.4: Hansmi, dholm and sejo
Amid all the serious talk there was space and time enough for recreation, 
of course. Pvdabeel and SeJo had cleverly thought in advance to bring 
Belgian beer in quantities that would have been enough, all truth told, to 
entertain twice as many people. Photos of the event including a few shots 
of the scenery surrounding the castle, the insides of donated PegasosPPCs, 
and mug shots of all attendants are here[13], and even more are here[14], 
including lots of pictures from SNDF.

Nvidia Nforce network chipset driver change in Portage
Daniel Drake[15] announced last week that the proprietary nforce-net 
driver currently in Portage would be removed in favour of its open-source 
alternative forcedeth. Forcedeth contains fixes to those bugs in 
nforce-net that nobody outside of Nvidia was able to address, and it is 
also supported by Nvidia itself, which recently provided some important 
patches to the reverse-engineered code of the Forcedeth project. DSD's 
developer space on[16] contains instructions for Gentoo users 
on replacing the driver. 

 15. dsd@g.o
2. Gentoo security
==================, XFree86: Integer and stack overflows in libXpm
libXpm, the X Pixmap library that is a part of the X Window System, 
contains multiple stack and integer overflows that may allow a 
carefully-crafted XPM file to crash applications linked against libXpm, 
potentially allowing the execution of arbitrary code. 
For more information, please see the GLSA Announcement[17]

Subversion: Metadata information leak
An information leak in mod_authz_svn could allow sensitive metadata of 
protected areas to be leaked to unauthorized users.
For more information, please see the GLSA Announcement[18]

sharutils: Buffer overflows in shar.c and unshar.c 
sharutils contains two buffer overflow vulnerabilities that could lead to 
arbitrary code execution. 
For more information, please see the GLSA Announcement[19]

3. Heard in the community
Web forums
Checksum worries
A sci.crypt newsgroup posting by Tom St. Denis triggered a forum thread 
about whether vulnerabilities in MD5 make it possible to get malicious 
code past security and into the Portage tree: 
 * Gentoo Linux Insecurities[20] 

Newcomers and etc-update
Using etc-update properly is vital to the ongoing stability of your Gentoo 
system. However, at the same time it can be one of the most confusing 
aspects for people new to Gentoo. Many other distributions do the "work" 
of maintaining most of the configuration files, however Gentoo's hands-on 
approach requires gaining sufficient knowledge to surf through the /etc 
directory and at least know what the files are for. This thread was 
started by a Gentoo newcomer who accidentally overwrote most of his /etc 
configuration files, and it discusses methods for recovering as well as 
some handy etc-update use tips. 
 * etc-update Noob mistake[21] 

Non-root emerges
The possibilities and security implications of non-root (i.e. normal user) 
emerges were discussed in this thread. Portage has limited support 
("userpriv" and "sandbox" features), but the installation of software 
needs root privileges at some point.
 * Non-root emerges[22] 

Removing dhcpcd from system?
This long thread weighed the pros and cons of having dhcpcd as part of the 
system profile, drifting off to a discussion of what needs to be part of 
the base system in the first place.
 * Removing dhcpcd from system?[23] 
 * Removing dhcpcd from system?[24] (continued) 

Integrating the hardened toolchain and better NTPL support
Travis Tilley[25] caught the list's attention with two topics this week: 
"Recent gcc ebuilds have been patched to recognise an environment 
variable, GCC_SPECS, that sets which specs-file should be used. The gcc 
3.4.2-r2 ebuild also builds both hardened and non-hardened specs files for 
all users," in reference to the efforts for integrating the hardened 
toolchain to Gentoo, and concerning support for NTPL: "[The ebuild] builds 
glibc twice, once with and once without nptl. The nptl libs go into 
lib/tls where they belong and are used by default when using a 2.6 kernel 
and LD_ASSUME_KERNEL isn't set."

 25. lv@g.o
 * Integrating the hardened toolchain[26] 
 * Better NTPL support[27] 

4. Gentoo International
Italy: Gentoo installation week at University of Bologna 
It is only open to registered students of information science at Bologna's 
university, but it is a highly interesting initiative: During the entire 
week of 11 to 15 October, weathered Gentooists of the faculty will provide 
an "assisted installation" of Gentoo Linux on their co-ed's PCs. For those 
who have access to it, all the necessary details are to be had via the 
university's internal newsgroup, unibo.cs.students. Although it is of 
immediate benefit only to a limited audience this time, the event doubles 
as a dress rehearsal for a planned public Bolognese "Gentoo Installation 
Week" in the near future.
5. Gentoo in the press
====================== (28 September 2004)
-----------------------------[28], the "Enterprise Linux Resource," carried an article by Jem 
Matz[29] on "Gentoo in the server room", reflecting the use of Gentoo 
Linux for web servers and back room production platforms, featuring two 
Gentoo sponsor companies, Tek Alchemy[30] and Seven L Networks[31].

Linux Format (October issue 2004) 
Linux Format[32], a UK Linux magazine published by the Future Publications 
group, has Gentoo Linux on the cover DVD of the October issue. This is a 
full source installation of Gentoo's latest 2004.2 release, with the DVD 
booting as an x86 LiveCD and more than 2GB of source in the distfiles 
directory. The magazine also contains detailed information on installing 
Gentoo. The CD version of the magazine has two CDs dedicated to Gentoo, 
and the DVD version also contains the AMD64 live CD ISO image. 

LinuxPlanet (DistributionWatch, September 2004)
Sean Michael Kerner has just published his latest report called 
"DistributionWatch: Your Guide to Linux Distributions" at LinuxPlanet[33], 
one of the publications of Gentoo is featuring prominently 
in the "Major Linux distributions" section, while "Specialized 
distributions", interestingly enough, lists both Gentoo Linux and its 
predecessor Enoch, extinct since 1999... 

6. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([34]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 25 September 2004 and 01 October 2004, activity 
on the site has resulted in: 

 * 714 new bugs during this period 
 * 426 bugs closed or resolved during this period 
 * 27 previously closed bugs were reopened this period 
Of the 7175 currently open bugs: 136 are labeled 'blocker', 227 are 
labeled 'critical', and 555 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * net-dialup[35], with 23 closed bugs[36]  
 * Gentoo Games[37], with 19 closed bugs[38]  
 * osx porters[39], with 17 closed bugs[40]  
 * AMD64 Porting Team[41], with 17 closed bugs[42]  
 * Perl Devs @ Gentoo[43], with 16 closed bugs[44]  
 * Jeremy Huddleston[45], with 16 closed bugs[46]  
 * Net-Mail Packages[47], with 15 closed bugs[48]  
 * Gentoo's Team for Core System packages[49], with 15 closed bugs[50]  
 35. net-dialup@g.o
 37. games@g.o
 39. osx@g.o
 41. amd64@g.o
 43. perl@g.o
 45. eradicator@g.o
 47. net-mail@g.o
 49. base-system@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Gentoo KDE team[51], with 16 new bugs[52]  
 * Gentoo Linux Gnome Desktop Team[53], with 16 new bugs[54]  
 * Gentoo Science Related Packages[55], with 15 new bugs[56]  
 * Gentoo X-windows packagers[57], with 14 new bugs[58]  
 * osx porters[59], with 12 new bugs[60]  
 * Gentoo Sound Team[61], with 11 new bugs[62]  
 * Java team[63], with 10 new bugs[64]  
 * AMD64 Porting Team[65], with 10 new bugs[66]  
 51. kde@g.o
 53. gnome@g.o
 55. sci@g.o
 57. x11@g.o
 59. osx@g.o
 61. sound@g.o
 63. java@g.o
 65. amd64@g.o

7. Tips and Tricks
Some pretty .bashrc hints
This week we cover some nice to know bash tips that in my opinion every 
user should know of.
Do not remember a command you typed in a few days ago and can not find it 
because it has already been removed from your .bash_history? Then it is 
time to increase the number of lines bash keeps in its history file.
| Code Listing 7.1:                                                       |
|# Keep 1000 lines in .bash_history (default is 500)                      |
|export HISTSIZE=1000                                                     |
|export HISTFILESIZE=1000                                                 |
Note: To find commands in your history easily use the ctrl+r shortcut to 
reverse-search your .bash_history as you type.
If you want to stop bash from creating a history file simply add export 
HISTFILE=/dev/null to your .bashrc.
Another nice tip is to put export HISTCONTROL=ignoredups into your .bashrc 
that will stop bash from caching duplicate lines.
8. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * None this week 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 67. gwn-feedback@g.o
10. GWN feedback
Please send us your feedback[68] and help make the GWN better.

 68. gwn-feedback@g.o
11. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[69] 
 * Dutch[70] 
 * English[71] 
 * German[72] 
 * French[73] 
 * Japanese[74] 
 * Italian[75] 
 * Polish[76] 
 * Portuguese (Brazil)[77] 
 * Portuguese (Portugal)[78] 
 * Russian[79] 
 * Spanish[80] 
 * Turkish[81] 

Ulrich Plate <plate@g.o> - Editor
Brian Downey <bdowney@×××××××××××.net> - Author
Christian Hartmann <ian@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Emmet Wagle <ewagle@×××××.com> - Author

gentoo-gwn@g.o mailing list