Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 20 March 2006
Date: Mon, 20 Mar 2006 22:15:37
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 20 March 2006.
1. Gentoo news
Gentoo x86 arch testers wanted
The x86 team has adopted the Arch Tester program and is looking for some 
ambitious members of the community to join the team and help out. If you 
would like to give back to Gentoo, but don't know how, then this may be a 
good way for you to start. You would be helping by testing applications to 
be marked stable and assisting in general x86-specific bugs. Please take a 
look at the x86 AT documentation[1], and if you have questions about 
anything, please either email Homer Parker[2] or Mark Loeser[3]. 

 2. hparker@g.o
 3. halcy0n@g.o
New Athlon X2 for Gentoo developers
As part of Roger Williams University[4] and the School of Business'[5] 
continuing expansion into undergraduate and graduate research, access to a 
dual-core Athlon X2 is now being provided to faculty, staff and students 
of RWU -- and to Gentoo developers! The new host -- baptized "pearl" -- 
will facilitate Gentoo's official support for dual-core AMD64 systems in 
the future. Thanks to RWU for their generous support! 

Figure 1.1: Athlon X2 4600+, 4GB RAM, 500GB storage, Gentoo Linux 2006.0
Countdown for Modular X
As reported in the GWN of 30 January[6], the X team is preparing to unmask 
289 modular X packages. They will enter ~arch (testing) this week for most 
architectures, be sure to read the migration guide[7] before upgrading to 
modular X! 

2. Heard in the community
Web forums
Gentoo girls wear, anyone?
A female Forums user, star.dancer[8], shows her disappointment in the 
total absence of Gentoo merchandise for women. Maybe it's the time to add 
women apparel and other schwag on the official Gentoo Store? 

 * Gentoo Shop: T-Shirts for girls[9] 
 * Link to Gentoo store[10] 

glibc 2.4 some more
Last week's GWN mentioned the ascension of glibc-2.4 into the Portage 
tree. As the number of users that emerge it grows, problems are increasing 
as well. Some users confess to have fallen into a real mess with 
glibc-2.4, the library and the nptl and nptlonly USE flags, 
while others using prelink on their respective systems had to prelink 
their whole system again: 
 * glibc,, nptl, nptlonly = problems[11] 
 * Upgrading to glibc requires nptlonly use flag[12] 

Overlay for overlays?
Some users have been discussing alternatives for applications to find 
their way into Portage. One idea is to publish the most popular overlays 
on a website. What do you think? 
 * maybe a better way to get programmes into portage[13] 

3. Gentoo international
Japan: OSC 2006 spring event report
Figure 3.1: CD cover for 2006.0 release at OSC
Note: Cover art for the CD hand-outs at the OSC booth can be downloaded 
from Tomoyuki Sakurai's webspace. 
The media didn't last long: GentooJP had 150 CDs prepared as give-aways at 
the Tokyo Open-Source Conference last weekend, but they were "sold out" by 
the end of the first day. The Gentoo x86 and PPC boxes on display at the 
booth showed the first official release of the Gentoo installer, and KDE. 
Gentoo developers to visit or man the booth included Matsuu Takuto[14], 
Shigehiro Idani[15], Jason Stubbs[16] and Mamoru Komachi[17], the latter 
just back from Europe where he went to the FOSDEM meeting in Brussels. 

 14. matsuu@g.o
 15. idani@g.o
 16. jstubbs@g.o
 17. usata@g.o
Figure 3.2: The Gentoo booth at OSC
Note: Featuring developers matsuu (right) and idani (center), friends and 
visitors. This and more pictures are available at Kalin's website. 
Twelve attendants participated in the "Gentoo ebuild Howto" session, an 
unexpectedly high turnout of people actually interested in writing and 
submitting ebuilds themselves. There's hope for some of them to eventually 
help with Gentoo development, especially in i18n and CJK. 
The day ended as usual, with a nomikai (drinking bout) at an izakaya 
(pub). The next meeting to be held in the Tokyo area is scheduled for 
sometime in April, when Dutch Gentoo developer Andres Loeh[18] will be in 
town for a conference. If you are available around that time, join 
#gentoo-ja on or subscribe to the GentooJP mailing list 
gentoojp-misc@××××××××××××.jp for more information. 

 18. kosmikus@g.o
4. Gentoo in the press
Distrowatch (13 March 2006)
Distrowatch has mentioned Kororaa[19] -- a Gentoo-based binary 
distribution featuring a simplified installation process -- before, in 
November 2005[20]. The GWN in turn featured the Kororaa project's latest 
release of an Xgl LiveCD[21] just last week. Now the amazing 3D effects of 
the Xgl display server as you manipulate windows on your desktop have 
caught Ladislav Bodnar's attention too, who interviewed Chris Smart[22] in 
his last edition. A similar interview and an article appeared in NewsForge 
a day later[23]. 

5. Tips and tricks
Efficient file change notifications
Many applications rely on tracking filesystem changes internally, and 
until recently, the most popular library providing functionality like this 
was app-admin/fam. Packages which use FAM for file-monitoring include 
GNOME, KDE, PHP, various file managers, various mail clients and servers, 
and many more. FAM works by repeatedly polling directory contents and 
looking to see if things have changed. This is inefficient, but it did the 
job for a while. 
More recently, ultra-efficient kernel-side support for monitoring file 
changes was merged into Linux 2.6. This functionality, called inotify, is 
on by default, and is probably already available on your system (assuming 
you are relatively up-to-date). app-admin/gamin is a direct replacement 
for FAM, even implementing an identical API. The biggest bonus about gamin 
is that where available, gamin monitors the filesystem using inotify, 
destroying the ugly overhead which FAM had. 
Gamin will be the default for new Gentoo installs, but there is no 
automatic migration for existing users at this time. It is recommended 
that you make the switch manually: 
| Code Listing 5.1:                                                       |
| Switching to gamin                                                      |
|                                                                         |
|# emerge -C app-admin/fam                                                |
|# emerge --oneshot app-admin/gamin                                       |
|It is not necessary to re-merge any software that is built on            |
|FAM, as gamin is literally a drop-in replacement.                        |
|                                                                         |
|                                                                         |
Note:  Gamin also supports plain old filesystem polling, and seems to do a 
better job than FAM did. Even if you do not have an inotify-enabled 
system, it is still recommended that you change. 
Given that the overhead for monitoring filesystem events is now so low, it 
is also suggested that you enable file-monitoring support for applications 
which optionally support it. To do so, enable the "fam" USE flag: 
| Code Listing 5.2:                                                       |
| Add 'fam' USE flag and rebuild world                                    |
|                                                                         |
|# nano -w /etc/make.conf                                                 |
|Add "fam" to your USE variable and save the file                         |
|# emerge --newuse world                                                  |
|                                                                         |
6. Gentoo developer moves
The following developers recently left the Gentoo project: 
 * None this week 
The following developers recently joined the Gentoo project: 
 * Karol Pasternak (reb) - Gentoo OpenBSD  
The following developers recently changed roles within the Gentoo project:
 * None this week 
7. Gentoo Security
Freeciv: Denial of Service
A memory allocation bug in Freeciv allows a remote attacker to perform a 
Denial of Service attack. 
For more information, please see the GLSA Announcement[24] 

zoo: Buffer overflow
A buffer overflow in zoo may be exploited to execute arbitrary when 
creating archives of specially crafted directories and files. 
For more information, please see the GLSA Announcement[25] 

PEAR-Auth: Potential authentication bypass
PEAR-Auth did not correctly verify data passed to the DB and LDAP 
containers, thus allowing to inject false credentials to bypass the 
For more information, please see the GLSA Announcement[26] 

Heimdal: rshd privilege escalation
An error in the rshd daemon of Heimdal could allow authenticated users to 
elevate privileges. 
For more information, please see the GLSA Announcement[27] 

Crypt::CBC: Insecure initialization vector
Crypt::CBC uses an insecure initialization vector, potentially resulting 
in a weaker encryption. 
For more information, please see the GLSA Announcement[28] 

Metamail: Buffer overflow
A buffer overflow in Metamail could possibly be exploited to execute 
arbitrary code. 
For more information, please see the GLSA Announcement[29] 

8. Bugzilla
The Gentoo community uses Bugzilla ([30]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 12 March 2006 and 19 March 2006, activity on the 
site has resulted in: 

 * 865 new bugs during this period 
 * 417 bugs closed or resolved during this period 
 * 20 previously closed bugs were reopened this period 
Of the 9800 currently open bugs: 67 are labeled 'blocker', 151 are labeled 
'critical', and 540 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo Games[31], with 36 closed bugs[32]  
 * Gentoo Linux Gnome Desktop Team[33], with 23 closed bugs[34]  
 * AMD64 Project[35], with 19 closed bugs[36]  
 * Gentoo Release Team[37], with 17 closed bugs[38]  
 * Xavier Neys[39], with 17 closed bugs[40]  
 * Gentoo Toolchain Maintainers[41], with 15 closed bugs[42]  
 * Gentoo Science Related Packages[43], with 14 closed bugs[44]  
 * ppc64 architecture team[45], with 13 closed bugs[46]  
 31. games@g.o
 33. gnome@g.o
 35. amd64@g.o
 37. release@g.o
 39. neysx@g.o
 41. toolchain@g.o
 43. sci@g.o
 45. ppc64@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[47], with 44 new bugs[48]  
 * AMD64 Project[49], with 14 new bugs[50]  
 * Gentoo Games[51], with 12 new bugs[52]  
 * Perl Devs @ Gentoo[53], with 8 new bugs[54]  
 * Netmon Herd[55], with 8 new bugs[56]  
 * Gentoo Linux Gnome Desktop Team[57], with 8 new bugs[58]  
 * Gentoo Toolchain Maintainers[59], with 6 new bugs[60]  
 * Gentoo Web Application Packages Maintainers[61], with 5 new bugs[62]  
 47. maintainer-wanted@g.o
 49. amd64@g.o
 51. games@g.o
 53. perl@g.o
 55. netmon@g.o
 57. gnome@g.o
 59. toolchain@g.o
 61. web-apps@g.o

9. GWN feedback
Please send us your feedback[63] and help make the GWN better. 

 63. gwn-feedback@g.o
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
11. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[64]  
 * Dutch[65]  
 * English[66]  
 * German[67]  
 * French[68]  
 * Korean[69]  
 * Japanese[70]  
 * Italian[71]  
 * Polish[72]  
 * Portuguese (Brazil)[73]  
 * Portuguese (Portugal)[74]  
 * Russian[75]  
 * Spanish[76]  
 * Turkish[77]  

Ulrich Plate <plate@g.o> - Editor
Ioannis Aslanidis <deathwing00@g.o> - Author
Daniel Drake <dsd@g.o> - Author
Chris Gianelloni <wolf31o2@g.o> - Author
Gerald J. Normandin Jr. <gerrynjr@g.o> - Author
Tomoyuki Sakurai <cherry@××××××××××××.nu> - Author

gentoo-gwn@g.o mailing list