---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 4 October 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Website redesign finalists up for voting
----------------------------------------
The Gentoo Foundation's website redesign contest has reached its final
stage. More than 30 designs had been submitted to the preselection
committee, and choosing only five candidates was not easy for the jury.
Now the finalists are up for public assessment at the contest webpage[1],
and Gentoo users get to vote for their favorite design. A poll has been
set up at the Gentoo Forums, and registered users can enter their vote
here[2]Â no later than 8 October 2004.
1. http://www.gentoo.org/proj/en/infrastructure/redesign-guidelines.xml
2. http://forums.gentoo.org/viewtopic.php?t=227589
Gentoo PPC developers meet in Germany
-------------------------------------
Among the remarkable things to happen at the first international Gentoo
PPC developer meeting was the mere appearance of one of its participants:
Bryon Roche[3], who pioneered the port of Gentoo to the PPC platform in
early 2002, had disappeared from active Gentoo development more than half
a year ago when he joined the U.S. infantry. Last Thursday he was reunited
with his European developer colleagues at Kransberg Castle, which is just
a 20-minute drive from his German outpost...
3. kain@gentoo.org
Figure 1.1: Gentoo PPC co-founder Bryon Roche
http://www.gentoo.org/images/gwn/20041004-kain.jpg
Working together exclusively over IRC and mailing lists may be only a
substitute for real-life interaction, but getting together in the flesh
for the first time, in the Taunus mountain area just north of Frankfurt am
Main, really was like meeting old friends. Only a few of the participants
knew each other from FOSDEM in Brussels earlier this year, making this new
opportunity attractive enough for e.g. Michael Hanselmann[4] from
Switzerland to spontaneously decide on Thursday morning to hop on the next
train to Frankfurt to be there, too. David Holm[5] (Sweden) and Luca
Barbato[6] (Italy) had attended the Freescale Smart Networks Developer
Forum[7] in Frankfurt since Tuesday, and Lars Weiler[8] (Germany) and
Damien Krotkine[9] (France) joined for the last day of that conference,
dedicated to introductory seminars for the recipients of free PegasosPPC
desktop computers handed out by the organizers. Four of those donated
Pegasos machines (with Debian and Yellow Dog Linux plus the exotic MorphOS
operating system pre-installed) ended up at the castle, one of them not
lasting 10 minutes before a Gentoo LiveCD was spinning on it. Like G.I.
Kain, Pieter van den Abeele[10] and Jochen Maes[11] (both from Belgium)
and guest dev Benjamin Judas[12] (Germany), the release engineer for x86,
only came to attend the Gentoo gathering.
4. hansmi@gentoo.org
5. dholm@gentoo.org
6. lu_zero@gentoo.org
7.
http://www.freescale.com/webapp/sps/site/overview.jsp?nodeId=02VS0llCc5pzMP
2861
8. pylon@gentoo.org
9. dams@gentoo.org
10. pvdabeel@gentoo.org
11. sejo@gentoo.org
12. beejay@gentoo.org
Figure 1.2: Screen shot of a Pegasos desktop PC running Gentoo Linux from
a PPC-LiveCD
http://www.gentoo.org/images/gwn/20041004-pegasos.jpg
On top of the Gentoo PPC meeting's agenda was the release engineering for
2004.3, centering on questions like choosing udev for device handling, and
whether to address hardware issues in the kernel. Pvdabeel announced a new
KDE/Gnome LiveDVD for PPC, SeJo reported from talks he had had with
Benjamin Herrenschmidt, the PPC kernel maintainer, and motioned for Java
1.5 to be masked at this stage, because of its lack of backward
compatibility. A tentative roadmap for PPC development in 2005 was also
drafted, and old and new reponsibilities were discussed and assigned to
individual developers.
Figure 1.3: From left to right, above: plate, beejay, pvdabeel, dams;
below: pylon and lu_zero
http://www.gentoo.org/images/gwn/20041004-collage1.jpg
Figure 1.4: Hansmi, dholm and sejo
http://www.gentoo.org/images/gwn/20041004-collage2.jpg
Amid all the serious talk there was space and time enough for recreation,
of course. Pvdabeel and SeJo had cleverly thought in advance to bring
Belgian beer in quantities that would have been enough, all truth told, to
entertain twice as many people. Photos of the event including a few shots
of the scenery surrounding the castle, the insides of donated PegasosPPCs,
and mug shots of all attendants are here[13], and even more are here[14],
including lots of pictures from SNDF.
13. http://www.sejo.be/kransberg
14. http://rift.ath.cx/~avatar/SNDF/
Nvidia Nforce network chipset driver change in Portage
------------------------------------------------------
Daniel Drake[15] announced last week that the proprietary nforce-net
driver currently in Portage would be removed in favour of its open-source
alternative forcedeth. Forcedeth contains fixes to those bugs in
nforce-net that nobody outside of Nvidia was able to address, and it is
also supported by Nvidia itself, which recently provided some important
patches to the reverse-engineered code of the Forcedeth project. DSD's
developer space on gentoo.org[16] contains instructions for Gentoo users
on replacing the driver.
15. dsd@gentoo.org
16. http://dev.gentoo.org/~dsd/nforce-net-to-forcedeth.htm
==================
2. Gentoo security
==================
X.org, XFree86: Integer and stack overflows in libXpm
-----------------------------------------------------
libXpm, the X Pixmap library that is a part of the X Window System,
contains multiple stack and integer overflows that may allow a
carefully-crafted XPM file to crash applications linked against libXpm,
potentially allowing the execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Subversion: Metadata information leak
-------------------------------------
An information leak in mod_authz_svn could allow sensitive metadata of
protected areas to be leaked to unauthorized users.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml
sharutils: Buffer overflows in shar.c and unshar.c
---------------------------------------------------
sharutils contains two buffer overflow vulnerabilities that could lead to
arbitrary code execution.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200410-01.xml
=========================
3. Heard in the community
=========================
Web forums
----------
Checksum worries
A sci.crypt newsgroup posting by Tom St. Denis triggered a forum thread
about whether vulnerabilities in MD5 make it possible to get malicious
code past security and into the Portage tree:
* Gentoo Linux Insecurities[20]
20. http://forums.gentoo.org/viewtopic.php?t=229875
gentoo-user
-----------
Newcomers and etc-update
Using etc-update properly is vital to the ongoing stability of your Gentoo
system. However, at the same time it can be one of the most confusing
aspects for people new to Gentoo. Many other distributions do the "work"
of maintaining most of the configuration files, however Gentoo's hands-on
approach requires gaining sufficient knowledge to surf through the /etc
directory and at least know what the files are for. This thread was
started by a Gentoo newcomer who accidentally overwrote most of his /etc
configuration files, and it discusses methods for recovering as well as
some handy etc-update use tips.
* etc-update Noob mistake[21]
21. http://thread.gmane.org/gmane.linux.gentoo.user/101079
gentoo-dev
----------
Non-root emerges
The possibilities and security implications of non-root (i.e. normal user)
emerges were discussed in this thread. Portage has limited support
("userpriv" and "sandbox" features), but the installation of software
needs root privileges at some point.
* Non-root emerges[22]
22. http://thread.gmane.org/gmane.linux.gentoo.devel/21739
Removing dhcpcd from system?
This long thread weighed the pros and cons of having dhcpcd as part of the
system profile, drifting off to a discussion of what needs to be part of
the base system in the first place.
* Removing dhcpcd from system?[23]
* Removing dhcpcd from system?[24] (continued)
23. http://thread.gmane.org/gmane.linux.gentoo.devel/21624
24. http://thread.gmane.org/gmane.linux.gentoo.devel/21754
Integrating the hardened toolchain and better NTPL support
Travis Tilley[25] caught the list's attention with two topics this week:
"Recent gcc ebuilds have been patched to recognise an environment
variable, GCC_SPECS, that sets which specs-file should be used. The gcc
3.4.2-r2 ebuild also builds both hardened and non-hardened specs files for
all users," in reference to the efforts for integrating the hardened
toolchain to Gentoo, and concerning support for NTPL: "[The ebuild] builds
glibc twice, once with and once without nptl. The nptl libs go into
lib/tls where they belong and are used by default when using a 2.6 kernel
and LD_ASSUME_KERNEL isn't set."
25. lv@gentoo.org
* Integrating the hardened toolchain[26]
* Better NTPL support[27]
26. http://thread.gmane.org/gmane.linux.gentoo.devel/21792
27. http://thread.gmane.org/gmane.linux.gentoo.devel/21790
=======================
4. Gentoo International
=======================
Italy: Gentoo installation week at University of Bologna
It is only open to registered students of information science at Bologna's
university, but it is a highly interesting initiative: During the entire
week of 11 to 15 October, weathered Gentooists of the faculty will provide
an "assisted installation" of Gentoo Linux on their co-ed's PCs. For those
who have access to it, all the necessary details are to be had via the
university's internal newsgroup, unibo.cs.students. Although it is of
immediate benefit only to a limited audience this time, the event doubles
as a dress rehearsal for a planned public Bolognese "Gentoo Installation
Week" in the near future.
======================
5. Gentoo in the press
======================
Linux.com (28 September 2004)
-----------------------------
Linux.com[28], the "Enterprise Linux Resource," carried an article by Jem
Matz[29] on "Gentoo in the server room", reflecting the use of Gentoo
Linux for web servers and back room production platforms, featuring two
Gentoo sponsor companies, Tek Alchemy[30] and Seven L Networks[31].
28.
http://distrocenter.linux.com/distrocenter/04/09/23/1944240.shtml?tid=127&t
id=108
29. http://www.thejemreport.com
30. http://www.tek.net
31. http://www.sevenl.net
Linux Format (October issue 2004)
----------------------------------
Linux Format[32], a UK Linux magazine published by the Future Publications
group, has Gentoo Linux on the cover DVD of the October issue. This is a
full source installation of Gentoo's latest 2004.2 release, with the DVD
booting as an x86 LiveCD and more than 2GB of source in the distfiles
directory. The magazine also contains detailed information on installing
Gentoo. The CD version of the magazine has two CDs dedicated to Gentoo,
and the DVD version also contains the AMD64 live CD ISO image.
32. http://linuxformat.co.uk
LinuxPlanet (DistributionWatch, September 2004)
-----------------------------------------------
Sean Michael Kerner has just published his latest report called
"DistributionWatch: Your Guide to Linux Distributions" at LinuxPlanet[33],
one of the publications of Internet.com. Gentoo is featuring prominently
in the "Major Linux distributions" section, while "Specialized
distributions", interestingly enough, lists both Gentoo Linux and its
predecessor Enoch, extinct since 1999...
33. http://www.linuxplanet.com/linuxplanet/reports/1266/1/
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 25 September 2004 and 01 October 2004, activity
on the site has resulted in:
34. http://bugs.gentoo.org
* 714 new bugs during this period
* 426 bugs closed or resolved during this period
* 27 previously closed bugs were reopened this period
Of the 7175 currently open bugs: 136 are labeled 'blocker', 227 are
labeled 'critical', and 555 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* net-dialup[35], with 23 closed bugs[36]
* Gentoo Games[37], with 19 closed bugs[38]
* osx porters[39], with 17 closed bugs[40]
* AMD64 Porting Team[41], with 17 closed bugs[42]
* Perl Devs @ Gentoo[43], with 16 closed bugs[44]
* Jeremy Huddleston[45], with 16 closed bugs[46]
* Net-Mail Packages[47], with 15 closed bugs[48]
* Gentoo's Team for Core System packages[49], with 15 closed bugs[50]
35. net-dialup@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=net-dialup@gentoo.org
37. games@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=games@gentoo.org
39. osx@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=osx@gentoo.org
41. amd64@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=amd64@gentoo.org
43. perl@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=perl@gentoo.org
45. eradicator@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=eradicator@gentoo.org
47. net-mail@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=net-mail@gentoo.org
49. base-system@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=base-system@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo KDE team[51], with 16 new bugs[52]
* Gentoo Linux Gnome Desktop Team[53], with 16 new bugs[54]
* Gentoo Science Related Packages[55], with 15 new bugs[56]
* Gentoo X-windows packagers[57], with 14 new bugs[58]
* osx porters[59], with 12 new bugs[60]
* Gentoo Sound Team[61], with 11 new bugs[62]
* Java team[63], with 10 new bugs[64]
* AMD64 Porting Team[65], with 10 new bugs[66]
51. kde@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=kde@gentoo.org
53. gnome@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=gnome@gentoo.org
55. sci@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=sci@gentoo.org
57. x11@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=x11@gentoo.org
59. osx@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=osx@gentoo.org
61. sound@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=sound@gentoo.org
63. java@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=java@gentoo.org
65. amd64@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=amd64@gentoo.org
==================
7. Tips and Tricks
==================
Some pretty .bashrc hints
-------------------------
This week we cover some nice to know bash tips that in my opinion every
user should know of.
Do not remember a command you typed in a few days ago and can not find it
because it has already been removed from your .bash_history? Then it is
time to increase the number of lines bash keeps in its history file.
---------------------------------------------------------------------------
| Code Listing 7.1: |
|~/.bashrc-----------------------------------------------------------------|
--------
|# Keep 1000 lines in .bash_history (default is 500) |
|export HISTSIZE=1000 |
|export HISTFILESIZE=1000 |
---------------------------------------------------------------------------
Note: To find commands in your history easily use the ctrl+r shortcut to
reverse-search your .bash_history as you type.
If you want to stop bash from creating a history file simply add export
HISTFILE=/dev/null to your .bashrc.
Another nice tip is to put export HISTCONTROL=ignoredups into your .bashrc
that will stop bash from caching duplicate lines.
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[67].
67. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[68] and help make the GWN better.
68. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[69]
* Dutch[70]
* English[71]
* German[72]
* French[73]
* Japanese[74]
* Italian[75]
* Polish[76]
* Portuguese (Brazil)[77]
* Portuguese (Portugal)[78]
* Russian[79]
* Spanish[80]
* Turkish[81]
69. http://www.gentoo.org/news/da/gwn/gwn.xml
70. http://www.gentoo.org/news/be/gwn/gwn.xml
71. http://www.gentoo.org/news/en/gwn/gwn.xml
72. http://www.gentoo.org/news/de/gwn/gwn.xml
73. http://www.gentoo.org/news/fr/gwn/gwn.xml
74. http://www.gentoo.org/news/ja/gwn/gwn.xml
75. http://www.gentoo.org/news/it/gwn/gwn.xml
76. http://www.gentoo.org/news/pl/gwn/gwn.xml
77. http://www.gentoo.org/news/br/gwn/gwn.xml
78. http://www.gentoo.org/news/pt/gwn/gwn.xml
79. http://www.gentoo.org/news/ru/gwn/gwn.xml
80. http://www.gentoo.org/news/es/gwn/gwn.xml
81. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Christian Hartmann <ian@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 4 October 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Website redesign finalists up for voting
----------------------------------------
The Gentoo Foundation's website redesign contest has reached its final
stage. More than 30 designs had been submitted to the preselection
committee, and choosing only five candidates was not easy for the jury.
Now the finalists are up for public assessment at the contest webpage[1],
and Gentoo users get to vote for their favorite design. A poll has been
set up at the Gentoo Forums, and registered users can enter their vote
here[2]Â no later than 8 October 2004.
1. http://www.gentoo.org/proj/en/infrastructure/redesign-guidelines.xml
2. http://forums.gentoo.org/viewtopic.php?t=227589
Gentoo PPC developers meet in Germany
-------------------------------------
Among the remarkable things to happen at the first international Gentoo
PPC developer meeting was the mere appearance of one of its participants:
Bryon Roche[3], who pioneered the port of Gentoo to the PPC platform in
early 2002, had disappeared from active Gentoo development more than half
a year ago when he joined the U.S. infantry. Last Thursday he was reunited
with his European developer colleagues at Kransberg Castle, which is just
a 20-minute drive from his German outpost...
3. kain@gentoo.org
Figure 1.1: Gentoo PPC co-founder Bryon Roche
http://www.gentoo.org/images/gwn/20041004-kain.jpg
Working together exclusively over IRC and mailing lists may be only a
substitute for real-life interaction, but getting together in the flesh
for the first time, in the Taunus mountain area just north of Frankfurt am
Main, really was like meeting old friends. Only a few of the participants
knew each other from FOSDEM in Brussels earlier this year, making this new
opportunity attractive enough for e.g. Michael Hanselmann[4] from
Switzerland to spontaneously decide on Thursday morning to hop on the next
train to Frankfurt to be there, too. David Holm[5] (Sweden) and Luca
Barbato[6] (Italy) had attended the Freescale Smart Networks Developer
Forum[7] in Frankfurt since Tuesday, and Lars Weiler[8] (Germany) and
Damien Krotkine[9] (France) joined for the last day of that conference,
dedicated to introductory seminars for the recipients of free PegasosPPC
desktop computers handed out by the organizers. Four of those donated
Pegasos machines (with Debian and Yellow Dog Linux plus the exotic MorphOS
operating system pre-installed) ended up at the castle, one of them not
lasting 10 minutes before a Gentoo LiveCD was spinning on it. Like G.I.
Kain, Pieter van den Abeele[10] and Jochen Maes[11] (both from Belgium)
and guest dev Benjamin Judas[12] (Germany), the release engineer for x86,
only came to attend the Gentoo gathering.
4. hansmi@gentoo.org
5. dholm@gentoo.org
6. lu_zero@gentoo.org
7.
http://www.freescale.com/webapp/sps/site/overview.jsp?nodeId=02VS0llCc5pzMP
2861
8. pylon@gentoo.org
9. dams@gentoo.org
10. pvdabeel@gentoo.org
11. sejo@gentoo.org
12. beejay@gentoo.org
Figure 1.2: Screen shot of a Pegasos desktop PC running Gentoo Linux from
a PPC-LiveCD
http://www.gentoo.org/images/gwn/20041004-pegasos.jpg
On top of the Gentoo PPC meeting's agenda was the release engineering for
2004.3, centering on questions like choosing udev for device handling, and
whether to address hardware issues in the kernel. Pvdabeel announced a new
KDE/Gnome LiveDVD for PPC, SeJo reported from talks he had had with
Benjamin Herrenschmidt, the PPC kernel maintainer, and motioned for Java
1.5 to be masked at this stage, because of its lack of backward
compatibility. A tentative roadmap for PPC development in 2005 was also
drafted, and old and new reponsibilities were discussed and assigned to
individual developers.
Figure 1.3: From left to right, above: plate, beejay, pvdabeel, dams;
below: pylon and lu_zero
http://www.gentoo.org/images/gwn/20041004-collage1.jpg
Figure 1.4: Hansmi, dholm and sejo
http://www.gentoo.org/images/gwn/20041004-collage2.jpg
Amid all the serious talk there was space and time enough for recreation,
of course. Pvdabeel and SeJo had cleverly thought in advance to bring
Belgian beer in quantities that would have been enough, all truth told, to
entertain twice as many people. Photos of the event including a few shots
of the scenery surrounding the castle, the insides of donated PegasosPPCs,
and mug shots of all attendants are here[13], and even more are here[14],
including lots of pictures from SNDF.
13. http://www.sejo.be/kransberg
14. http://rift.ath.cx/~avatar/SNDF/
Nvidia Nforce network chipset driver change in Portage
------------------------------------------------------
Daniel Drake[15] announced last week that the proprietary nforce-net
driver currently in Portage would be removed in favour of its open-source
alternative forcedeth. Forcedeth contains fixes to those bugs in
nforce-net that nobody outside of Nvidia was able to address, and it is
also supported by Nvidia itself, which recently provided some important
patches to the reverse-engineered code of the Forcedeth project. DSD's
developer space on gentoo.org[16] contains instructions for Gentoo users
on replacing the driver.
15. dsd@gentoo.org
16. http://dev.gentoo.org/~dsd/nforce-net-to-forcedeth.htm
==================
2. Gentoo security
==================
X.org, XFree86: Integer and stack overflows in libXpm
-----------------------------------------------------
libXpm, the X Pixmap library that is a part of the X Window System,
contains multiple stack and integer overflows that may allow a
carefully-crafted XPM file to crash applications linked against libXpm,
potentially allowing the execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
Subversion: Metadata information leak
-------------------------------------
An information leak in mod_authz_svn could allow sensitive metadata of
protected areas to be leaked to unauthorized users.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml
sharutils: Buffer overflows in shar.c and unshar.c
---------------------------------------------------
sharutils contains two buffer overflow vulnerabilities that could lead to
arbitrary code execution.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200410-01.xml
=========================
3. Heard in the community
=========================
Web forums
----------
Checksum worries
A sci.crypt newsgroup posting by Tom St. Denis triggered a forum thread
about whether vulnerabilities in MD5 make it possible to get malicious
code past security and into the Portage tree:
* Gentoo Linux Insecurities[20]
20. http://forums.gentoo.org/viewtopic.php?t=229875
gentoo-user
-----------
Newcomers and etc-update
Using etc-update properly is vital to the ongoing stability of your Gentoo
system. However, at the same time it can be one of the most confusing
aspects for people new to Gentoo. Many other distributions do the "work"
of maintaining most of the configuration files, however Gentoo's hands-on
approach requires gaining sufficient knowledge to surf through the /etc
directory and at least know what the files are for. This thread was
started by a Gentoo newcomer who accidentally overwrote most of his /etc
configuration files, and it discusses methods for recovering as well as
some handy etc-update use tips.
* etc-update Noob mistake[21]
21. http://thread.gmane.org/gmane.linux.gentoo.user/101079
gentoo-dev
----------
Non-root emerges
The possibilities and security implications of non-root (i.e. normal user)
emerges were discussed in this thread. Portage has limited support
("userpriv" and "sandbox" features), but the installation of software
needs root privileges at some point.
* Non-root emerges[22]
22. http://thread.gmane.org/gmane.linux.gentoo.devel/21739
Removing dhcpcd from system?
This long thread weighed the pros and cons of having dhcpcd as part of the
system profile, drifting off to a discussion of what needs to be part of
the base system in the first place.
* Removing dhcpcd from system?[23]
* Removing dhcpcd from system?[24] (continued)
23. http://thread.gmane.org/gmane.linux.gentoo.devel/21624
24. http://thread.gmane.org/gmane.linux.gentoo.devel/21754
Integrating the hardened toolchain and better NTPL support
Travis Tilley[25] caught the list's attention with two topics this week:
"Recent gcc ebuilds have been patched to recognise an environment
variable, GCC_SPECS, that sets which specs-file should be used. The gcc
3.4.2-r2 ebuild also builds both hardened and non-hardened specs files for
all users," in reference to the efforts for integrating the hardened
toolchain to Gentoo, and concerning support for NTPL: "[The ebuild] builds
glibc twice, once with and once without nptl. The nptl libs go into
lib/tls where they belong and are used by default when using a 2.6 kernel
and LD_ASSUME_KERNEL isn't set."
25. lv@gentoo.org
* Integrating the hardened toolchain[26]
* Better NTPL support[27]
26. http://thread.gmane.org/gmane.linux.gentoo.devel/21792
27. http://thread.gmane.org/gmane.linux.gentoo.devel/21790
=======================
4. Gentoo International
=======================
Italy: Gentoo installation week at University of Bologna
It is only open to registered students of information science at Bologna's
university, but it is a highly interesting initiative: During the entire
week of 11 to 15 October, weathered Gentooists of the faculty will provide
an "assisted installation" of Gentoo Linux on their co-ed's PCs. For those
who have access to it, all the necessary details are to be had via the
university's internal newsgroup, unibo.cs.students. Although it is of
immediate benefit only to a limited audience this time, the event doubles
as a dress rehearsal for a planned public Bolognese "Gentoo Installation
Week" in the near future.
======================
5. Gentoo in the press
======================
Linux.com (28 September 2004)
-----------------------------
Linux.com[28], the "Enterprise Linux Resource," carried an article by Jem
Matz[29] on "Gentoo in the server room", reflecting the use of Gentoo
Linux for web servers and back room production platforms, featuring two
Gentoo sponsor companies, Tek Alchemy[30] and Seven L Networks[31].
28.
http://distrocenter.linux.com/distrocenter/04/09/23/1944240.shtml?tid=127&t
id=108
29. http://www.thejemreport.com
30. http://www.tek.net
31. http://www.sevenl.net
Linux Format (October issue 2004)
----------------------------------
Linux Format[32], a UK Linux magazine published by the Future Publications
group, has Gentoo Linux on the cover DVD of the October issue. This is a
full source installation of Gentoo's latest 2004.2 release, with the DVD
booting as an x86 LiveCD and more than 2GB of source in the distfiles
directory. The magazine also contains detailed information on installing
Gentoo. The CD version of the magazine has two CDs dedicated to Gentoo,
and the DVD version also contains the AMD64 live CD ISO image.
32. http://linuxformat.co.uk
LinuxPlanet (DistributionWatch, September 2004)
-----------------------------------------------
Sean Michael Kerner has just published his latest report called
"DistributionWatch: Your Guide to Linux Distributions" at LinuxPlanet[33],
one of the publications of Internet.com. Gentoo is featuring prominently
in the "Major Linux distributions" section, while "Specialized
distributions", interestingly enough, lists both Gentoo Linux and its
predecessor Enoch, extinct since 1999...
33. http://www.linuxplanet.com/linuxplanet/reports/1266/1/
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[34]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 25 September 2004 and 01 October 2004, activity
on the site has resulted in:
34. http://bugs.gentoo.org
* 714 new bugs during this period
* 426 bugs closed or resolved during this period
* 27 previously closed bugs were reopened this period
Of the 7175 currently open bugs: 136 are labeled 'blocker', 227 are
labeled 'critical', and 555 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* net-dialup[35], with 23 closed bugs[36]
* Gentoo Games[37], with 19 closed bugs[38]
* osx porters[39], with 17 closed bugs[40]
* AMD64 Porting Team[41], with 17 closed bugs[42]
* Perl Devs @ Gentoo[43], with 16 closed bugs[44]
* Jeremy Huddleston[45], with 16 closed bugs[46]
* Net-Mail Packages[47], with 15 closed bugs[48]
* Gentoo's Team for Core System packages[49], with 15 closed bugs[50]
35. net-dialup@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=net-dialup@gentoo.org
37. games@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=games@gentoo.org
39. osx@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=osx@gentoo.org
41. amd64@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=amd64@gentoo.org
43. perl@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=perl@gentoo.org
45. eradicator@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=eradicator@gentoo.org
47. net-mail@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=net-mail@gentoo.org
49. base-system@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-25&chfieldto=2004-10-01&resolution=FIX
ED&assigned_to=base-system@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo KDE team[51], with 16 new bugs[52]
* Gentoo Linux Gnome Desktop Team[53], with 16 new bugs[54]
* Gentoo Science Related Packages[55], with 15 new bugs[56]
* Gentoo X-windows packagers[57], with 14 new bugs[58]
* osx porters[59], with 12 new bugs[60]
* Gentoo Sound Team[61], with 11 new bugs[62]
* Java team[63], with 10 new bugs[64]
* AMD64 Porting Team[65], with 10 new bugs[66]
51. kde@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=kde@gentoo.org
53. gnome@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=gnome@gentoo.org
55. sci@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=sci@gentoo.org
57. x11@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=x11@gentoo.org
59. osx@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=osx@gentoo.org
61. sound@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=sound@gentoo.org
63. java@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=java@gentoo.org
65. amd64@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-25&chfieldto=2004-10
-01&assigned_to=amd64@gentoo.org
==================
7. Tips and Tricks
==================
Some pretty .bashrc hints
-------------------------
This week we cover some nice to know bash tips that in my opinion every
user should know of.
Do not remember a command you typed in a few days ago and can not find it
because it has already been removed from your .bash_history? Then it is
time to increase the number of lines bash keeps in its history file.
---------------------------------------------------------------------------
| Code Listing 7.1: |
|~/.bashrc-----------------------------------------------------------------|
--------
|# Keep 1000 lines in .bash_history (default is 500) |
|export HISTSIZE=1000 |
|export HISTFILESIZE=1000 |
---------------------------------------------------------------------------
Note: To find commands in your history easily use the ctrl+r shortcut to
reverse-search your .bash_history as you type.
If you want to stop bash from creating a history file simply add export
HISTFILE=/dev/null to your .bashrc.
Another nice tip is to put export HISTCONTROL=ignoredups into your .bashrc
that will stop bash from caching duplicate lines.
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[67].
67. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[68] and help make the GWN better.
68. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[69]
* Dutch[70]
* English[71]
* German[72]
* French[73]
* Japanese[74]
* Italian[75]
* Polish[76]
* Portuguese (Brazil)[77]
* Portuguese (Portugal)[78]
* Russian[79]
* Spanish[80]
* Turkish[81]
69. http://www.gentoo.org/news/da/gwn/gwn.xml
70. http://www.gentoo.org/news/be/gwn/gwn.xml
71. http://www.gentoo.org/news/en/gwn/gwn.xml
72. http://www.gentoo.org/news/de/gwn/gwn.xml
73. http://www.gentoo.org/news/fr/gwn/gwn.xml
74. http://www.gentoo.org/news/ja/gwn/gwn.xml
75. http://www.gentoo.org/news/it/gwn/gwn.xml
76. http://www.gentoo.org/news/pl/gwn/gwn.xml
77. http://www.gentoo.org/news/br/gwn/gwn.xml
78. http://www.gentoo.org/news/pt/gwn/gwn.xml
79. http://www.gentoo.org/news/ru/gwn/gwn.xml
80. http://www.gentoo.org/news/es/gwn/gwn.xml
81. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Christian Hartmann <ian@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
--
gentoo-gwn@gentoo.org mailing list