---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 1 November 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Report from last week's Linux World Expo in Germany (Frankfurt)
---------------------------------------------------------------
The Linux World Conference & Expo[1] in Frankfurt is one of Germany's top
5 specialized fairs, with 15,000 visitors and its main focus on commercial
Linux offerings. The exhibition serves as a platform for Linux products
and development, and is complemented by a conference program spanning all
three days. Gentoo was present in the ".org Pavilion" next to a lot of
other non-commercial community projects. The German non-profit association
"Förderverein Gentoo e.V."[2] had been in charge of organization, and
brought together more than ten Gentoo developers from Germany, Austria and
the Switzerland to man the booth.
1. http://www.linuxworldexpo.de
2. http://www.gentoo-ev.de
Figure 1.1: The Usual suspects
http://www.gentoo.org/images/gwn/20041101-lwe.jpg
Note: Left to right: zypher (Marc Hildebrand), dj-submerge (Marc Herren),
visiting GWN editor Ulrich Plate, swegener (Sven Wegener), crouching ian!
(Christian Hartmann), PyLon (Lars Weiler), yah (Markus van Bracht),
cybersystem (Markus Nigbur), amne (Wernfried Haas), stkn (Stefan Knoblich)
and tantive (Michael Imhof)
There was quite some interest in the large variety of supported platforms
displayed at the Gentoo booth this year, from various x86 and PPC laptops
to three Ultra-Sparc machines, and even a Siemens Primergy quadruple Xeon
server. With half a dozen hosts constantly building base systems or
emerging applications, a dedicated Mini-ITX based distfiles server was put
in place as a local repository right at the booth, very convenient for
both staff and Gentoo users passing by. Several visitors came to get
special support for their Gentoo installations, or just wanted to meet
some of the developers involved in the project. One of their most frequent
request was a "server edition" or "Enterprise Gentoo", with a more
stabilized tree and more comfort for updates in a production environment -
hardly surprising, since the LWE is a predominantly commercial trade fair.
Special LWE edition Gentoo x86 LiveCDs (nicknamed "Fizzlewizzle")
featuring German localizations of KDE, extensive documentation and a
nightview of Frankfurt's office district on the CD label were distributed
at the booth. Both the ISO image (remastered by Tobias Scherbaum[3]) and
Christian Hartmann's[4] artwork to print directly onto the media can be
downloaded from here[5].
3. dertobi123@gentoo.org
4. ian@gentoo.org
5.
http://download.iansview.com/gentoo/exhibitions/lwe-frankfurt/2004/livecd/
Figure 1.2: Gentoo LiveCD LWE edition cover
http://www.gentoo.org/images/gwn/20041101-livecd.jpg
Mixed messages were heard from neighboring exhibitors: While Sven Herzberg
of the Gnome[6] booth was kind enough to point out that Gentoo's bugzilla
(unlike his own project's older version) provides buglists in iCalendar
format for import into Evolution, Sun Microsystems had disappointing news
about the future availability of Java on the PowerPC platform - none
planned, unfortunately. Their project Looking Glass[7] remains quite an
eyecatcher, though.
6. http://www.gnome.org
7. http://www.sun.com/software/project-looking-glass
Call for help: Experienced J2EE developers needed
-------------------------------------------------
Karl Trygve Kalleberg[8] of Gentoo's Java team really needs help: "Judging
from the number of bugs and requests for feature enhancements that we've
been assigned in the recent past, there must have been increased interest
in Java applications since the release of Eclipse[9]," explains Karl. The
first request for additional help went out in August, but this time
there's a tad more urgency to it: If you're an experienced Java developer,
especially with a J2EE track record, please mail Karl[10] and the Gentoo
recruiters team[11] today.
8. karltk@gentoo.org
9. http://www.eclipse.org
10. karltk@gentoo.org
11. recruiters@gentoo.org
Coming up: Gentoo Bugday on Saturday, 6 November 2004
-----------------------------------------------------
Gentoo Bugday is a monthly event where users and developers gather on IRC
to fix lots of bugs. This unique opportunity to meet the devs and directly
participate in fixing problems has been hugely successful, in the past. A
dedicated IRC channel has been set aside for this collaborative effort,
#gentoo-bugs on irc.freenode.org, and if you want to participate, all you
have to do is /join the channel.
==================
2. Gentoo security
==================
MySQL: Multiple vulnerabilities
-------------------------------
Several vulnerabilities including privilege abuse, Denial of Service, and
potentially remote arbitrary code execution have been discovered in MySQL.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
Gaim: Multiple vulnerabilities
------------------------------
Multiple vulnerabilities have been found in Gaim which could allow a
remote attacker to crash the application, or possibly execute arbitrary
code.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml
MIT krb5: Insecure temporary file use in send-pr.sh
---------------------------------------------------
The send-pr.sh script, included in the mit-krb5 package, is vulnerable to
symlink attacks, potentially allowing a local user to overwrite arbitrary
files with the rights of the user running the utility.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
Netatalk: Insecure tempfile handling in etc2ps.sh
-------------------------------------------------
The etc2ps.sh script, included in the Netatalk package, is vulnerable to
symlink attacks, potentially allowing a local user to overwrite arbitrary
files with the rights of the user running the utility.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml
socat: Format string vulnerability
----------------------------------
socat contains a format string vulnerability that can potentially lead to
remote or local execution of arbitrary code with the privileges of the
socat process.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200410-26.xml
mpg123: Buffer overflow vulnerabilities
---------------------------------------
Buffer overflow vulnerabilities have been found in mpg123 which could lead
to execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml
rssh: Format string vulnerability
---------------------------------
rssh is vulnerable to a format string vulnerability that allows arbitrary
execution of code with the rights of the connected user, thereby bypassing
rssh restrictions.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml
PuTTY: Pre-authentication buffer overflow
-----------------------------------------
PuTTY contains a vulnerability allowing an SSH server to execute arbitrary
code on the connecting client.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200410-29.xml
GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
-----------------------------------------------------
GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF
files, making them vulnerable to execution of arbitrary code upon viewing
a malicious PDF file.
For more information, please see the GLSA Announcement[20]
20. http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
Archive::Zip: Virus detection evasion
-------------------------------------
Email virus scanning software relying on Archive::Zip can be fooled into
thinking a ZIP attachment is empty while it contains a virus, allowing
detection evasion.
For more information, please see the GLSA Announcement[21]
21. http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml
=========================
3. Heard in the community
=========================
Web forums
----------
To sleep - perchance to dream: ay, there's the patch
Ending many months of insomnia in PowerBooks, Gentoo/PPC developer JoseJX
reported in a Forum thread on Wednesday that Benjamin Herrenschmidt, the
PPC kernel maintainer, has published his latest enhancement to the power
management of portable Macs, more specifically for putting the aluminium
PowerBooks with ATi graphics chipsets to sleep. Benh's patch seems to
apply cleanly to Gentoo's development sources 2.6.9-r1, and a wave of
gratitude is washing over the PPC forum:
* Test patch for sleep on AluBooks[22]
22. http://forums.gentoo.org/viewtopic.php?t=243169
gentoo-user
-----------
Analogue distributions
Users commented on a new linux distribution vidalinux[23] which is based
on Gentoo. It uses the Gentoo system tools and portage as its package
manager.
23. http://www.vidalinux.com
* vidalinux[24]
24. http://thread.gmane.org/gmane.linux.gentoo.user/105000
Master USE
Several discussions arose this week regarding USE flags in Portage. USE
flags provide a convenient approach to managing support and dependency
information when emerging packages. Understanding what flags are necessary
and how they might impact a system's configuration can be challenging for
new users.
* USE flags documentation[25]
* Choosing USE flags (and choosing well)[26]
* changed USE flags[27]
25. http://thread.gmane.org/gmane.linux.gentoo.user/105145
26. http://thread.gmane.org/gmane.linux.gentoo.user/105001
27. http://thread.gmane.org/gmane.linux.gentoo.user/104703
Binary pop
One user noticed that etc-update was asking them to overwrite /etc/X11/xdm
binary files in addition to just configuration files.
* Portage: binaries seen as config files[28]
28. http://thread.gmane.org/gmane.linux.gentoo.user/105121
gentoo-dev
----------
A few glibc changes
Travis Tilley[29] has again done some (major) changes to Gentoo's glibc.
This includes enabling some sanity checks, and improved DNS and mDNS
handling.
29. lv@gentoo.org
* A few glibc changes[30]
30. http://thread.gmane.org/gmane.linux.gentoo.devel/22501
"Planet Gentoo" blog aggregator
Daniel Drake[31] presents a proposal for a Gentoo Blog Aggregator to
provide users and developers with a better overview of developments in
Gentoo. The ensuing discussion centered more on the usefulness of such a
service, as many people dislike blogs.
31. dsd@gentoo.org
* GLEP 30: "Planet Gentoo" web log aggregator[32]
32. http://thread.gmane.org/gmane.linux.gentoo.devel/22415
GLEP 29: USE flag grouping
In another GLEP started this week, Ciaran McCreesh[33] proposes some new
input on USE flag groups. This should enable users to select groups (for
example, @KDE, @MULTIMEDIA), but the fine details (what does @KDE -@GNOME
do?) are still not perfectly worked out.
33. ciaranm@gentoo.org
* A GLEP 29: USE flag grouping[34]
34. http://thread.gmane.org/gmane.linux.gentoo.devel/22378
======================
4. Gentoo in the press
======================
Newsforge (30 October 2004)
---------------------------
Joe Barr has written a tongue-in-cheek piece[35] answering the question
what the choice of Linux distributions says about a person. According to
Barr, Gentoo's motto is "If it moves, compile it," supposedly making it
the distribution most appealing to lone ranger types like John Wayne.
35. http://www.newsforge.com/article.pl?sid=04/10/30/1322227
===========
5. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[36]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 24 October 2004 and 30 October 2004, activity on
the site has resulted in:
36. http://bugs.gentoo.org
* 802 new bugs during this period
* 378 bugs closed or resolved during this period
* 19 previously closed bugs were reopened this period
Of the 7368 currently open bugs: 115 are labeled 'blocker', 255 are
labeled 'critical', and 551 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo's Team for Core System packages[37], with 45 closed bugs[38]
* AMD64 Porting Team[39], with 25 closed bugs[40]
* Gentoo Security[41], with 19 closed bugs[42]
* Java team[43], with 14 closed bugs[44]
* netmon herd[45], with 13 closed bugs[46]
* Gentoo KDE team[47], with 12 closed bugs[48]
* Wine Maintainers[49], with 10 closed bugs[50]
* Gentoo Toolchain Maintainers[51], with 10 closed bugs[52]
37. base-system@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=base-system@gentoo.org
39. amd64@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=amd64@gentoo.org
41. security@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=security@gentoo.org
43. java@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=java@gentoo.org
45. netmon@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=netmon@gentoo.org
47. kde@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=kde@gentoo.org
49. wine@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=wine@gentoo.org
51. toolchain@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=toolchain@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo's Team for Core System packages[53], with 19 new bugs[54]
* Gentoo Linux Gnome Desktop Team[55], with 17 new bugs[56]
* AMD64 Porting Team[57], with 17 new bugs[58]
* Alpha Porters[59], with 15 new bugs[60]
* Gentoo Games[61], with 12 new bugs[62]
* Dylan Carlson[63], with 12 new bugs[64]
* Portage team[65], with 11 new bugs[66]
* Mozilla Gentoo Team[67], with 10 new bugs[68]
53. base-system@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=base-system@gentoo.org
55. gnome@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=gnome@gentoo.org
57. amd64@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=amd64@gentoo.org
59. alpha@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=alpha@gentoo.org
61. games@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=games@gentoo.org
63. absinthe@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=absinthe@gentoo.org
65. dev-portage@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=dev-portage@gentoo.org
67. mozilla@gentoo.org
68.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=mozilla@gentoo.org
==================
6. Tips and Tricks
==================
nice and PORTAGE_NICENESS
-------------------------
Last week's GWN introduced brandnew Portage features, this week we'd like
to take you back to a venerable, sturdy old feature that's hot
nonetheless: PORTAGE_NICENESS. Let's look at some basics first.
Very simply put, the Linux kernel has a (process) scheduler that selects
which process to run next in your system. One factor influencing the
scheduler's decision about which process to assign CPU time to, is the
priority of a process. Processes with a high priority will run before
those with a lower priority, and processes with the same priority will
take turns in running, one after the other and over again.
Better have a look at it for yourself: Run top from a terminal on your
host and pay special attention to the PR and NI columns:
---------------------------------------------------------------------------
| Code Listing 6.1: |
|Sample top |
output---------------------------------------------------------------------
----
| |
| PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND |
| 8005 root 20 0 85188 33m 57m R 3.3 6.7 8:43.77 X |
| 8148 tobias 20 10 25624 2376 24m S 0.3 0.5 0:00.60 xscreensaver|
| 1 root 20 0 2476 552 2304 S 0.0 0.1 0:00.31 init |
| 2 root 39 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0 |
| 3 root 15 -5 0 0 0 S 0.0 0.0 0:00.09 events/0 |
| |
---------------------------------------------------------------------------
The PR column indicates the priority level of a process, the value in the
NI column displays the so-called nice value of process, which allows you
to adjust the priority of a running process. Possible values range from
-20 (very high priority), via 0 (standard priority) to 20 (very low
priority). In our little example the xscreensaver process has a higher
nice value than X, which indicates that X has a higher priority than
xscreensaver.
Now, how do we make this work to our advantage when using Portage?
If you keep using your computer while compiling packages you will notice
that your box is much less responsive as usal. This is caused by having
two "groups" of processes with the same nice priority: your usual running
tasks on one side, and emerge (and its child processes) on the other. Now,
if you could renice emerge and its children to a higher nice (i.e. lower
priority!) value, compiling would inevitably take somewhat longer, but you
could use your workstation without noticing much difference to its usual
performance. That's what the PORTAGE_NICENESS parameter in /etc/make.conf
is for:
---------------------------------------------------------------------------
| Code Listing 6.2: |
|Put this in |
/etc/make.conf-------------------------------------------------------------
------------
| |
|PORTAGE_NICENESS="15" |
| |
---------------------------------------------------------------------------
You can generally "renice" individual processes from the commandline,
(e.g. renice 0 -p 8148 to prioritize xscreensaver in the above example),
but this will not work with emerge, as Portage reads the PORTAGE_NICENESS
setting from /etc/make.conf once and executes all child processes with the
specified nice value.
===========================
7. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
8. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[69].
69. gwn-feedback@gentoo.org
===============
9. GWN feedback
===============
Please send us your feedback[70] and help make the GWN better.
70. gwn-feedback@gentoo.org
================================
10. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
11. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[71]
* Dutch[72]
* English[73]
* German[74]
* French[75]
* Japanese[76]
* Italian[77]
* Polish[78]
* Portuguese (Brazil)[79]
* Portuguese (Portugal)[80]
* Russian[81]
* Spanish[82]
* Turkish[83]
71. http://www.gentoo.org/news/da/gwn/gwn.xml
72. http://www.gentoo.org/news/be/gwn/gwn.xml
73. http://www.gentoo.org/news/en/gwn/gwn.xml
74. http://www.gentoo.org/news/de/gwn/gwn.xml
75. http://www.gentoo.org/news/fr/gwn/gwn.xml
76. http://www.gentoo.org/news/ja/gwn/gwn.xml
77. http://www.gentoo.org/news/it/gwn/gwn.xml
78. http://www.gentoo.org/news/pl/gwn/gwn.xml
79. http://www.gentoo.org/news/br/gwn/gwn.xml
80. http://www.gentoo.org/news/pt/gwn/gwn.xml
81. http://www.gentoo.org/news/ru/gwn/gwn.xml
82. http://www.gentoo.org/news/es/gwn/gwn.xml
83. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Tobias Scherbaum <dertobi123@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
Lars Weiler <pylon@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 1 November 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Report from last week's Linux World Expo in Germany (Frankfurt)
---------------------------------------------------------------
The Linux World Conference & Expo[1] in Frankfurt is one of Germany's top
5 specialized fairs, with 15,000 visitors and its main focus on commercial
Linux offerings. The exhibition serves as a platform for Linux products
and development, and is complemented by a conference program spanning all
three days. Gentoo was present in the ".org Pavilion" next to a lot of
other non-commercial community projects. The German non-profit association
"Förderverein Gentoo e.V."[2] had been in charge of organization, and
brought together more than ten Gentoo developers from Germany, Austria and
the Switzerland to man the booth.
1. http://www.linuxworldexpo.de
2. http://www.gentoo-ev.de
Figure 1.1: The Usual suspects
http://www.gentoo.org/images/gwn/20041101-lwe.jpg
Note: Left to right: zypher (Marc Hildebrand), dj-submerge (Marc Herren),
visiting GWN editor Ulrich Plate, swegener (Sven Wegener), crouching ian!
(Christian Hartmann), PyLon (Lars Weiler), yah (Markus van Bracht),
cybersystem (Markus Nigbur), amne (Wernfried Haas), stkn (Stefan Knoblich)
and tantive (Michael Imhof)
There was quite some interest in the large variety of supported platforms
displayed at the Gentoo booth this year, from various x86 and PPC laptops
to three Ultra-Sparc machines, and even a Siemens Primergy quadruple Xeon
server. With half a dozen hosts constantly building base systems or
emerging applications, a dedicated Mini-ITX based distfiles server was put
in place as a local repository right at the booth, very convenient for
both staff and Gentoo users passing by. Several visitors came to get
special support for their Gentoo installations, or just wanted to meet
some of the developers involved in the project. One of their most frequent
request was a "server edition" or "Enterprise Gentoo", with a more
stabilized tree and more comfort for updates in a production environment -
hardly surprising, since the LWE is a predominantly commercial trade fair.
Special LWE edition Gentoo x86 LiveCDs (nicknamed "Fizzlewizzle")
featuring German localizations of KDE, extensive documentation and a
nightview of Frankfurt's office district on the CD label were distributed
at the booth. Both the ISO image (remastered by Tobias Scherbaum[3]) and
Christian Hartmann's[4] artwork to print directly onto the media can be
downloaded from here[5].
3. dertobi123@gentoo.org
4. ian@gentoo.org
5.
http://download.iansview.com/gentoo/exhibitions/lwe-frankfurt/2004/livecd/
Figure 1.2: Gentoo LiveCD LWE edition cover
http://www.gentoo.org/images/gwn/20041101-livecd.jpg
Mixed messages were heard from neighboring exhibitors: While Sven Herzberg
of the Gnome[6] booth was kind enough to point out that Gentoo's bugzilla
(unlike his own project's older version) provides buglists in iCalendar
format for import into Evolution, Sun Microsystems had disappointing news
about the future availability of Java on the PowerPC platform - none
planned, unfortunately. Their project Looking Glass[7] remains quite an
eyecatcher, though.
6. http://www.gnome.org
7. http://www.sun.com/software/project-looking-glass
Call for help: Experienced J2EE developers needed
-------------------------------------------------
Karl Trygve Kalleberg[8] of Gentoo's Java team really needs help: "Judging
from the number of bugs and requests for feature enhancements that we've
been assigned in the recent past, there must have been increased interest
in Java applications since the release of Eclipse[9]," explains Karl. The
first request for additional help went out in August, but this time
there's a tad more urgency to it: If you're an experienced Java developer,
especially with a J2EE track record, please mail Karl[10] and the Gentoo
recruiters team[11] today.
8. karltk@gentoo.org
9. http://www.eclipse.org
10. karltk@gentoo.org
11. recruiters@gentoo.org
Coming up: Gentoo Bugday on Saturday, 6 November 2004
-----------------------------------------------------
Gentoo Bugday is a monthly event where users and developers gather on IRC
to fix lots of bugs. This unique opportunity to meet the devs and directly
participate in fixing problems has been hugely successful, in the past. A
dedicated IRC channel has been set aside for this collaborative effort,
#gentoo-bugs on irc.freenode.org, and if you want to participate, all you
have to do is /join the channel.
==================
2. Gentoo security
==================
MySQL: Multiple vulnerabilities
-------------------------------
Several vulnerabilities including privilege abuse, Denial of Service, and
potentially remote arbitrary code execution have been discovered in MySQL.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml
Gaim: Multiple vulnerabilities
------------------------------
Multiple vulnerabilities have been found in Gaim which could allow a
remote attacker to crash the application, or possibly execute arbitrary
code.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml
MIT krb5: Insecure temporary file use in send-pr.sh
---------------------------------------------------
The send-pr.sh script, included in the mit-krb5 package, is vulnerable to
symlink attacks, potentially allowing a local user to overwrite arbitrary
files with the rights of the user running the utility.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
Netatalk: Insecure tempfile handling in etc2ps.sh
-------------------------------------------------
The etc2ps.sh script, included in the Netatalk package, is vulnerable to
symlink attacks, potentially allowing a local user to overwrite arbitrary
files with the rights of the user running the utility.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml
socat: Format string vulnerability
----------------------------------
socat contains a format string vulnerability that can potentially lead to
remote or local execution of arbitrary code with the privileges of the
socat process.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200410-26.xml
mpg123: Buffer overflow vulnerabilities
---------------------------------------
Buffer overflow vulnerabilities have been found in mpg123 which could lead
to execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200410-27.xml
rssh: Format string vulnerability
---------------------------------
rssh is vulnerable to a format string vulnerability that allows arbitrary
execution of code with the rights of the connected user, thereby bypassing
rssh restrictions.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200410-28.xml
PuTTY: Pre-authentication buffer overflow
-----------------------------------------
PuTTY contains a vulnerability allowing an SSH server to execute arbitrary
code on the connecting client.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200410-29.xml
GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
-----------------------------------------------------
GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF
files, making them vulnerable to execution of arbitrary code upon viewing
a malicious PDF file.
For more information, please see the GLSA Announcement[20]
20. http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
Archive::Zip: Virus detection evasion
-------------------------------------
Email virus scanning software relying on Archive::Zip can be fooled into
thinking a ZIP attachment is empty while it contains a virus, allowing
detection evasion.
For more information, please see the GLSA Announcement[21]
21. http://www.gentoo.org/security/en/glsa/glsa-200410-31.xml
=========================
3. Heard in the community
=========================
Web forums
----------
To sleep - perchance to dream: ay, there's the patch
Ending many months of insomnia in PowerBooks, Gentoo/PPC developer JoseJX
reported in a Forum thread on Wednesday that Benjamin Herrenschmidt, the
PPC kernel maintainer, has published his latest enhancement to the power
management of portable Macs, more specifically for putting the aluminium
PowerBooks with ATi graphics chipsets to sleep. Benh's patch seems to
apply cleanly to Gentoo's development sources 2.6.9-r1, and a wave of
gratitude is washing over the PPC forum:
* Test patch for sleep on AluBooks[22]
22. http://forums.gentoo.org/viewtopic.php?t=243169
gentoo-user
-----------
Analogue distributions
Users commented on a new linux distribution vidalinux[23] which is based
on Gentoo. It uses the Gentoo system tools and portage as its package
manager.
23. http://www.vidalinux.com
* vidalinux[24]
24. http://thread.gmane.org/gmane.linux.gentoo.user/105000
Master USE
Several discussions arose this week regarding USE flags in Portage. USE
flags provide a convenient approach to managing support and dependency
information when emerging packages. Understanding what flags are necessary
and how they might impact a system's configuration can be challenging for
new users.
* USE flags documentation[25]
* Choosing USE flags (and choosing well)[26]
* changed USE flags[27]
25. http://thread.gmane.org/gmane.linux.gentoo.user/105145
26. http://thread.gmane.org/gmane.linux.gentoo.user/105001
27. http://thread.gmane.org/gmane.linux.gentoo.user/104703
Binary pop
One user noticed that etc-update was asking them to overwrite /etc/X11/xdm
binary files in addition to just configuration files.
* Portage: binaries seen as config files[28]
28. http://thread.gmane.org/gmane.linux.gentoo.user/105121
gentoo-dev
----------
A few glibc changes
Travis Tilley[29] has again done some (major) changes to Gentoo's glibc.
This includes enabling some sanity checks, and improved DNS and mDNS
handling.
29. lv@gentoo.org
* A few glibc changes[30]
30. http://thread.gmane.org/gmane.linux.gentoo.devel/22501
"Planet Gentoo" blog aggregator
Daniel Drake[31] presents a proposal for a Gentoo Blog Aggregator to
provide users and developers with a better overview of developments in
Gentoo. The ensuing discussion centered more on the usefulness of such a
service, as many people dislike blogs.
31. dsd@gentoo.org
* GLEP 30: "Planet Gentoo" web log aggregator[32]
32. http://thread.gmane.org/gmane.linux.gentoo.devel/22415
GLEP 29: USE flag grouping
In another GLEP started this week, Ciaran McCreesh[33] proposes some new
input on USE flag groups. This should enable users to select groups (for
example, @KDE, @MULTIMEDIA), but the fine details (what does @KDE -@GNOME
do?) are still not perfectly worked out.
33. ciaranm@gentoo.org
* A GLEP 29: USE flag grouping[34]
34. http://thread.gmane.org/gmane.linux.gentoo.devel/22378
======================
4. Gentoo in the press
======================
Newsforge (30 October 2004)
---------------------------
Joe Barr has written a tongue-in-cheek piece[35] answering the question
what the choice of Linux distributions says about a person. According to
Barr, Gentoo's motto is "If it moves, compile it," supposedly making it
the distribution most appealing to lone ranger types like John Wayne.
35. http://www.newsforge.com/article.pl?sid=04/10/30/1322227
===========
5. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[36]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 24 October 2004 and 30 October 2004, activity on
the site has resulted in:
36. http://bugs.gentoo.org
* 802 new bugs during this period
* 378 bugs closed or resolved during this period
* 19 previously closed bugs were reopened this period
Of the 7368 currently open bugs: 115 are labeled 'blocker', 255 are
labeled 'critical', and 551 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo's Team for Core System packages[37], with 45 closed bugs[38]
* AMD64 Porting Team[39], with 25 closed bugs[40]
* Gentoo Security[41], with 19 closed bugs[42]
* Java team[43], with 14 closed bugs[44]
* netmon herd[45], with 13 closed bugs[46]
* Gentoo KDE team[47], with 12 closed bugs[48]
* Wine Maintainers[49], with 10 closed bugs[50]
* Gentoo Toolchain Maintainers[51], with 10 closed bugs[52]
37. base-system@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=base-system@gentoo.org
39. amd64@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=amd64@gentoo.org
41. security@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=security@gentoo.org
43. java@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=java@gentoo.org
45. netmon@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=netmon@gentoo.org
47. kde@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=kde@gentoo.org
49. wine@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=wine@gentoo.org
51. toolchain@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-24&chfieldto=2004-10-30&resolution=FIXED&assigned_to=toolchain@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Gentoo's Team for Core System packages[53], with 19 new bugs[54]
* Gentoo Linux Gnome Desktop Team[55], with 17 new bugs[56]
* AMD64 Porting Team[57], with 17 new bugs[58]
* Alpha Porters[59], with 15 new bugs[60]
* Gentoo Games[61], with 12 new bugs[62]
* Dylan Carlson[63], with 12 new bugs[64]
* Portage team[65], with 11 new bugs[66]
* Mozilla Gentoo Team[67], with 10 new bugs[68]
53. base-system@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=base-system@gentoo.org
55. gnome@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=gnome@gentoo.org
57. amd64@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=amd64@gentoo.org
59. alpha@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=alpha@gentoo.org
61. games@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=games@gentoo.org
63. absinthe@gentoo.org
64.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=absinthe@gentoo.org
65. dev-portage@gentoo.org
66.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=dev-portage@gentoo.org
67. mozilla@gentoo.org
68.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-24&chfieldto=2004-10-30&assigned_to=mozilla@gentoo.org
==================
6. Tips and Tricks
==================
nice and PORTAGE_NICENESS
-------------------------
Last week's GWN introduced brandnew Portage features, this week we'd like
to take you back to a venerable, sturdy old feature that's hot
nonetheless: PORTAGE_NICENESS. Let's look at some basics first.
Very simply put, the Linux kernel has a (process) scheduler that selects
which process to run next in your system. One factor influencing the
scheduler's decision about which process to assign CPU time to, is the
priority of a process. Processes with a high priority will run before
those with a lower priority, and processes with the same priority will
take turns in running, one after the other and over again.
Better have a look at it for yourself: Run top from a terminal on your
host and pay special attention to the PR and NI columns:
---------------------------------------------------------------------------
| Code Listing 6.1: |
|Sample top |
output---------------------------------------------------------------------
----
| |
| PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND |
| 8005 root 20 0 85188 33m 57m R 3.3 6.7 8:43.77 X |
| 8148 tobias 20 10 25624 2376 24m S 0.3 0.5 0:00.60 xscreensaver|
| 1 root 20 0 2476 552 2304 S 0.0 0.1 0:00.31 init |
| 2 root 39 19 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0 |
| 3 root 15 -5 0 0 0 S 0.0 0.0 0:00.09 events/0 |
| |
---------------------------------------------------------------------------
The PR column indicates the priority level of a process, the value in the
NI column displays the so-called nice value of process, which allows you
to adjust the priority of a running process. Possible values range from
-20 (very high priority), via 0 (standard priority) to 20 (very low
priority). In our little example the xscreensaver process has a higher
nice value than X, which indicates that X has a higher priority than
xscreensaver.
Now, how do we make this work to our advantage when using Portage?
If you keep using your computer while compiling packages you will notice
that your box is much less responsive as usal. This is caused by having
two "groups" of processes with the same nice priority: your usual running
tasks on one side, and emerge (and its child processes) on the other. Now,
if you could renice emerge and its children to a higher nice (i.e. lower
priority!) value, compiling would inevitably take somewhat longer, but you
could use your workstation without noticing much difference to its usual
performance. That's what the PORTAGE_NICENESS parameter in /etc/make.conf
is for:
---------------------------------------------------------------------------
| Code Listing 6.2: |
|Put this in |
/etc/make.conf-------------------------------------------------------------
------------
| |
|PORTAGE_NICENESS="15" |
| |
---------------------------------------------------------------------------
You can generally "renice" individual processes from the commandline,
(e.g. renice 0 -p 8148 to prioritize xscreensaver in the above example),
but this will not work with emerge, as Portage reads the PORTAGE_NICENESS
setting from /etc/make.conf once and executes all child processes with the
specified nice value.
===========================
7. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
8. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[69].
69. gwn-feedback@gentoo.org
===============
9. GWN feedback
===============
Please send us your feedback[70] and help make the GWN better.
70. gwn-feedback@gentoo.org
================================
10. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
11. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[71]
* Dutch[72]
* English[73]
* German[74]
* French[75]
* Japanese[76]
* Italian[77]
* Polish[78]
* Portuguese (Brazil)[79]
* Portuguese (Portugal)[80]
* Russian[81]
* Spanish[82]
* Turkish[83]
71. http://www.gentoo.org/news/da/gwn/gwn.xml
72. http://www.gentoo.org/news/be/gwn/gwn.xml
73. http://www.gentoo.org/news/en/gwn/gwn.xml
74. http://www.gentoo.org/news/de/gwn/gwn.xml
75. http://www.gentoo.org/news/fr/gwn/gwn.xml
76. http://www.gentoo.org/news/ja/gwn/gwn.xml
77. http://www.gentoo.org/news/it/gwn/gwn.xml
78. http://www.gentoo.org/news/pl/gwn/gwn.xml
79. http://www.gentoo.org/news/br/gwn/gwn.xml
80. http://www.gentoo.org/news/pt/gwn/gwn.xml
81. http://www.gentoo.org/news/ru/gwn/gwn.xml
82. http://www.gentoo.org/news/es/gwn/gwn.xml
83. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Tobias Scherbaum <dertobi123@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
Lars Weiler <pylon@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list