Gentoo Weekly Newsletter: February 10th, 2003
Gentoo Linux was present at this weekend's FOSDEM, a meeting of developers of Open Source software. Taking place in Brussels, Belgium, this year's FOSDEM drew developers from many of the largest Open Source projects, including KDE, GNOME, PostgreSQL, iptables and others. Daniel Robbins was also present representing the Gentoo Linux project. Brad Cowan (bcowan) was recently appointed as the Gentoo Release Coordinator and tasked with getting Gentoo Linux 1.4, as well as future versions of Gentoo Linux, out the door. So far, Brad has been busy finalizing the list of packages for the 1.4 Gentoo Reference Platform, as well as coordinating efforts among the various development managers to determine what needs to be finished before 1.4 can be officially released. Originally reported in last week's Heard In The Community section, the Gentoo Icon Set has continued to grow and improve to the point where the full set is now featured on the main Gentoo.org web site. Currently, with over 160 icons available and more being added each week, this icon set offers users a comprehensive way to customize their Gentoo Linux systems.
The bladeenc MPR encoder contains a signed integer offset that may be spoofed by a carefully crafted wave file to execute arbitrary code. An exploit has been demonstrated.
The qt-dcgui DirectConnect client has a major vulnerability in the way it parses directory names. Remote attackers could use this flaw to download files that are not explicitly shared.
The slocate file search utility contains a buffer overflow vulnerability that could permit users to gain higher access privileges on the system. An exploit has been demonstrated.
The popular SpamAssassin utility is subject to an exploit using escaped '.' characters to provoke a modification of the stack pointer. This could permit a carefully crafted email to execute arbitrary code on the system.
The following new bug report have been submitted to the bugzilla database this week: 3. Featured Developer of the Week Brandon Low
This week we're featuring Brandon Low, maintainer of the gentoo-sources kernel and the kernel eclass system used to create kernel source ebuilds. As many of you know, the gentoo-sources are made by applying various patches to vanilla sources (like the ones you find at http://www.kernel.org); Brandon's job is to take the various fixes, performance enhancements, and hardware support patches recommended by Michael J. Cohen, Gentoo's resident kernel colonel, requested by users, or found by himself to be suitable, and to 'patch-monkey' them all together, making adjustments to ensure that the various patches work together in order to get a working kernel. Before being put in gentoo-sources, changes are often tested in lolo-sources, which is first patched with a bunch of updates then slowly culled until it's released as gentoo-sources. Brandon's kernels always contain documentation in a patches.txt.gz file that is put in the documentation directory of the kernel sources, but since the information often isn't as complete with lolo-sources, he says that the best way to learn about a kernel patchset is to watch as the patches are applied during the merge process. The current lolo-sources are based on the Con Kolivas patchset, with the addition of Gentoo-specific stuff as well as the iptables base and optimization pachsets. Like Nicholas Jones(who actually started using Gentoo and helping out with it on his suggestion), Brandon got his start as a Gentoo developer hanging out in IRC and on Bugzilla making ebuilds and assisting with bugs. His cool head and tendency to know when a patch would be too much trouble was what gave him the final word on gentoo-sources. A keen ebuilder, Brandon continues to make ebuilds for applications that he needs or wants that aren't in the Portage tree. A student of computer engineering at the Illinois Institute of Technology, Brandon also works as the general technology specialist at CopyTec - it's no wonder he has trouble balancing the remaining time between Gentoo and his girlfriend. Brandon has two machines, lost and found: lost is an Athlon XP workstation, while found is a headless Athlon T-Bird WWW/mail/DNS server. Here's a long litany of the apps he likes to run on his workstation: Gaim, Enlightenment, Eterm, Xchat, XMMS, giFT, Midnight Commander, Mozilla, gkrellm2, lm_sensors, mutt, screen, pork, and bash. In Real Life, Brandon likes to swim, play GameCube, and rollerblade. What's In A Framebuffer? Let's call it the Framebuffer Awareness Week. An extraordinary interest in the possibilities (and limitations) of framebuffer consoles, using it in X or in its stead, for TV-out to the big screen, and other tidbits of information has emerged in an unusual density:
Fund Raising Ideas The forums are notorious for posters throwing tantrums at the installation process or application oddities, but the general mood has always been extremely supportive of Gentoo Linux, its concept and further development. Not astonishing, in this light, that initiatives emerge at regular intervals that try to back up the idealistic support with something more tangible, by raising money for the project as a whole. People are offering money for e-mail-addresses that display their affection for Gentoo, club memberships (Mandrake style) are being discussed, even paying for an overnight ebuild service, in a nutshell: anything that could help to put Gentoo on the next evolutionary stage: Using phpBB A few threads have dealt with the shortcomings of the software that drives the Forums, phpBB. Its structure sometimes prevents things from being just as powerful as some of the users would like it, but advances are clearly being made. The search function has been modified, searching for all search terms is now the default for both the Search page and the Quick Search text input box, and sometimes things just fall into place with an upgrade to phpBB itself: Posting in Japanese miraculously started to work last week. What Are Those ._cfg* Files Anyway? One of the most frequently overlooked features of portage, the etc-update command, has equally frequently been dealt with at the forums. It is a better known fact that critical config files are protected from being automatically overwritten during emerge, but before you struggle with manually editing all those files with names starting on ._cfg that keep appearing below the /etc threshold and elsewhere, you may want to have a look at this thread from last week: Installing non ebuild software Contrary to what we'd like to believe, software is still being written on non Gentoo systems and not packaged as an ebuild. Robert Shar asked if there is a standard method to installing programs lacking an ebuild. As the responses rolled in, it became clear that there isn't a 'standard' method of handling non ebuild software, but many clever ways to do it. Collins Richey suggested modifying the configure script to install the software under /opt and Pat Double thought it would be just as painless to create an ebuild. Cal Evans even proposed that a utility to convert an RPM (currently the most popular packaging system) to an ebuild should be written. OOOOoooOOooPPssss A popular thread emerged (pardon the pun) on gentoo-user sharing the classic tales of administrator horror stories. From deleting weeks worth of work to nearly getting fired from the job, the stories within are sure to bring back the nostalgic memories of wishing time was reversible... if only for just one command. There is also a related thread in the forums. Time heals, and posting does too. Disk Full?!? Quick resolutions To Jorge Almeida's astonishment, his fresh Gentoo system was reporting the disk was full after a KDE 3.1 upgrade. Developer Nick Jones recommended removing all files under /var/tmp/portage, /usr/portage/distfiles, and /usr/portage/packages -- noting that distfiles and packages may contain wanted files that portage would have to download again if they were removed. It was also noted that cleaning out /var/log is another quick way to free space, especially if a log rotator has not been installed. Volker Hemmann let us know that his /var/log/.xsession-errors once grew to a size of 3.7GB! Gentoo XML Database Yannick Koehler started a very interesting thread with "For the fun of it, I created a little tool very custom and untested that will read the the cache files of gentoo and generate on the stdout a valid xml file. [...] What's interesting is that the database is generated from a gentoo system pretty easily because of the presence of the cache. One could easily think about creating a direct ebuilds -> xml db software instead of passing through the cache." Vano D proposed its application "for making a "portage server" serving portage ebuilds and recording the cache information (as in what is installed with what USE flags) for every single client machine having an "account" on the db." Todo/project list for Gentoo. Kashif Shaikh asked: "I've been using Gentoo now for a couple of months, wrote some ebuilds, loved gentoo's simplicity(configuration system), etc. BUT, I would like to get involved more with Gentoo though I don't know where to start or what to improve." John Nilsson briefly answered with "Your todo list is called bugs.gentoo.org =)" and continued with "Seriously what you could do that I would like is a gentoo-user-wiki. For Swedish users take a look at http://www.susning.nu and you'll know what I'm talking about. Is there an English equivalent?" Follow-up: Portage Database Management. Ingo Krabbe started quite a busy thread with his question of wether there were any plans to have Portage use a database in order to improve speed! Some ideas for its application were tossed in, such as John Nilsson's: "This db would have more indepth information of every package, HOWTOS, bugs, discussions all that kind of information you would wan't (mostly just a gentoo specific info text and link to a homepage I suspect, but you COULD add more)." Impromptu Gentoo Dev & User Meeting in Barcelona, 12 February 2003 BaSS, one of the Spanish Gentoo developers, is leaving his home town Sevilla for a few days in Barcelona. Perfect occasion to meet him and everybody else who's going to show up at the Sagrada Familia on 12 February, 18:00. In case you don't know who to look out for, he'll wear a black bag with the Gnome and Guadec logos on it... Snapshot from Japan: Gentoo in User Mode Linux on RedHat 8.0 Masanori "Smiley" Omote isn't really what you call a hardened Gentoo user. He's been running RedHat for ages, and doesn't have any immediate plans to give it up. But his friends at the Tokyo Linux User Group had been pestering him so much about the most elegant of penguins, something was bound to happen. As it turned out, something equally elegant: Smiley, looking for a way to run both gcc 2.9x and 3.x on the same machine at the same time, went and installed Gentoo Linux in a virtual machine in User Mode Linux (UML) on his tiny Sony Vaio C1, a subnotebook sporting a Transmeta CPU, 256 MB and - RedHat 8.0. Now, whether this was the right way to go about it, or even the right order in which to put one on top of the other is a matter of debate, but for someone with a RedHat background, his perfectly documented installation manuscript has a reassuringly familiar look... The following stable packages were added to portage this week
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:
The developers and teams who have closed the most bugs this week are:
The developers and teams who have been assigned the most new bugs this week are:
See which USE variables affect a package during an emerge One of the most-often requested features in Portage is the ability to quickly and easily see what effect USE variables have during the emerge process. The release Portage 2.0.46-r12 makes this feature available. To display USE variable effects, use the -v option:
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo team:
The following developers recently changed roles within the Gentoo project.
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email. Please send us your feedback and help make GWN better. The Gentoo Weekly Newsletter is also available in the following languages: |
|
