Gentoo Weekly Newsletter: March 3rd, 2003

1.  Gentoo News

Summary

• Gentoo Linux at the Game Developers Conference
• Open Developer Positions in the Gentoo Linux Project
• Gentoo Linux 1.4_rc3 Released

Gentoo Linux at the Game Developers Conference

Figure 1.1: GDC

So, if you're going to be at the GDC, be sure and stop by the NVIDIA booth to show your support for Gentoo Linux. You'll get a chance to meet Daniel Robbins, Seemant Kulleen and some of the other Gentoo Developers. Attendees may also get a chance to talk to Emmett Plant about the future of Ogg Vorbis, upcoming Ogg-capable portables or any number of other Ogg-related developments.

Open Developer Positions in the Gentoo Linux Project

Currently, the Gentoo Linux project has a number of open developer positions available for people who are interested in becoming more involved with the Gentoo Linux project. These positions include:

• Technical Writer -- Help the documentation team maintain the high quality of the Gentoo Linux documentation. We're looking for folks with an aptitude for technical writing, along with an expert command of the english language.
• Kernel Developer -- Help make gentoo-sources as feature-rich and robust as possible. Bring your kernel hacking skills to the Gentoo Linux project and help the current kernel development folks improve the quality of the Gentoo Linux kernel offerings.
• Web Developer -- Gentoo Linux is looking for web developers with a solid foundation in either Python, Perl or PHP to assist in the development and improvement of the infrastructure that supports the Gentoo Linux project. Help with projects like mailing list archives, mirror status tools and other projects that improve the robustness and reliability of our infrastructure.

Gentoo Linux 1.4_rc3 Released

The third and hopefully final Release Candidate of Gentoo Linux 1.4 was released on February 27th. Improvements to this release include updated LiveCDs and a whole raft of bug fixes. With this release, Gentoo Linux moves to a package updates phase as described in the official Gentoo Linux Release Policy. For the next two weeks or so, developers will focus on migrating packages from a masked state to an unmasked, or stable, state. Users can expect long lists in their emerge -up world statements over the next couple of weeks as the backlog of masked packages is worked through.

2.  Gentoo Security

Summary

• GLSA: usermin
• GLSA: apcupsd
• GLSA: vnc
• GLSA: tightvnc
• New Security Bug Reports

GLSA: usermin

Usermin is subject to the same vulnerability reported last week for Webmin, in which a security hole could permit unauthenticated access. No exploits in the wild have been reported.

• Severity: Critical - Unauthenticated Access with Administrative Privileges
• Packages Affected: app-admin/usermin versions prior to usermin-1.000
• Rectification: Synchronize and emerge -u usermin, emerge clean.
• GLSA Announcement
• Advisory

GLSA: apcupsd

The apcupsd daemon for controlling UPSs exposes a remote root access vulnerability and some buffer overflows.

• Severity: Critical - Remote Root Access
• Packages Affected: sys-apps/apcupsd versions prior to apcupsd-3.10.5
• Rectification: Synchronize and emerge -u apcupsd, emerge clean.
• GLSA Announcement
• Advisory

GLSA: vnc

The VNC server generates a cookie for authentication in X using a weak random number generator. This could permit an attacker to more easily guess the authentication value and gain access to the system. No specific exploit is reported, but an exploitation technique involving rapid challenges and response comparison is described.

• Severity: Moderate to High - Encryption Compromise
• Packages Affected: net-misc/vnc versions prior to vnc-3.3.6-r1
• Rectification: Synchronize and emerge -u vnc, emerge clean.
• GLSA Announcement
• Advisory

GLSA: tightvnc

TightVNC is subject to the same vulnerability as described above for VNC.

• Severity: Moderate to High - Encryption Compromise
• Packages Affected: net-misc/tightvnc versions prior to tightvnc-1.2.8
• Rectification: Synchronize and emerge -u tightvnc, emerge clean.
• GLSA Announcement
• Advisory

New Security Bug Reports

The following new security bugs were posted this week:

• sys-apps/eject
• x11-terms/eterm
• sys-libs/zlib
• net-analyzer/tcpdump

3.  Featured Developer of the Week

José Alberto Suárez López

Figure 3.1: José Alberto Suárez López, aka BaSS

This week we feature José Alberto Suárez López, a native of Spain who got started working with Gentoo when he had a conversation with Daniel Robbins about having a Spanish side (e.g. documentation, translation) for Gentoo. Now the editor and coordinator for all things Spanish in Gentoo, he also participates in the app-games team and maintains several ebuilds. His most recent work was the integration of win4lin with Gentoo, and he's also working on some artwork. José is also quite involved with OSS outside of Gentoo: he helped translate Mozilla to Spanish, does some development, some artwork for OSS projects, and participates in some local LUGs, like HispaLiNUX and ADALA. His proudest achievements include the integration of Free Software into his school's computer network and the creation of a Gentoo Spanish group.

José lives in Sevilla, the capital of Andalucia in the South of Spain, a sunny and enjoyable city that he says is full of beautiful girls, including the most beautiful girl in the world. He studies graphics design in the morning and spends his afternoons in a crazy office working on embedded systems running Linux and other cool stuff. José's hobbies include music (recently he went to a concert with Lou Donaldson and Lonei Smith that he really liked), reading books by Lovecraft, Tolkien, and others, sports, and traveling. In his room, alongside a HiFi sound system and a bunch of CDs is his one functional computer, a laptop, which he is migrating from GNOME to KDE for political reasons. He likes Sylpheed but uses Evolution for job reasons, links and Mozilla for browsing, BitchX and gaim for messaging, and couldn't live without bash and mc.

4.  Heard In The Community

Web Forums

1.4-rc3 out and about

Housekeeping in the forums is always a challenging job, but it gets really messy whenever a new release candidate is being put out in the open, and all the new kids come storming in leaving muddy traces all over the floor... Let's help the moderators by putting up a sign: Yes, 1.4-rc3 has been released. No, you can't upgrade from 1.4-rc2... How would you "upgrade" to anything that isn't already covered by your 'emerge rsync && emerge -u world' routines? If you want to help the developers, please go ahead and test the LiveCD images for the different platforms to see if they all work well for installations. Report your experiences, chat about the new release candidate, preferrably in the two top thread for x86 and the bottom one for PPC (notice the higher RC count, the Mac devs are riding a bit ahead):

• rc3 (in "Installing Gentoo")
• 1.4_rc3 is out!!! (in "Gentoo Chat")
• rc5?!?! (in "Gentoo on PPC")

Xfree 4.3.0

Equally eagerly awaited, the latest XFree86 upgrade has hit portage last week, only days after the ebuild for the release candidate 4.2.99.902 was distributed. Greeted by a thread that grew to three pages within 24 hours, the buzz in the forums is generally positive with a few quips here and there, and hope that bugs in previous versions have been ironed out. Real nice work by the XFree86 developers, apparently. At the time of this writing you still need ACCEPT_KEYWORDS="~arch", but that'll change soon...

• XFree86 4.3 released!
• 4.3.0 Released (German language thread)
• startx problem after xfree update
• Xfree 4.3.0 & unreadable fonts in kde

Commercial Applications Ported to Linux? Why not?

Why would the developers of Windows software not be interested in support for their products on Linux? After all, it isn't all that complicated, provided they try to assure some compatibility with the Windows emulators available. Or, better still, why not try to lobby them into awareness of the growing market potential for Linux ports of their software? An initiative centered around this idea was born in the Forums two weeks ago, but has gained so much momentum that it's been spun off into a mailing list of its own. Matija Suklje (aka hook, the initiator of the forum thread) brought it up to speed with an article on Newsforge that even got translated into Swedish. If you want to help exploring the possibilities of Linux advocacy directly addressing the vendors of proprietary software and drivers, check the original thread, Matija's article and the LCSP list at yahoogroups.com:

• an organisation for linux games/apps advocacy?
• How to bring more commercial applications to Linux
• Swedish translation
• lcsp - Linux Commercial Software Port Project

gentoo-user

Gentoo releases and what they mean to you!

In an effort to stem the tide of "how to I upgrade to 1.4_rc3" questions, Gentoo Developer Troy Dack posted a succinct message explaining exactly what Gentoo releases do (and, more importantly, don't) mean to you. The short version? emerge -u world. For the longer version, and to understand an issue that many users seem unaware of, read Troy's message.

Does gentoo compare?

Before slipping Gentoo the ring, Daniel Carerra asked some important questions on how the distribution compares with the 'bigger' ones. How complete (# of packages) is it? How quickly do ebuilds follow new source releases? Is it as easy to update as apt-get? Can packages be created easily? Does Gentoo run faster? The unanimous 'yes' answers to his five questions made one thing clear; Gentoo is mature, and as of big of a player as any other. In short, Gentoo is rocksteady.. mon.

gentoo-dev

USE FLAG for DJB's daemontools

Christian Wiese proposed a new USE flag "to automatically build packages with daemontools support if possible". Rajiv Aaron Manglani asked whether the support for daemontools would mean the creation of a separate set of init scripts and David Pavlotzky finally contributed with a pointer to an article about daemontools.

Where to install lisp sources in an ebuild?

Burton Samograd says he is writing an ebuild for a package which is entirely written in lisp and I'm not quite sure where the source files should be installed to. He has received no answers so far!

GCC Myths and Facts

Joao Seabra wrote a very elucidating article with tips on the optimization switches of GCC.

RFC for Gentoo GNU Emacs users

Matthew Kennedy announced in a message to the list that he has made a modification to the way GNU Emacs is installed in Gentoo systems. This will allow for more possibilities in customizing Emacs.

5.  Gentoo International

Reminder: Vienna Meeting Tomorrow

Last chance to make yourself available for the Gentoo User Meeting in Vienna tomorrow, Tuesday, 4 March 2003, from 19:00 at the Siebensternbräu, Siebensterngasse 19 in 1070 Wien. Send a quick note to the Viennese coordination forum thread before you drop by.

Italian Gentoo Forum Established

Just hours after the publication of the last GWN edition, the Italian campaign was rewarded with the creation of an official Gentoo Forum in Italian.. In all fairness, it is only second to Gentoo.it initiator Enrico Morelli's Gentoo Italia Forum, preceding this one by about a month, but the official forum leverages on the huge crowd attracted by the English mainstream, and as a result is certainly more dynamic than Enrico's site at the University of Florence. Opening hours for both forums are fairly flexible, check in any time...

6.  Portage Watch

The following stable packages were added to portage this week

• app-text/gnu-gs-fonts-other : Ghostscript Extra Fonts http://www.cups.org/
• app-text/gnu-gs-fonts-std : Ghostscript Standard Fonts http://www.cups.org/
• net-analyzer/zodiac : DNS protocol analyzer http://www.packetfactory.net/projects/zodiac/
• sys-kernel/ppc-sources-benh : PowerPC kernel tree based on benh's patches, -r corresponds to ben{r} versioning http://www.kernel.org/pub/linux/kernel/people/benh/
• sys-kernel/mm-sources : Full sources for the development linux kernel with Andrew Morton's patchset http://www.kernel.org/ http://www.gentoo.org/
• net-wireless/kismet : Kismet is a 802.11b wireless network sniffer. http://www.kismetwireless.net/

Updates to notable packages

• sys-apps/portage - portage-2.0.47-r5.ebuild; portage-2.0.47-r6.ebuild; portage-2.0.47-r7.ebuild;
• sys-devel/gcc - gcc-3.2.2-r1.ebuild;
• sys-libs/glibc - glibc-2.3.2_pre1.ebuild;
• x11-base/xfree - xfree-4.2.99.902.ebuild;
• sys-kernel/* - ac-sources-2.4.21_pre4-r5.ebuild; ac-sources-2.4.21_pre4-r6.ebuild; ac-sources-2.4.21_pre4-r7.ebuild; arm-headers-2.4.19.ebuild; arm-sources-2.4.19.ebuild; development-sources-2.5.63.ebuild; mm-sources-2.5.60-r1.ebuild; mm-sources-2.5.60-r2.ebuild; mm-sources-2.5.61-r1.ebuild; mm-sources-2.5.62-r1.ebuild; mm-sources-2.5.62-r2.ebuild; mm-sources-2.5.62-r3.ebuild; mm-sources-2.5.63-r1.ebuild; ppc-sources-benh-2.4.20-r6.ebuild; redhat-sources-2.4.20.2.48.ebuild; wolk-sources-4.0_rc1.ebuild;
• net-www/apache - apache-1.3.27-r3.ebuild; apache-1.3.27-r4.ebuild;
• dev-php/php - php-4.3.1-r1.ebuild;
• app-admin/gentoolkit - gentoolkit-0.1.18-r2.ebuild; gentoolkit-0.1.18-r3.ebuild;

7.  Bugzilla

Summary

• Statistics
• Closed Bug Ranking
• New Bug Rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:

• 252 new bugs this week
• 329 bugs closed or resolved this week
• 13 previously closed bugs were reopened this week.
• 1888 total bugs currently marked 'new'
• 539 total bugs curently assigned to developers

Closed Bug Rankings

The developers and teams who have closed the most bugs this week are:

• Nicholas Jones, with 27 closed bugs
• Mike Frysinger, with 16 closed bugs
• The KDE Team, with 14 closed bugs
• Martin Schlemmer, with 12 closed bugs
• Donny Davies, with 12 closed bugs

New Bug Rankings

The developers and teams who have been assigned the most new bugs this week are:

• The PHP Team, with 32 new bugs
• Jon Ellis, with 22 new bugs
• Martin Schlemmer, with 19 new bugs
• The PostgreSQL Team, with 19 new bugs
• Nicholas Jones, with 16 new bugs

8.  Tips and Tricks

Handling Files with Spaces

Many Gentoo users still favor command line tools (ls, find, etc.) over the newer GUI interfaces such as Nautilus or Konqueror. However, many command line users find that dealing with filenames that have spaces in them is difficult; especially when trying to automate a process or deal with multiple files at once.

One common tool to deal with multipe files is xargs, which builds and executes commands from standard input. One example is using xargs to remove old files.

# find . -type f -mtime +30 | xargs rm

The solution to this is to use the --null (or -0) option which changes the spaces in the filenames to a NUL character.

# find . -type f -mtime +30 -print0 | xargs --null rm
(or)
# find . -type f -mtime +30 -print0 | xargs -0 rm

9.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

• Bruce Locke (blocke)
• Tobias Echert (viz)

Adds

The following developers recently joined the Gentoo Linux team:

• Dylan Carlson (absinthe) -- java and stuff

Changes

The following developers recently changed roles within the Gentoo Linux project.

• Peter Brown (rendhalver) -- php
• Jared Hudson (jhhudso) -- php
• Masatomo Nakano (nakano) -- php, PostgreSQL
• Bryon Roche (kain) -- PostgreSQL
• Matthew Kennedy (mkennedy) -- PostgreSQL
• Kurt Lieber (klieber) -- Gentoo infrastructure

10.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

11.  GWN Feedback

Please send us your feedback and help make GWN better.

12.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:

• Dutch
• English
• German
• French
• Japanese
• Italian
• Portuguese (Brazil)
• Portuguese (Portugal)
• Spanish