Gentoo Logo

Gentoo Weekly Newsletter: March 3rd, 2003

Content:

1.  Gentoo News

Summary

Gentoo Linux at the Game Developers Conference


Figure 1.1: GDC

Fig. 1: Game Developers Conference

The 2003 Game Developers Conference kicks off on Tuesday, March 4th. The GDC is one of the world's premier conferences dedicated to the computer gaming industry with several conference tracks focused on today's hot gaming topics. One of the highlights of the conference is the GDC Expo where vendors and exhibitors show off the latest and greatest software and hardware. This year, Gentoo Linux will be present at the NVIDIA booth, along with Emmett Plant, CEO of Vorbis. Demonstrations of Unreal Tournament 2003 will be on display to show the power of Gentoo Linux and NVIDIA hardware.

So, if you're going to be at the GDC, be sure and stop by the NVIDIA booth to show your support for Gentoo Linux. You'll get a chance to meet Daniel Robbins, Seemant Kulleen and some of the other Gentoo Developers. Attendees may also get a chance to talk to Emmett Plant about the future of Ogg Vorbis, upcoming Ogg-capable portables or any number of other Ogg-related developments.

Open Developer Positions in the Gentoo Linux Project

Currently, the Gentoo Linux project has a number of open developer positions available for people who are interested in becoming more involved with the Gentoo Linux project. These positions include:

  • Technical Writer -- Help the documentation team maintain the high quality of the Gentoo Linux documentation. We're looking for folks with an aptitude for technical writing, along with an expert command of the english language.
  • Kernel Developer -- Help make gentoo-sources as feature-rich and robust as possible. Bring your kernel hacking skills to the Gentoo Linux project and help the current kernel development folks improve the quality of the Gentoo Linux kernel offerings.
  • Web Developer -- Gentoo Linux is looking for web developers with a solid foundation in either Python, Perl or PHP to assist in the development and improvement of the infrastructure that supports the Gentoo Linux project. Help with projects like mailing list archives, mirror status tools and other projects that improve the robustness and reliability of our infrastructure.
Think one of the positions listed above sounds interesting? Then help out by volunteering your time and skills to the Gentoo Linux project. Interested parties can contact Kurt Lieber for more details. Please, no resumes. We're not that formal. :) Just include a brief description of your background and qualifications along with what type of position you're interested in helping out with.

Gentoo Linux 1.4_rc3 Released

The third and hopefully final Release Candidate of Gentoo Linux 1.4 was released on February 27th. Improvements to this release include updated LiveCDs and a whole raft of bug fixes. With this release, Gentoo Linux moves to a package updates phase as described in the official Gentoo Linux Release Policy. For the next two weeks or so, developers will focus on migrating packages from a masked state to an unmasked, or stable, state. Users can expect long lists in their emerge -up world statements over the next couple of weeks as the backlog of masked packages is worked through.

2.  Gentoo Security

Summary

GLSA: usermin

Usermin is subject to the same vulnerability reported last week for Webmin, in which a security hole could permit unauthenticated access. No exploits in the wild have been reported.

  • Severity: Critical - Unauthenticated Access with Administrative Privileges
  • Packages Affected: app-admin/usermin versions prior to usermin-1.000
  • Rectification: Synchronize and emerge -u usermin, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: apcupsd

The apcupsd daemon for controlling UPSs exposes a remote root access vulnerability and some buffer overflows.

  • Severity: Critical - Remote Root Access
  • Packages Affected: sys-apps/apcupsd versions prior to apcupsd-3.10.5
  • Rectification: Synchronize and emerge -u apcupsd, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: vnc

The VNC server generates a cookie for authentication in X using a weak random number generator. This could permit an attacker to more easily guess the authentication value and gain access to the system. No specific exploit is reported, but an exploitation technique involving rapid challenges and response comparison is described.

  • Severity: Moderate to High - Encryption Compromise
  • Packages Affected: net-misc/vnc versions prior to vnc-3.3.6-r1
  • Rectification: Synchronize and emerge -u vnc, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: tightvnc

TightVNC is subject to the same vulnerability as described above for VNC.

  • Severity: Moderate to High - Encryption Compromise
  • Packages Affected: net-misc/tightvnc versions prior to tightvnc-1.2.8
  • Rectification: Synchronize and emerge -u tightvnc, emerge clean.
  • GLSA Announcement
  • Advisory

New Security Bug Reports

The following new security bugs were posted this week:

3.  Featured Developer of the Week

José Alberto Suárez López


Figure 3.1: José Alberto Suárez López, aka BaSS

Fig. 1: José Alberto Suárez López, aka BaSS

This week we feature José Alberto Suárez López, a native of Spain who got started working with Gentoo when he had a conversation with Daniel Robbins about having a Spanish side (e.g. documentation, translation) for Gentoo. Now the editor and coordinator for all things Spanish in Gentoo, he also participates in the app-games team and maintains several ebuilds. His most recent work was the integration of win4lin with Gentoo, and he's also working on some artwork. José is also quite involved with OSS outside of Gentoo: he helped translate Mozilla to Spanish, does some development, some artwork for OSS projects, and participates in some local LUGs, like HispaLiNUX and ADALA. His proudest achievements include the integration of Free Software into his school's computer network and the creation of a Gentoo Spanish group.

José lives in Sevilla, the capital of Andalucia in the South of Spain, a sunny and enjoyable city that he says is full of beautiful girls, including the most beautiful girl in the world. He studies graphics design in the morning and spends his afternoons in a crazy office working on embedded systems running Linux and other cool stuff. José's hobbies include music (recently he went to a concert with Lou Donaldson and Lonei Smith that he really liked), reading books by Lovecraft, Tolkien, and others, sports, and traveling. In his room, alongside a HiFi sound system and a bunch of CDs is his one functional computer, a laptop, which he is migrating from GNOME to KDE for political reasons. He likes Sylpheed but uses Evolution for job reasons, links and Mozilla for browsing, BitchX and gaim for messaging, and couldn't live without bash and mc.

4.  Heard In The Community

Web Forums

1.4-rc3 out and about

Housekeeping in the forums is always a challenging job, but it gets really messy whenever a new release candidate is being put out in the open, and all the new kids come storming in leaving muddy traces all over the floor... Let's help the moderators by putting up a sign: Yes, 1.4-rc3 has been released. No, you can't upgrade from 1.4-rc2... How would you "upgrade" to anything that isn't already covered by your 'emerge rsync && emerge -u world' routines? If you want to help the developers, please go ahead and test the LiveCD images for the different platforms to see if they all work well for installations. Report your experiences, chat about the new release candidate, preferrably in the two top thread for x86 and the bottom one for PPC (notice the higher RC count, the Mac devs are riding a bit ahead):

Xfree 4.3.0

Equally eagerly awaited, the latest XFree86 upgrade has hit portage last week, only days after the ebuild for the release candidate 4.2.99.902 was distributed. Greeted by a thread that grew to three pages within 24 hours, the buzz in the forums is generally positive with a few quips here and there, and hope that bugs in previous versions have been ironed out. Real nice work by the XFree86 developers, apparently. At the time of this writing you still need ACCEPT_KEYWORDS="~arch", but that'll change soon...

Commercial Applications Ported to Linux? Why not?

Why would the developers of Windows software not be interested in support for their products on Linux? After all, it isn't all that complicated, provided they try to assure some compatibility with the Windows emulators available. Or, better still, why not try to lobby them into awareness of the growing market potential for Linux ports of their software? An initiative centered around this idea was born in the Forums two weeks ago, but has gained so much momentum that it's been spun off into a mailing list of its own. Matija Suklje (aka hook, the initiator of the forum thread) brought it up to speed with an article on Newsforge that even got translated into Swedish. If you want to help exploring the possibilities of Linux advocacy directly addressing the vendors of proprietary software and drivers, check the original thread, Matija's article and the LCSP list at yahoogroups.com:

gentoo-user

Gentoo releases and what they mean to you!

In an effort to stem the tide of "how to I upgrade to 1.4_rc3" questions, Gentoo Developer Troy Dack posted a succinct message explaining exactly what Gentoo releases do (and, more importantly, don't) mean to you. The short version? emerge -u world. For the longer version, and to understand an issue that many users seem unaware of, read Troy's message.

Does gentoo compare?

Before slipping Gentoo the ring, Daniel Carerra asked some important questions on how the distribution compares with the 'bigger' ones. How complete (# of packages) is it? How quickly do ebuilds follow new source releases? Is it as easy to update as apt-get? Can packages be created easily? Does Gentoo run faster? The unanimous 'yes' answers to his five questions made one thing clear; Gentoo is mature, and as of big of a player as any other. In short, Gentoo is rocksteady.. mon.

gentoo-dev

USE FLAG for DJB's daemontools

Christian Wiese proposed a new USE flag "to automatically build packages with daemontools support if possible". Rajiv Aaron Manglani asked whether the support for daemontools would mean the creation of a separate set of init scripts and David Pavlotzky finally contributed with a pointer to an article about daemontools.

Where to install lisp sources in an ebuild?

Burton Samograd says he is writing an ebuild for a package which is entirely written in lisp and I'm not quite sure where the source files should be installed to. He has received no answers so far!

GCC Myths and Facts

Joao Seabra wrote a very elucidating article with tips on the optimization switches of GCC.

RFC for Gentoo GNU Emacs users

Matthew Kennedy announced in a message to the list that he has made a modification to the way GNU Emacs is installed in Gentoo systems. This will allow for more possibilities in customizing Emacs.

5.  Gentoo International

Reminder: Vienna Meeting Tomorrow

Last chance to make yourself available for the Gentoo User Meeting in Vienna tomorrow, Tuesday, 4 March 2003, from 19:00 at the Siebensternbräu, Siebensterngasse 19 in 1070 Wien. Send a quick note to the Viennese coordination forum thread before you drop by.

Italian Gentoo Forum Established

Just hours after the publication of the last GWN edition, the Italian campaign was rewarded with the creation of an official Gentoo Forum in Italian.. In all fairness, it is only second to Gentoo.it initiator Enrico Morelli's Gentoo Italia Forum, preceding this one by about a month, but the official forum leverages on the huge crowd attracted by the English mainstream, and as a result is certainly more dynamic than Enrico's site at the University of Florence. Opening hours for both forums are fairly flexible, check in any time...

6.  Portage Watch

The following stable packages were added to portage this week

Updates to notable packages

  • sys-apps/portage - portage-2.0.47-r5.ebuild; portage-2.0.47-r6.ebuild; portage-2.0.47-r7.ebuild;
  • sys-devel/gcc - gcc-3.2.2-r1.ebuild;
  • sys-libs/glibc - glibc-2.3.2_pre1.ebuild;
  • x11-base/xfree - xfree-4.2.99.902.ebuild;
  • sys-kernel/* - ac-sources-2.4.21_pre4-r5.ebuild; ac-sources-2.4.21_pre4-r6.ebuild; ac-sources-2.4.21_pre4-r7.ebuild; arm-headers-2.4.19.ebuild; arm-sources-2.4.19.ebuild; development-sources-2.5.63.ebuild; mm-sources-2.5.60-r1.ebuild; mm-sources-2.5.60-r2.ebuild; mm-sources-2.5.61-r1.ebuild; mm-sources-2.5.62-r1.ebuild; mm-sources-2.5.62-r2.ebuild; mm-sources-2.5.62-r3.ebuild; mm-sources-2.5.63-r1.ebuild; ppc-sources-benh-2.4.20-r6.ebuild; redhat-sources-2.4.20.2.48.ebuild; wolk-sources-4.0_rc1.ebuild;
  • net-www/apache - apache-1.3.27-r3.ebuild; apache-1.3.27-r4.ebuild;
  • dev-php/php - php-4.3.1-r1.ebuild;
  • app-admin/gentoolkit - gentoolkit-0.1.18-r2.ebuild; gentoolkit-0.1.18-r3.ebuild;

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:

  • 252 new bugs this week
  • 329 bugs closed or resolved this week
  • 13 previously closed bugs were reopened this week.
  • 1888 total bugs currently marked 'new'
  • 539 total bugs curently assigned to developers
There are currently 2487 bugs open in bugzilla. Of these: 59 are labelled 'blocker', 84 are labelled 'critical', and 169 are labelled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs this week are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs this week are:

8.  Tips and Tricks

Handling Files with Spaces

Many Gentoo users still favor command line tools (ls, find, etc.) over the newer GUI interfaces such as Nautilus or Konqueror. However, many command line users find that dealing with filenames that have spaces in them is difficult; especially when trying to automate a process or deal with multiple files at once.

One common tool to deal with multipe files is xargs, which builds and executes commands from standard input. One example is using xargs to remove old files.

Code Listing 1.1: Removing files older than one month

# find . -type f -mtime +30 | xargs rm

Warning: Be careful when executing rm as you can quickly delete things you may not want deleted. find will also search recursively - you can use the -maxdepth option to control how deep it searches.

Normally this works pretty well. However, if there are spaces in the filenames, we run into problems. The spaces are interpreted as breaks so each word in the filename is interpreted as a new filename - which of course is not what you want.

The solution to this is to use the --null (or -0) option which changes the spaces in the filenames to a NUL character.

Code Listing 1.1: Using --null to correctly handle filenames with spaces

# find . -type f -mtime +30 -print0 | xargs --null rm
(or)
# find . -type f -mtime +30 -print0 | xargs -0 rm

Note: Note that you also have to tell find to print with NUL characters instead of spaces, hence the -print0 option.

9.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

  • Bruce Locke (blocke)
  • Tobias Echert (viz)

Adds

The following developers recently joined the Gentoo Linux team:

  • Dylan Carlson (absinthe) -- java and stuff

Changes

The following developers recently changed roles within the Gentoo Linux project.

  • Peter Brown (rendhalver) -- php
  • Jared Hudson (jhhudso) -- php
  • Masatomo Nakano (nakano) -- php, PostgreSQL
  • Bryon Roche (kain) -- PostgreSQL
  • Matthew Kennedy (mkennedy) -- PostgreSQL
  • Kurt Lieber (klieber) -- Gentoo infrastructure

10.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

11.  GWN Feedback

Please send us your feedback and help make GWN better.

12.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 03 March 2003

Summary: This is the Gentoo Weekly Newsletter for the week of March 3rd, 2003.

Kurt Lieber
Editor

AJ Armstrong
Contributor

Brice Burgess
Contributor

Yuji Carlos Kosugi
Contributor

Rafael Cordones Marcos
Contributor

David Narayan
Contributor

Ulrich Plate
Contributor

Peter Sharp
Contributor

Mathy Vanvoorden
Dutch Translation

Tom Van Laerhoven
Dutch Translation

Roel Adriaans
Dutch Translation

Peter Dijkstra
Dutch Translation

Nicolas Ledez
French Translation

Guillaume Plessis
French Translation

Eric St-Georges
French Translation

John Berry
French Translation

Martin Prieto
French Translation

Michael Kohl
German Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Thomas Raschbacher
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Daniel Ketel
Japanese Translation

Yoshiaki Hagihara
Japanese Translation

Andy Hunne
Japanese Translation

Yuji Carlos Kosugi
Japanese Translation

Yasunori Fukudome
Japanese Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

Ricardo Jorge Louro
Portuguese (Portugal) Translation

Lanark
Spanish Translation

Rafael Cordones Marcos
Spanish Translation

Julio Castillo
Spanish Translation

Sergio Gómez
Spanish Translation

Pablo Pita Leira
Spanish Translation

Carlos Castillo
Spanish Translation

Tirant
Spanish Translation

Jaime Freire
Spanish Translation

Lucas Sallovitz
Spanish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.