Gentoo Weekly Newsletter: March 3rd, 2003
Gentoo Linux at the Game Developers Conference
Figure 1.1: GDC
The 2003 Game Developers Conference kicks off on Tuesday, March 4th. The GDC is one of the world's premier conferences dedicated to the computer gaming industry with several conference tracks focused on today's hot gaming topics. One of the highlights of the conference is the GDC Expo where vendors and exhibitors show off the latest and greatest software and hardware. This year, Gentoo Linux will be present at the NVIDIA booth, along with Emmett Plant, CEO of Vorbis. Demonstrations of Unreal Tournament 2003 will be on display to show the power of Gentoo Linux and NVIDIA hardware.
So, if you're going to be at the GDC, be sure and stop by the NVIDIA booth to show your support for Gentoo Linux. You'll get a chance to meet Daniel Robbins, Seemant Kulleen and some of the other Gentoo Developers. Attendees may also get a chance to talk to Emmett Plant about the future of Ogg Vorbis, upcoming Ogg-capable portables or any number of other Ogg-related developments.
Open Developer Positions in the Gentoo Linux Project
Currently, the Gentoo Linux project has a number of open developer positions available for people who are interested in becoming more involved with the Gentoo Linux project. These positions include:
Think one of the positions listed above sounds interesting? Then help out by volunteering your time and skills to the Gentoo Linux project. Interested parties can contact Kurt Lieber for more details. Please, no resumes. We're not that formal. :) Just include a brief description of your background and qualifications along with what type of position you're interested in helping out with.
Technical Writer -- Help the documentation team maintain the high quality of the Gentoo Linux documentation. We're looking for folks with an aptitude for technical writing, along with an expert command of the english language.
Kernel Developer -- Help make gentoo-sources as feature-rich and robust as possible. Bring your kernel hacking skills to the Gentoo Linux project and help the current kernel development folks improve the quality of the Gentoo Linux kernel offerings.
Web Developer -- Gentoo Linux is looking for web developers with a solid foundation in either Python, Perl or PHP to assist in the development and improvement of the infrastructure that supports the Gentoo Linux project. Help with projects like mailing list archives, mirror status tools and other projects that improve the robustness and reliability of our infrastructure.
Gentoo Linux 1.4_rc3 Released
The third and hopefully final Release Candidate of Gentoo Linux 1.4 was released on February 27th. Improvements to this release include updated LiveCDs and a whole raft of bug fixes. With this release, Gentoo Linux moves to a package updates phase as described in the official Gentoo Linux Release Policy. For the next two weeks or so, developers will focus on migrating packages from a masked state to an unmasked, or stable, state. Users can expect long lists in their emerge -up world statements over the next couple of weeks as the backlog of masked packages is worked through.
Usermin is subject to the same vulnerability reported last week for Webmin, in which a security hole could
permit unauthenticated access. No exploits in the wild have been reported.
- Severity: Critical - Unauthenticated Access with Administrative Privileges
- Packages Affected: app-admin/usermin versions prior to usermin-1.000
- Rectification: Synchronize and emerge -u usermin, emerge clean.
- GLSA Announcement
The apcupsd daemon for controlling UPSs exposes a remote root access vulnerability and some buffer overflows.
- Severity: Critical - Remote Root Access
- Packages Affected: sys-apps/apcupsd versions prior to apcupsd-3.10.5
- Rectification: Synchronize and emerge -u apcupsd, emerge clean.
- GLSA Announcement
The VNC server generates a cookie for authentication in X using a weak random number generator. This could
permit an attacker to more easily guess the authentication value and gain access to the system. No specific
exploit is reported, but an exploitation technique involving rapid challenges and response comparison is
- Severity: Moderate to High - Encryption Compromise
- Packages Affected: net-misc/vnc versions prior to vnc-3.3.6-r1
- Rectification: Synchronize and emerge -u vnc, emerge clean.
- GLSA Announcement
TightVNC is subject to the same vulnerability as described above for VNC.
- Severity: Moderate to High - Encryption Compromise
- Packages Affected: net-misc/tightvnc versions prior to tightvnc-1.2.8
- Rectification: Synchronize and emerge -u tightvnc, emerge clean.
- GLSA Announcement
New Security Bug Reports
The following new security bugs were posted this week:
Featured Developer of the Week
José Alberto Suárez López
Figure 3.1: José Alberto Suárez López, aka BaSS
This week we feature José Alberto Suárez López, a native of Spain who got started working with Gentoo when he had a conversation with Daniel Robbins about having a Spanish side (e.g. documentation, translation) for Gentoo. Now the editor and coordinator for all things Spanish in Gentoo, he also participates in the app-games team and maintains several ebuilds. His most recent work was the integration of win4lin with Gentoo, and he's also working on some artwork. José is also quite involved with OSS outside of Gentoo: he helped translate Mozilla to Spanish, does some development, some artwork for OSS projects, and participates in some local LUGs, like HispaLiNUX and ADALA. His proudest achievements include the integration of Free Software into his school's computer network and the creation of a Gentoo Spanish group.
José lives in Sevilla, the capital of Andalucia in the South of Spain, a sunny and enjoyable city that he says is full of beautiful girls, including the most beautiful girl in the world. He studies graphics design in the morning and spends his afternoons in a crazy office working on embedded systems running Linux and other cool stuff. José's hobbies include music (recently he went to a concert with Lou Donaldson and Lonei Smith that he really liked), reading books by Lovecraft, Tolkien, and others, sports, and traveling. In his room, alongside a HiFi sound system and a bunch of CDs is his one functional computer, a laptop, which he is migrating from GNOME to KDE for political reasons. He likes Sylpheed but uses Evolution for job reasons, links and Mozilla for browsing, BitchX and gaim for messaging, and couldn't live without bash and mc.
Heard In The Community
1.4-rc3 out and about
Housekeeping in the forums is always a challenging job, but it gets really messy whenever a new release candidate is being put out in the open, and all the new kids come storming in leaving muddy traces all over the floor... Let's help the moderators by putting up a sign: Yes, 1.4-rc3 has been released. No, you can't upgrade from 1.4-rc2... How would you "upgrade" to anything that isn't already covered by your 'emerge rsync && emerge -u world' routines? If you want to help the developers, please go ahead and test the LiveCD images for the different platforms to see if they all work well for installations. Report your experiences, chat about the new release candidate, preferrably in the two top thread for x86 and the bottom one for PPC (notice the higher RC count, the Mac devs are riding a bit ahead):
Equally eagerly awaited, the latest XFree86 upgrade has hit portage last week, only days after the ebuild for the release candidate 188.8.131.522 was distributed. Greeted by a thread that grew to three pages within 24 hours, the buzz in the forums is generally positive with a few quips here and there, and hope that bugs in previous versions have been ironed out. Real nice work by the XFree86 developers, apparently. At the time of this writing you still need ACCEPT_KEYWORDS="~arch", but that'll change soon...
Commercial Applications Ported to Linux? Why not?
Why would the developers of Windows software not be interested in support for their products on Linux? After all, it isn't all that complicated, provided they try to assure some compatibility with the Windows emulators available. Or, better still, why not try to lobby them into awareness of the growing market potential for Linux ports of their software? An initiative centered around this idea was born in the Forums two weeks ago, but has gained so much momentum that it's been spun off into a mailing list of its own. Matija Suklje (aka hook, the initiator of the forum thread) brought it up to speed with an article on Newsforge that even got translated into Swedish. If you want to help exploring the possibilities of Linux advocacy directly addressing the vendors of proprietary software and drivers, check the original thread, Matija's article and the LCSP list at yahoogroups.com:
Gentoo releases and what they mean to you!
In an effort to stem the tide of "how to I upgrade to 1.4_rc3" questions, Gentoo Developer Troy Dack
posted a succinct message explaining exactly
what Gentoo releases do (and, more importantly, don't) mean to you. The short version? emerge -u world. For the longer version,
and to understand an issue that many users seem unaware of, read Troy's message.
Does gentoo compare?
Before slipping Gentoo the ring, Daniel Carerra
some important questions on how the distribution
compares with the 'bigger' ones. How complete (# of packages) is it? How quickly do ebuilds follow new
source releases? Is it as easy to update as apt-get? Can packages be created easily? Does Gentoo run
faster? The unanimous 'yes' answers to his five questions made one thing clear; Gentoo is mature, and
as of big of a player as any other. In short, Gentoo is rocksteady.. mon.
USE FLAG for DJB's daemontools
a new USE flag "to automatically build packages with
daemontools support if possible".
Rajiv Aaron Manglani
the support for daemontools would mean the creation of a separate set of init scripts and
David Pavlotzky finally
a pointer to an
Where to install lisp sources in an ebuild?
he is writing an ebuild for a package which is entirely written in lisp and I'm
not quite sure where the source files should be installed to. He has received no
answers so far!
GCC Myths and Facts
Joao Seabra wrote a very elucidating
with tips on the optimization switches of GCC.
RFC for Gentoo GNU Emacs users
in a message to the list that he has made a modification to
the way GNU Emacs is installed in Gentoo systems. This will allow for
more possibilities in customizing Emacs.
Reminder: Vienna Meeting Tomorrow
Last chance to make yourself available for the Gentoo User Meeting in Vienna tomorrow, Tuesday, 4 March 2003, from 19:00 at the Siebensternbräu, Siebensterngasse 19 in 1070 Wien. Send a quick note to the Viennese coordination forum thread before you drop by.
Italian Gentoo Forum Established
Just hours after the publication of the last GWN edition, the Italian campaign was rewarded with the creation of an official Gentoo Forum in Italian.. In all fairness, it is only second to Gentoo.it initiator Enrico Morelli's Gentoo Italia Forum, preceding this one by about a month, but the official forum leverages on the huge crowd attracted by the English mainstream, and as a result is certainly more dynamic than Enrico's site at the University of Florence. Opening hours for both forums are fairly flexible, check in any time...
The following stable packages were added to portage this week
Updates to notable packages
- sys-apps/portage - portage-2.0.47-r5.ebuild; portage-2.0.47-r6.ebuild; portage-2.0.47-r7.ebuild;
- sys-devel/gcc - gcc-3.2.2-r1.ebuild;
- sys-libs/glibc - glibc-2.3.2_pre1.ebuild;
- x11-base/xfree - xfree-184.108.40.2062.ebuild;
- sys-kernel/* - ac-sources-2.4.21_pre4-r5.ebuild; ac-sources-2.4.21_pre4-r6.ebuild; ac-sources-2.4.21_pre4-r7.ebuild; arm-headers-2.4.19.ebuild; arm-sources-2.4.19.ebuild; development-sources-2.5.63.ebuild; mm-sources-2.5.60-r1.ebuild; mm-sources-2.5.60-r2.ebuild; mm-sources-2.5.61-r1.ebuild; mm-sources-2.5.62-r1.ebuild; mm-sources-2.5.62-r2.ebuild; mm-sources-2.5.62-r3.ebuild; mm-sources-2.5.63-r1.ebuild; ppc-sources-benh-2.4.20-r6.ebuild; redhat-sources-220.127.116.11.48.ebuild; wolk-sources-4.0_rc1.ebuild;
- net-www/apache - apache-1.3.27-r3.ebuild; apache-1.3.27-r4.ebuild;
- dev-php/php - php-4.3.1-r1.ebuild;
- app-admin/gentoolkit - gentoolkit-0.1.18-r2.ebuild; gentoolkit-0.1.18-r3.ebuild;
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity
on the site has resulted in:
There are currently 2487 bugs open in bugzilla. Of these: 59 are labelled 'blocker', 84 are labelled 'critical',
and 169 are labelled 'major'.
- 252 new bugs this week
- 329 bugs closed or resolved this week
- 13 previously closed bugs were reopened this week.
- 1888 total bugs currently marked 'new'
- 539 total bugs curently assigned to developers
Closed Bug Rankings
The developers and teams who have closed the most bugs this week are:
New Bug Rankings
The developers and teams who have been assigned the most new bugs this week are:
Tips and Tricks
Handling Files with Spaces
Many Gentoo users still favor command line tools (ls, find, etc.) over the newer GUI interfaces such as Nautilus or Konqueror. However, many command line users find that dealing with filenames that have spaces in them is difficult; especially when trying to automate a process or deal with multiple files at once.
One common tool to deal with multipe files is xargs, which builds and executes commands from standard input. One example is using xargs to remove old files.
Code Listing 1.1: Removing files older than one month
# find . -type f -mtime +30 | xargs rm
Normally this works pretty well. However, if there are spaces in the filenames, we run into problems. The spaces are interpreted as breaks so each word in the filename is interpreted as a new filename - which of course is not what you want.
Be careful when executing rm as you can quickly delete things you may not want deleted. find will also search recursively - you can use the -maxdepth option to control how deep it searches.
The solution to this is to use the --null (or -0) option which changes the spaces in the filenames to a NUL character.
Code Listing 1.1: Using --null to correctly handle filenames with spaces
# find . -type f -mtime +30 -print0 | xargs --null rm
# find . -type f -mtime +30 -print0 | xargs -0 rm
Note that you also have to tell find to print with NUL characters instead of spaces, hence the -print0 option.
Moves, Adds and Changes
The following developers recently left the Gentoo team:
- Bruce Locke (blocke)
- Tobias Echert (viz)
The following developers recently joined the Gentoo Linux team:
- Dylan Carlson (absinthe) -- java and stuff
The following developers recently changed roles within the Gentoo Linux project.
- Peter Brown (rendhalver) -- php
- Jared Hudson (jhhudso) -- php
- Masatomo Nakano (nakano) -- php, PostgreSQL
- Bryon Roche (kain) -- PostgreSQL
- Matthew Kennedy (mkennedy) -- PostgreSQL
- Kurt Lieber (klieber) -- Gentoo infrastructure
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
The Gentoo Weekly Newsletter is also available in the following languages: