Gentoo Weekly Newsletter: April 21st, 2003
Portage security features detailed
As reported previously, Portage will be getting some new security features as one of the last improvements to the 2.0 branch. Recently, a message was posted to the gentoo-security mailing list that offers some more details about the upcoming features. Overall, the system relies heavily on the web-of-trust model put forth by GnuPG. Users wishing to become more familiar with the security concepts behind the new Portage model should start by reading the GNU Privacy Handbook
Open positions with the Gentoo Linux project
The Gentoo Linux project is looking to recruit developers who would like to maintain one or more of the following packages:
- KDE and related packages
- wine (includes winex and related packages)
- sound tools (media-sound)
Please email firstname.lastname@example.org if you are interested in any of these positions.
Gentoo Linux is seeking additional source mirrors and colocation space
As many people have noticed recently, our system of source mirrors have been showing increasing signs of strain. This translates into slower download times, more "connection refused" messages and an overall increase in the length of time it takes to emerge packages. This problem has been especially apparent in North America, where we have fewer source mirrors. As such, Gentoo Linux is actively seeking sponsors willing to set up and maintain source mirrors. Our source mirrors policy explains most of the details associated with setting up a new source mirror. Any additional questions related to setting up public source mirrors can be directed to Kurt Lieber.
Additionally, Gentoo Linux is also in need of servers and colocation space for its infrastructure servers. If you know of a company who might be willing to donate the use of a server, along with bandwidth and colocation space, please contact Kurt Lieber. Most sponsors are eligible to receive recognition on our Sponsors page. Additionally, certain key sponsors may receive additional marketing efforts, such as feature articles in the Gentoo Weekly Newsletter, to acknowledge their generous contributions to Gentoo Linux.
Gentoo Linux now available on the HPPA Platform
Gentoo Linux is now available on the HPPA platform. Though still in the early stages of development, the port is operational at this point and is best suited to console or server usage for now. X, fluxbox and framebuffer are all working and LiveCD and stages can be found in the /experimental/hppa/ directory on any of our mirrors.
You can find a list of supported hardware on the ESIEE PA-Team website and on the parisc-linux web site. At this point, nearly all machines are supported. Installation instructions are also available. Users experiencing problems can seek assistance in #gentoo-hppa on freenode and bug reports can be filed on bugs.gentoo.org. The Gentoo Linux HPPA port needs your testing help to work out any remaining bugs. The Gentoo Linux/HPPA team is also looking for developers interested in helping with the port to HPPA. Interested parties should contact Guy Martin.
A new version of kdegraphics has been released to fix outstanding security bugs related to a
vulnerability in Ghostscript that permits execution of arbitrary commands (see last weeks GWN).
- Severity: Critical - Remote execution of commands, information exposure.
- Packages Affected: kde-base/kdegraphics prior to kdegraphics-3.1.1a-r1
- Rectification: Synchronize and emerge kdegraphics, emerge clean.
- GLSA Announcement
New Security Bug Reports
The following new security bugs were posted this week:
Developer's Corner is a new, semi-regular section that will appear in future editions of the GWN. Written by Seemant Kulleen, the development manager and project coordinator for Gentoo Linux, this section will feature development news about Gentoo Linux along with whatever else might be on Seemant's mind at the moment.
Hello to my Gentoo friends. As you may have noticed, the xfree-4.3.0-r2 ebuild has gone stable on most architectures. There are some things to bear in mind when you install this. First of all, you will have to unmerge xft. The reason behind this is that Xft is actually a module for X, and as such, the version included in the xfree build is newer and better. Second, games based on SDL (for example, Frozen Bubble and Unreal Tournament 2003: both the demo and the release version), may misbehave due to the new xfree. There is a new extension to X, called XRandR (go read the documentation :P), which causes these games to choose the lowest refresh rates for any given resolution. The fix for this is simple: emerge libsdl-1.2.5-r2, which contains a patch, or hack, to make it behave well with the new X. For games that include their own libSDL shared library, simply replace the libSDL-1.2.so.0 file with the one from libsdl-1.2.5-r2.
See you next week! Oh, on a more personal note: Happy Birthday to my sister Sindhuja, and Happy 31st Anniversary to my parents.
Featured Developer of the Week
Figure 4.1: Luca Barbato, aka lu_zero
Featured this week is Luca Barbato, one of the Gentoo/PPC co-leads, who also maintains a custom version of Knoppix's cloop (a compressed loopback filesystem), maintains the closed-source ATI drivers ebuild, and is an ATI Radeon tester for the XFree ebuilds. Luca had already fixed or submitted several ebuilds for programs he needed when he told Michael J. Cohen that cloop could be made better by using a different compression algorithm. Asked to implement something to test that, he came up with 2 new versions, both faster than zlib cloop and one with a comparable compression ratio. Shortly thereafter, he was proposed as a developer. Luca's other contributions to OSS include his work on the BeOS port of FPSE (a PlayStation emulator; see http://linux.fpse.org/for more information) and a peer-to-peer netgame patch for frozenbubble which he has begun working on with friends as a distributed computing course project.
Luca, who likes gimp and sodipodi and installs mozilla on every machine he gets his hands on mainly uses an Athlon 850 with 768MB RAM, and a Radeon 9700 Pro, as well as a 15" Powerbook G4. Both run GNOME2, as well as lyx, dia, abiword, and OpenOffice.org for non-coding stuff. He had to use eclipse for his Java course but still prefers vim for coding.
A 21-year-old in his 3rd year studying computer science at the Politecnico di Torino, Luca's numerous hobbies include Live-action RPG, jujitsu, biking, windsail, snowboarding, traveling, books, Fumetti/Manga (that is, Italian and Japanese comics), volleyball, photography, and music (mostly epic metal, definitely not cheap dance/pop music). He lives in Turin, famous for being the first Italian capital, one of the best Egyptian museums in the world, and creepy legends about its underground caves.
Heard In The Community
Fonts, fonts and more fonts
Fonts seem to be a never-ending source of trouble for Linux. Between anti-aliased, freetype fonts, truetype fonts and all sorts of other font issues, it's no surprise that there are often a number of active font-related threads in the forums:
XFree86 4.3.0 upgrade pains
The recent marking of XFree86 4.3.0 has resulted in a number of threads cropping up in the forums related to upgrade questions and difficulties. Users experiencing trouble upgrading to XFree86 4.3.0 should be sure to check out this week's inagural Developer's Corner
Gentoo and the Sharp Zaurus
After researching the world of PDAs, Mathew Alexander decided to pickup a Sharp Zaurus SL-5500. He hoped to enhance this badboy by connecting to it through his Gentoo box, and vise-versa. Carefully following the official generic linux instructions resulted in a frustrating dysfunctional connection, another "wasted time" scenario well known to any geek. Fortunately the sound advice of the gentoo-user community brought Mathew's Gentoo box and Zaurus into harmony. David Golpira was particularly helpfull in providing his script to setup NAT & routing, and Seth Rotherberg offered his solution. Louis Candell recieves an honorable mention for becoming the Zaurus's 'uber-fan'.
There is no Gentoo International news this week
The following stable packages were added to portage this week
- app-arch/flexbackup : Flexible backup script using perl http://flexbackup.sourceforge.net/
- app-emulation/frodo : An excellent Commodore 64 Emulator http://www.uni-mainz.de/~bauec002/FRMain.html
- app-misc/kkeyled : KKeyLED - a Kicker module showing the status of your keyboard's numlock, capslock and scrolllock. http://www.truesoft.ch/dieter/kkeyled.html
- app-sci/ksimus : KSimus is a KDE tool for simulation, automatization and visualization of technical processes. http://ksimus.berlios.de/
- app-sci/ksimus-boolean : The package Boolean contains some boolean components for KSimus. http://ksimus.berlios.de/
- app-sci/ksimus-datarecorder : The package Data Recorder contains some components which records data for KSimus. http://ksimus.berlios.de/
- app-sci/ksimus-floatingpoint : The package Floating Point contains some floating point related components for KSimus. http://ksimus.berlios.de/
- dev-lang/f2c : Fortran to C converter http://www.netlib.org/f2c
- dev-lang/cxx : Compaq's enhanced C++ compiler for the ALPHA platform http://www.support.compaq.com/alpha-tools
- dev-lang/ruby-cvs : An object-oriented scripting language http://www.ruby-lang.org/
- dev-libs/libcxml : Compaqs eXtended Math Library for linux alpha http://h18000.www1.hp.com/math/index.html
- dev-python/pykde : PyKDE is a set of Python bindings for the KDE libs http://www.riverbankcomputing.co.uk/pykde/
- dev-ruby/ruby-ldap : A Ruby interface to some LDAP libraries http://ruby-ldap.sourceforge.net/
- dev-util/ladebug : Linux port of the Famous Tru64 Debugger http://www.support.compaq.com/alpha-tools
- media-sound/shntool : shntool is a multi-purpose WAVE data processing and reporting utility http://shnutils.freeshell.org/shntool/
- media-sound/emu10k1-cvs : Drivers, utilities, and effects for Sound Blaster cards (SBLive!, SB512, Audigy) http://www.sourceforge.net/projects/emu10k1/
- media-video/camorama : A GNOME 2 Webcam application featuring various image filters. http://camorama.fixedgear.org/
- media-video/vdr : Klaus Schmidingers Video Disk Recorder http://www.cadsoft.de/people/kls/vdr
- media-video/quickrip : Basic DVD ripper written in Python and PyQT." http://www.tomchance.uklinux.net/projects/quickrip.shtml
- media-video/vobcopy : copies DVD .vob files to harddisk, decrypting them on the way http://lpn.rnbhq.org/
- net-fs/coda-server : Coda is an advanced networked filesystem developed at Carnegie Mellon Univ. http://www.coda.cs.cmu.edu
- net-mail/base64 : Command line program that encodes/decodes files in base64 http://www.fourmilab.ch/webtools/base64/
- net-misc/gtk2-ssh-askpass : A small SSH Askpass replacement written with GTK2. http://www.cgabriel.org/sw/gtk2-ssh-askpass/
- net-misc/xsmbrowser : GUI SMB browser with preview written in expect" http://www.public.iastate.edu/~chadspen/xsmbrowser.html
- net-www/epiphany : GNOME webbrowser based on the mozilla rendering engine http://epiphany.mozdev.org/
- net-www/browser-config : A lightweight modular configurable http url handler/browser launcher http://www.pocketninja.com/
- sys-apps/lshw : Hardware Lister http://ezix.sourceforge.net/
- sys-kernel/genkernel : Gentoo autokernel script" http://www.gentoo.org
- x11-misc/karamba : A KDE program that displays a lot of various information right on your desktop. http://www.efd.lth.se/~d98hk/karamba/
- x11-plugins/wmmsg : wmmsg is a dockapp that informs you of new events, such as incoming chat messages, by displaying related icons and arrival times http://taxiway.swapspace.net/~matt/wmmsg/
- x11-themes/gaim-smileys : Snapshot of Available Gaim Smiley Themes http://gaim.sourceforge.net/themes.php
- x11-wm/papuawm : PapuaWM, a minimalistic, though useable window manager http://papuaos.org/papuawm
Updates to notable packages
- sys-kernel/* - ck-sources-2.4.20-r6.ebuild; gaming-sources-2.4.20-r2.ebuild; genkernel-1.0.ebuild; gentoo-sources-2.4.20-r3.ebuild; mm-sources-2.5.67-r2.ebuild; mm-sources-2.5.67-r3.ebuild; openmosix-sources-2.4.20-r3.ebuild; pfeifer-sources-188.8.131.52_pre7.ebuild; selinux-sources-2.4.20-r4.ebuild; xfs-sources-2.4.20-r3.ebuild;
New USE variables:
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity
on the site has resulted in:
- 311 new bugs this week
- 444 bugs closed or resolved this week
- 3 previously closed bugs were reopened this week.
- 2531 total bugs currently marked 'new'
- 428 total bugs currently assigned to developers
There are currently 3020 bugs open in Bugzilla. Of these: 62 are labeled 'blocker', 112 are labeled 'critical',
and 237 are labeled 'major'.
Closed Bug Rankings
The developers and teams who have closed the most bugs this week are:
New Bug Rankings
The developers and teams who have been assigned the most new bugs this week are:
Tips and Tricks
Preventing System Reboot with Ctrl-Alt-Del
The "Three-Finger-Salute" or, the key combination Ctrl+Alt+Del
is typically mapped to the command /sbin/shutdown -r now. In
other words, it reboots your system. Sometimes this may be unwanted
behavior, so this week's tips shows you how to disable, or remap that
The file we need to edit is /etc/inittab. Find the line
that says ca:12345:ctrlaltdel:/sbin/shutdown -r now and simply
comment it out by putting a # in front of it. Or, if you prefer, you
can change the /sbin/shutdown -r now part to another command.
Lastly, we need to tell the init process about these changes.
Code Listing 9.1: Reloading init
# /sbin/init q
Moves, Adds and Changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
- Rainer Groesslinger (scandium) -- DotGNU Portable.NET
- Todd Heim (heim) -- gentoo-stats, gentoo-stable
- Meir Kriheili (mksoft) -- gentoo-stats, gentoo-stable
- Arun Bhanu (codebear) -- gentoo-stats, gentoo-stable
- Stanislav Brabec (utx) -- general stuff
The following developers recently changed roles within the Gentoo Linux project.
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
The Gentoo Weekly Newsletter is also available in the following languages: