Gentoo Logo

Gentoo Weekly Newsletter: July 14th, 2003

Content:

1.  Gentoo News

Summary

Gentoo Linux at LinuxTag

Gentoo Linux was at LinuxTag 2003, the largest Linux/Open Source fair in Europe, held at the Conference Center in Karlsruhe, Germany. The convention closed its doors yesterday after four days packed with speeches, workshops, a programming contest and numerous other events in the congress center and its fairly large exhibition hall, competing for media attention only with the beautiful weather (IT journalists were spotted hanging out in the adjacent zoological garden, drinking latte and chasing the peacocks).

The German Gentoo devs, including Michael Imhof, Dan Armak, Hanno Boeck, Sascha Schwabbauer, Lars Weiler, and many others who had manned the Gentoo booth since Thursday, packed up their odd collection of hardware ranging from handheld devices over iBooks to powerful graphics workstations and went home, exhausted but happy about a very successful first display of Gentoo at the LinuxTag. 1000 LiveCDs (LinuxTag edition, sponsored by Millenux, an IBM Germany partner for Linux on s/390 mainframes) were thrown at visitors for free, and were gone so fast that a rotational vigil had to be mounted over the rationed number of copies to be handed out per day. At peak time, 12 resident Gentooists were sharing the available booth space (at a density of almost a dev per square meter), and hundreds of Gentoo users, the occasional visiting dev and many IT professionals dropped by for a chat about new features, organisational questions or to exchange hearty handclasps among people who had only met via mailing lists and Forum threads before. One KDE developer who visited the booth told danarmak that he was going to switch to Gentoo just because because he liked his live CVS KDE ebuilds so much.

The crowd gathering to watch demos of co-exhibitor XINE added to making things look slightly claustrophobic at times, but the general feeling was "the more, the merrier". Tantive's LinuxTag Summary gives a thorough account of the kind of questions the Gentoo devs were most often confronted with. "When will Gentoo be available for the Opteron?" and "No problem doing mass emerges for several machines at a time, but how do I etc-update a large number of workstations afterwards?" were among the typically more business-oriented demands from LinuxTag visitors.


Figure 1.1: Standing in the middle, from left to right, Lars Weiler, Sascha Schwabbauer, Hanno Boeck

Fig. 1: Standing in the middle, from left to right, Lars Weiler, Sascha Schwabbauer, Hanno Boeck


Figure 1.2: From left to right, Xine devs Andreas Heinchen and Stefan Holst, Gentoo devs Michael Imhof and Lars Weiler

Fig. 2: From left to right, Xine devs Andreas Heinchen and Stefan Holst, Gentoo devs Michael Imhof and Lars Weiler

ViewCVS back up

We're very pleased to announce that ViewCVS, the web-based CVS repository viewer which has been down since the migration of cvs.gentoo.org, is now available again at http://www.gentoo.org/cgi-bin/viewcvs.cgi/, with a significant improvement: the load is spread out over several servers, so users should notice an improved response time.

2.  Gentoo Security

Summary

GLSA: unzip

By inserting invalid characters between ".." attackers can overwrite arbitrary files.

  • Severity: High - Remote file overwriting.
  • Packages Affected: app-arch/unzip prior to unzip-5.50-r2
  • Rectification: Synchronize and emerge unzip, emerge clean.
  • GLSA Announcement

GLSA: gtksee

A carefully crafted png picture can be used to exploit a buffer overflow in gtksee and execute arbitrary code on the target machine.

  • Severity: High - Remote execution of arbitrary code.
  • Packages Affected: media-gfx/gtksee prior to gtksee-0.5.2
  • Rectification: Synchronize and emerge gtksee, emerge clean.
  • GLSA Announcement

GLSA: cistronradius

The Cistron RADIUS daemon permits a remote DoS attack with the potential to execute arbitrary code. This is do to an improper handling of a large NAS-Port attribute which is interpreted by the daemon as a negative number.

  • Severity: High - Remote execution of arbitrary code.
  • Packages Affected: net-dialup/cistronradius prior to cistronradius-1.6.6-r1
  • Rectification: Synchronize and emerge cistronradius, emerge clean.
  • GLSA Announcement

GLSA: ypserv

The ypserv NIS server could permit a remote DoS attack using a TCP client request that does not respond to the server.

  • Severity: Moderate - Remote DoS.
  • Packages Affected: net-dns/ypserv prior to ypserv-2.8
  • Rectification: Synchronize and emerge ypserv, emerge clean.
  • GLSA Announcement

New Security Bug Reports

The following new security bugs were posted in the past two weeks:

3.  User stories

Remember, we need you to send us your stories in order to have a story here. Whether interesting, funny, or just plain unbelievable, we'd love to feature your story about Gentoo and you here.

4.  Featured Developer of the Week

Lisa Marie Seelye


Figure 4.1: Lisa Marie Seelye

Fig. 1: Lisa Marie Seelye

This week we're featuring Lisa Marie Seelye, who just joined the Gentoo Linux Project a few days ago. She maintains distcc, and has already gotten distcc-2.7.1 into x86 stable and committed 2.8 for testing. She says the life of a maintainer is a simple life: up at the crack of dawn to squash any bugs and to make the life of everyone using Gentoo and distcc a little easier. Lisa came to the project when Seemant Kulleen saw something in the ebuilds and bugs she submitted to Bugzilla, and says that these were selfish contributions - bugs submitted so that things would work for her - but that the awesome beauty is that people are also affected in a positive way and it makes her feel good. Lisa has released a couple of Win32 programs with the source available, but Gentoo is her first 'real' OSS project. A student during the day, Lisa writes PHP applications for paying customers to help pay the bills.

A PHP lover, Lisa says her best work is a function from a PHP project she wrote, that accepts a relative path and then recursively adds every jpeg under it into a database and even makes a thumbnail of each image. Weighing in at a lean 57 lines with comments, Lisa says this taught her how to manipulate stacks in a way she hadn't done before, as well as how to use PHP/Apache functions. Her favorite apps are a mix of Windows and Linux ones: first, she's in love in Trillian, a Win32 native multi-protocol messaging client that she finds compact and easy to use. Second is Opera, which in her opinion is the best web browser and one she'd find hard to surf without. An x86 gal, Lisa uses three computers on a daily basis: her desktop, a 1.2GHz Athlon T-Bird with 640MB RAM, her testing box, a K6-2/400MHz with 128MB RAM and a buggy NIC, and her everything-server, a dual P3 (1GHz and 733MHz) running with a bunch of grsecurity restrictions. She's using 2.4.20-OpenMosix on the first two and 2.4.20-gentoo-r5 on the server. On her desktop, she uses whatever happens to be the latest release of Evolution in ~x86, under a default Gnome installation.

"I have to be me cuz no one else is gonna do it for me." - a friend

5.  Heard in the Community

Web Forums

Last 2.5.x Kernel Out and About

With the imminent arrival of the new stable series and the recent announce that 2.5.75 will be the last 2.5.x series kernel the Gentoo users are getting more and more anxious for this version to become stable. Two Forum threads are dealing with quirks and features of the latest development sources, and the different aspects of how to get the current kernel to a rock-solid 2.6 series:

Mozilla 1.4 Grabbing Attention

The new version of Mozilla has been added to the portage tree just last week, and Gentooists have been busy giving feedback about this new release, features, bugs, compile time errors and whatnot. Check the main threads in the Forums here:

Gentoo Common Menu

Other distributions already make installed desktop applications available in their window manager menus, and in the spirit of a growing desktop orientation of many Gentooists, spikkle now asks about a Gentoo way to implement these common menus across different desktop environments. What is needed to make automatic application additions sufficiently smooth and flexible?

gentoo-user

Heads up: Apache2 and MySQL4 moved to stable

Gentoo Linux developer Donny Davies wrote a message to the -user and -dev lists about Apache2 and MySQL4 being marked as stable. This means that, by default, emerging apache or mysql will result in those newer versions installed. If you want to stay with the older ones, the easiest way is to put some entries in /etc/portage/profiles/package.mask, as Ian Truelsen pointed out.

Choosing the Window Manager for your Tastes

Picking your window manager can sometimes be very difficult. Some are feature filled, but may be sometimes bloated. Others may lack some features, but are designed to be lightning fast. User Richard Kilgore posted to the -user list asking for feedback on a window manager that may suit his taste. He preferred it to not be ugly, but accepted keyboard input, as a mouse would not be available. In response, many users recommended xfce4, openbox, even FVWM with themes. Link here.

Problem with NVidia

User Christian Herzyk was having problems with his system and the latest NVidia drivers, version 4340. Symptoms of his system included lockups, or very slow X starting times. Recommended solutions included turning ACPI off, forcing detection of monitors, etc. Link here.

gentoo-dev

*-doc vs USE="doc"

There seem to be a couple of methods for handling documentation for packages. The very obvious one would be to simply include the documentation in the package itself. However that way eliminates options. So to give the user a choice one could split software and documentation in two, letting him install the docs separately. And of course there is the doc use flag for overall control. Alastair Tse brought it up wondering what would be the gentoo way of doing things.

6.  Gentoo International

Gentoo.de Now Recruiting Devs and Translators

Generational handover at Gentoo.de: The oldest non-US Gentoo website, the German www.gentoo.de needs a fresh blood injection to cover for some of the old hands who had to drop their frantic contribution schedule because of the workload in their real world commitments, on the job and in university. Beejay (Benjamin Judas) is coordinating the call for contributors at this Forum thread. Most desperately needed are translators for the Gentoo documentation and news, but also ebuild writers and developers with enough free time on their hands to help things running smoothly at the German Gentoo users group.

Gentoo Games CDs Bundled with Brazilian Linux Magazine

Revista do Linux, a monthly Linux magazine published by the Brazilian distribution Conectiva, offers a CD with tons of Linux tools and applications in each issue. Documentations, games, new releases, complete distros, the latest kernel source, videos: every week the Revista do Linux readers are presented with an excellent collections of Free Software items, and the July issue now has the GentooGames LiveCD "Return to Castle Wolfenstein - Enemy Territory" bundled to it.

Update: New Gentoo Portugal Coordination Thread in the Forums

As reported last week, the Portuguese Gentooists are setting up their own Gentoo Linux Users Group. António Meireles (aka Datashark), a former Gentoo developer, is now requesting ideas for the setup of a fully fledged user group complete with a website and anything else that might look appropriate. Comments, ideas and suggestions to this forum thread, please.

7.  Portage Watch

The following notable packages were updated or added to portage in the last week

The following stable packages were updated or added to portage in the last week

Total categories: 86 (no category added in the last week)

Total packages: 4924 (476 packages added in the last week)

8.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 27 Jun 2003 and 10 Jul 2003, activity on the site has resulted in:

  • 424 new bugs during this period
  • 741 bugs closed or resolved during this period
  • 10 previously closed bugs were reopened this period

Of the 3355 currently open bugs: 72 are labeled 'blocker', 135 are labeled 'critical', and 273 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

9.  Tips and Tricks

Using Screen

This week's tip demonstrates the use of screen which is a "fullscreen window manager that multiplexes a physical terminal between several processes." Practically speaking, this just means you can use screen to start a process in one terminal and check the output in another.

While there are many options to screen (man screen), this example demonstrates starting an emerge on a remote box, and then checking on the process from another machine.

Code Listing 9.1: screen + emerge

    # screen
    # emerge -u mozilla
    (To see the commands in screen use Ctrl-A ?)
    (The following command detaches the screen)
    # Ctrl-A d
    [detached]
  

Now the screen is detached, open another terminal or ssh session and view the available screens with screen -list. To reattach to the screen and check the command's progress, use screen -r.

Code Listing 9.2

    # screen -list
    There is a screen on:
        30901.pts-6.iris        (Detached)
    1 Socket in /var/run/screen/S-david.
    # screen -r
  

This will reattach to the screen and display the output of the emerge command.

10.  Quote/Signature of the week

Our featured signature for this week comes from Christian Herzyk's post to a thread in gentoo-user about a problem with NVidia drivers: "So now I've got all these floppy-sized archive pieces, and I haven't been able to figure out what program I'm supposed to use to concat--er, never mind." - apparently it's an excerpt from a conversation he had with a friend, early in his UNIX odyssey.

11.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

  • none this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Takuto Matsuu(matsuu), cjk
  • Mamoru Komachi(usata), cjk
  • Andrea Barisani(lcars) - infrastructure
  • Tim Haynes(piglet) - infrastructure
  • Corey Shields(cshields) - infrastructure
  • Tim Schafer(srcerer) - exim, dev-java
  • Lisa Marie Seelye(lisa), distcc

Changes

The following developers recently changed roles within the Gentoo Linux project.

  • none this week

12.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

13.  GWN Feedback

Please send us your feedback and help make GWN better.

14.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

15.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 14 July 2003

Summary: This is the Gentoo Weekly Newsletter for the week of July 14th, 2003.

Yuji Carlos Kosugi
Editor

AJ Armstrong
Contributor

Michael Kohl
Contributor

Kurt Lieber
Contributor

Rafael Cordones Marcos
Contributor

David Narayan
Contributor

Gerald J Normandin Jr.
Contributor

Ulrich Plate
Contributor

Peter Sharp
Contributor

Kim Tingkaer
Contributor

Mathy Vanvoorden
Dutch Translation

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Thomas Raschbacher
German Translation

Klaus-J. Wolf
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Christian Apolloni
Italian Translation

Stefano Lucidi
Italian Translation

Yoshiaki Hagihara
Japanese Translation

Katsuyuki Konno
Japanese Translation

Yuji Carlos Kosugi
Japanese Translation

Yasunori Fukudome
Japanese Translation

Takashi Ota
Japanese Translation

Radoslaw Janeczko
Polish Translation

Lukasz Strzygowski
Polish Translation

Michal Drobek
Polish Translation

Adam Lyjak
Polish Translation

Krzysztof Klimonda
Polish Translation

Atila "Jedi" Bohlke Vasconcelos
Portuguese (Brazil) Translation

Eduardo Belloti
Portuguese (Brazil) Translation

João Rafael Moraes Nicola
Portuguese (Brazil) Translation

Marcelo Gonçalves de Azambuja
Portuguese (Brazil) Translation

Otavio Rodolfo Piske
Portuguese (Brazil) Translation

Pablo N. Hess -- NatuNobilis
Portuguese (Brazil) Translation

Pedro de Medeiros
Portuguese (Brazil) Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

José Costa
Portuguese (Portugal) Translation

Luis Medina
Portuguese (Portugal) Translation

Ricardo Loureiro
Portuguese (Portugal) Translation

Sergey Kuleshov
Russian Translator

Dmitry Suzdalev
Russian Translator

Anton Vorovatov
Russian Translator

Lanark
Spanish Translation

Fernando J. Pereda
Spanish Translation

Lluis Peinado Cifuentes
Spanish Translation

Zephryn Xirdal T
Spanish Translation

Guillermo Juarez
Spanish Translation

Jesús García Crespo
Spanish Translation

Carlos Castillo
Spanish Translation

Julio Castillo
Spanish Translation

Sergio Gómez
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.