Gentoo Logo

Gentoo Weekly Newsletter: January 24, 2005

Content:

1.  Gentoo News

Gentoo/OpenSolaris

Only few hours ahead of the first of many components of the complete Solaris source code being publicly released under Sun's brand new, OSI-approved CDDL open-source license, Gentoo is pleased to announce plans to add OpenSolaris support to Portage. Gentoo Senior Manager and OpenSolaris pilot program participant, Pieter Van den Abeele, has been working closely with Sun's management, legal and engineering teams to prepare this move. Gentoo will be leveraging the hard work of long-time Solaris users and Gentoo Developers-in-training Sunil Kumar and Jason Wohlgemuth, whose "Portaris" project has been running on top of Solaris 9 and 10 builds for quite a while already.


Figure 1.1: OpenSolaris + Looking Glass - an interesting alternative for the open-source desktop market

Fig. 1: Looking Glass

With "Sun going back to its roots by open-sourcing the code," Pieter expects OpenSolaris to have a huge impact on the open-source market. "With their service and support network and their expertise, they can redefine at least part of the open-source landscape in the enterprise," says Pieter. And he expects Gentoo to become an important factor for OpenSolaris' success: "We're able to build on prior experience with Gentoo ports to non-Linux operating systems, we've had the technology preview of Gentoo for Mac OS X, we've got developers working full-time on Opendarwin support, and we're well out of the starting blocks for the race to Gentoo-ified BSD kernels and userland applications," he says. "But even I wasn't quite prepared for my Sparc booting with a Gentoo bootsplash," laughs Pieter.

The unofficial Portaris or "Portage for Solaris" project has been maintaining Gentoo's package management system on top of Solaris 9 and 10 systems. Its two biggest contributors, Sunil Kumar and Jason Wohlgemuth (who, like Pieter, is a member of Sun's pilot program for open-sourcing Solaris), have invested a tremendous amount of their time in this project, culminating in a veritable installer for Solaris that has been available to a small, knowledgeable Solaris user community for several months already.

New kernel profiles for 2005.0

In view of the 2005.0 release date, the Gentoo developers on the kernel team have been working very hard amalgamating the sources in the Portage tree. Since the 2.6 kernel tree will become the default for all supported architectures except Sparc, the separate kernel categories in Portage are being abolished and replaced by the same generic names formerly used for the 2.4 versions of the same sources. This is the first time that the new "cascading profiles" feature in Portage has been used to manage the dependancy requirements of a package. In essence, this means that the same package - say, gentoo-sources - will automatically decide whether its 2.6 or 2.4 version is being requested, based on the specifications in the chosen sub-profile. By linking /etc/make.profile to either the 2.4 or 2.6 subprofile (whichever may exist for your profile) in /usr/portage/profiles/default-[OS]/[arch]/2005.0/, you can choose which one you want as your personal default, while the other version will be masked. If you don't choose a subprofile, 2.6 will automatically become the default, where applicable.

"If you're currently still running 2.4 kernels, but don't care all that much about staying, this would be a perfect moment to switch," suggests Gentoo kernel dev John Mylchreest. "We do recommend switching to 2.6 wherever possible, and you can catch up on what's involved by reading our kernel migration guide." Sparc being the only architecture with a number of unresolved issues preventing a move to 2.6 as default, the newer version will become the standard for virtually everybody else. Users with any of the following kernel sources currently installed on their systems need to be aware that these are going to be removed at the same time as the 2005.0 release. Their replacements are also listed:

  • development-sources will become vanilla-sources
  • gentoo-dev-sources will become gentoo-sources
  • rsbac-dev-sources will become rsbac-sources
  • hardened-dev-sources will become hardened-sources

The switch is going to be automatic for users who follow a steady rsync and emerge world diet. When the next version of their kernel sources becomes available, an emerge --update will pull in the source tarball under its new name, and update accordingly. While the Gentoo kernel team recommends switching, this also works for users with specific reasons to keep their 2.4 series: They just have to make sure they link to a 2.4 subprofile, and emerge --update for them will consequently only fetch and install newer versions in the 2.4 tree, not 2.6.

The move on to the new profile that sets 2.6 by default will involve changing from the old linux26-headers to linux-headers at the same time. An emerge glibc - or emerge system - may be a good idea at that point.

Except for the pegasos-dev-sources that have already been moved topegasos-sources, the changeover will occur at the same time as the 2005.0 release. More detailed information, including specific instructions for linking /etc/make.profile to the right subprofile will be made available at that time.

Genesi Open Desktop Workstation sales - Gentoo Linux pre-installed

From 1 March 2005, Luxembourg-based Genesi will start selling their Open Desktop Workstation in a configuration with Gentoo Linux pre-installed - for a price of $999 USD, ten percent of which will be donated to the Gentoo Foundation! Bill Buck, General Manager of Genesi, explains the new sponsoring deal: "For every workstation we sell thanks to a referral from Gentoo's website, we'll donate 100 USD to the Foundation." As many Gentoo users have been looking for attractive opportunities to support Gentoo financially, sales are expected to soar now that the ODWs are clearly benefitting the project as a whole. Moreover, Genesi is offering their Gentoo-ified models at a considerable rebate compared to their own standard offers of desktop and server configurations for $1399 and $1799 USD.


Figure 1.2: Open Desktop Workstations with Gentoo Linux/PPC, shipping soon!

Fig. 2: ODW

The Open Desktop Workstation is configured as follows:

  • Pegasos II with 1GHz G4 processor
  • 256MB of PC2100 DDR RAM
  • CDRW drive
  • 40GB ATA100 Hard Disk
  • Radeon 9200SE 128MB AGP Graphics with DVI, VGA, and TV-Out
  • Low profile small footprint case - tower or desktop orientation

Thirteen of these ODWs had previously been donated to Gentoo developers for thorough testing and feature development, and consequently Gentoo fully supports the PegasosPPC. The pre-installed version is based on the 2004.3 release of Gentoo Linux/PPC.

Pre-ordering is available right away. Sales will begin on 1 March 2005 - detailed information about how to order will be sent to everyone expressing interest. To be alerted when orders for the ODWs with Gentoo Linux can be placed, send a message to odw@gentoo.org.

Rumour confirmed - Gentoo first to run on Mac Mini!

Gentoo/PPC developer Daniel Ostrow has succeeded in bringing the Mac Mini into the family of Gentoo supported PowerPC based machines. The system will be fully supported by 2005.0 and boots cleanly using 2004.3.


Figure 1.3: Fresh out of the box, running Gentoo Linux/PPC: Apple's new Mac Mini

Fig. 3: Mac Mini

The next step will be getting the attached 20" display to behave under X. The machine will be on display at the Gentoo booth at Linux World Expo - Boston edition on 12 to 14 February, and FOSDEM in Brussels later that month.

2.  Future Zone

Renovating the Forums - phpBB brush-up and other changes

Something's afoot in the Forums, and we asked one of the admins, Christian Hartmann (ian), what was going on. The following interview sheds some light on what we can expect to happen in the very near future:

Q: The Forums footer says: Powered by phpBB 2.0.x © 2001, 2002 phpBB Group. What version are we actually using at the moment?

A: At the moment we are using a heavily patched version of the phpBB 2.0 branch. All security related bugs have been patched. Furthermore we applied some performance tweaks and other modifications.

Q: Why aren't you just using a vanilla phpBB 2.0.11 instead?

A: That's a very frequently asked question. First of all we will indeed switch to the latest stable phpBB release soon. Backporting all the patches we applied to their 2.0.x codebase will almost be done by the time you read this.

Q: What about all the feature requests in Gentoo Forums Feedback?

A: We look at every post in Gentoo Forums Feedback and know exactly what our users demand. After installing the new forums software we will have a look at implementing a lot of new and exciting stuff. Expect a period where we'll have something new almost every week...

Q: Does that mean that you will also make use of mods?

A: Exactly! That is one of the reasons why we are switching to the latest phpBB release. This will make adding modifications much easier.

Q: Adding modifications to the forums were a "no-no" for a long time. Whatmade you change your mind?

A: Gentoo is project based entirely on the work of volunteers, and so is its Infrastructure team. We just didn't have the resources to do any of the more sophisticated things. Now that we do, it was about time we changed our policy and started working on it.

Q: Talking about modifications and additions, what can we expect to see?

A: We'll have to move the forums web service to a different server soon, and we'll start making use of the new forums software when switching to that new server. The user hopefully will not even realize that we switched to different software. It will be mostly the same as it is now, just with a clean codebase, and with some of the earlier itches like the search bug ironed out. More corrections will be made to the language packs, and after that we will add two more forums, one each for our Turkish and our Arab users. There's a lot more on our todo-list, but we can talk about those additions once we're done with the first batch.

3.  Gentoo security

Squid: Multiple vulnerabilities

Squid contains vulnerabilities in the the code handling NTLM (NT Lan Manager), Gopher to HTML and WCCP (Web Cache Communication Protocol) which could lead to denial of service and arbitrary code execution.

For more information, please see the GLSA Announcement

ImageMagick: PSD decoding heap overflow

ImageMagick is vulnerable to a heap overflow when decoding Photoshop Document (PSD) files, which could lead to arbitrary code execution.

For more information, please see the GLSA Announcement

Ethereal: Multiple vulnerabilities

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

For more information, please see the GLSA Announcement

Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2

A stack overflow was discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issue.

For more information, please see the GLSA Announcement

Mailman: Cross-site scripting vulnerability

Mailman is vulnerable to cross-site scripting attacks.

For more information, please see the GLSA Announcement

CUPS: Stack overflow in included Xpdf code

CUPS includes Xpdf code and therefore is vulnerable to the recent stack overflow issue, potentially resulting in the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

teTeX, pTeX, CSTeX: Multiple vulnerabilities

teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which may allow the remote execution of arbitrary code. Furthermore, the xdvizilla script is vulnerable to temporary file handling issues.

For more information, please see the GLSA Announcement

KPdf, KOffice: Stack overflow in included Xpdf code

KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code.

For more information, please see the GLSA Announcement

MySQL: Insecure temporary file creation

MySQL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

4.  Gentoo International

Belgium: Gentoo Developer Meeting at FOSDEM (26-27 February)

Gentoo will again be present at FOSDEM in Brussels, the annual non-commercial Free and Open Source Software Developers' European Meeting. It will take place at the Université Libre de Bruxelles on the weekend of 26 and 27 February. The Gentoo community will be represented by more than 25 developers from Belgium, the Netherlands, France, Germany, Denmark, Spain, Italy, and even the U.S. This time we have our own Developers' Room, an amphitheatre with 59 seats, open on Saturday and Sunday.

A full schedule of presentations has been set up by Gentoo's Fosdem organizer for the Developers' room, Lars Weiler. In addition to this, one of Gentoo's portage developers, Marius Mauch, will give a presentation about portage as part Fosdem's main track.

As usual we will also show hardware which is supported by Gentoo, like Genesi's PegasosPPC, an UltraSparc and an SGI Octane. Several MacMinis are also expected to get thrown in the mix. Gentoo LiveCDs will be available for purchase at FOSDEM.

USA: CPLUG Security Conference (5 March)

Central PA Linux Users Group will be hosting a Security Conference at Messiah College near Harrisburg, Pennsylvania, on 5 March 2005. The all-day event will feature several speakers covering topics with a technical focus on Linux-related networking and security, including Gentoo Hardened developer Brandon Hale who will make a presentation on "Advanced Memory Protections with Linux". Registrations have already started and accomodation is provided by the organizers upon request. Admission to the event is $5 USD, including lunch.

5.  Gentoo in the press

Wildlife Photographer of the Year 2004

Gentoos are "busily coming and going, squabbling and fighting, raucously greeting each other," and - before you start thinking we're reporting from a developer conference here - "stealing stones from their neighbours' nests." Nah, we'd never do that, of course. Swedish photographer Lars-Olof Johansson received a "Highly commended" mention at the BBC Wildlife Magazine's and The Natural History Museum's "Wildlife Photographer of the Year" contest, for his extraordinarily intimate shot of two Gentoo chicks and their mother. Disclaimer: We don't do that, either...

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 16 January 2005 and 23 January 2005, activity on the site has resulted in:

  • 990 new bugs during this period
  • 546 bugs closed or resolved during this period
  • 35 previously closed bugs were reopened this period

Of the 7976 currently open bugs: 109 are labeled 'blocker', 230 are labeled 'critical', and 593 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  Tips and Tricks

Watching logfiles on your desktop: root-tail

A good sysadmin should be able to take care of what's going on his system at any time. To keep up with what's going on it would be best to see the logfiles just scrolling by on the desktop, but most utilities, like tail -f, cannot handle more than one file at a time. Moreover, it's a little tricky to configure a terminal so that it becomes borderless and transparent.

Enter x11-terms/root-tail. This handy utility opens a window on your desktop and lets you look at any given logfile's entries as they're made. There is only one problem: Most modern Window Managers occupy the desktop and show a background-image on it. But there are workarounds, and one (for xfce4) is shown here:

Code Listing 7.1: Script for starting root-tail in xfce4

#!/bin/bash
deskid=`xwininfo -int -name 'Desktop' | grep 'Desktop' | awk -F' ' '{ print $4 }';`
root-tail -g 900x150+50+575 -font 6x10 -outline -minspace -id ${deskid} -f \
   /var/log/emerge.log,yellow \
   /var/log/messages,lightblue

This script will find out the PID of xfce4's desktop-process, then fork root-tail into the background with a given size, place and font upon the desktop where the ID is now known, and will show two logfiles, printing messages in different colours. Bear in mind that if you are using a localized environemnt, Desktop could be named differently, of course.

8.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Fernando J. Pereda (ferdy) - net-mail

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated January 24, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 24 January 2005.

Ulrich Plate
Editor

AJ Armstrong
Author

Christian Hartmann
Author

Patrick Lauer
Author

Daniel Ostrow
Author

Lars Weiler
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.