Gentoo Logo

Gentoo Weekly Newsletter: February 7th, 2005

Content:

1.  Gentoo News

Gentoo at the Linux World Expo, Boston edition

With just a week to go before the U.S. east coast version of the LWE opens its gates, the Gentoo line-up is complete. Gentoo developers manning the booth will include Mike Frysinger, Chris Gianelloni, Dylan Carlson, Daniel Ostrow, Luke Macken, Jeffrey Forman, Rajiv Aaron Manglani and Chris Aniszczyk, aided by local organiser Andrew Fant who's been busy preparing everything to go smoothly at booth #6 on the exhibition floor at Boston's Hynes Convention Center. Visitors to the Gentoo stand will find Sparcs and x86, and a Mac Mini running Gentoo Linux/PPC among the architectures on display. The exhibition starts on Tuesday 15 February and lasts until Thursday 17, open daily from 10:00 to 17:00 (16:00 on Thursday).

Two million posts

Yet another record for the Gentoo Forums: The 2,000,000th post since the creation of Gentoo's phpBB user support forum was registered last Monday. While dozens of Forum regulars were watching the total post count move up towards the magic number, Naib from Birmingham in the United Kingdom finally hit the submit button at exactly the right time. His post, combining both clarity of expression and snotty Brum poetry, was in reply to someone asking for fullscreen capabilities in terminal programs. Naib's answer, scheduled for immortality: "Ctrl-Alt-F1"


Figure 1.1: Post counter on forums.gentoo.org, 31 January 2005 at around 20:15 UTC

Fig. 1: 2Mposts

New IRC channel, mailing list for Gentoo media packages

Jan Brinkmann announced two new support platforms for the evergrowing number of packages in Portage dealing with audio and video applications. #gentoo-media is a new channel on irc.freenode.net where media package maintainers congregate, and a new mailing list, gentoo-media@gentoo.org, has also been created to improve the communication between the developers in media related herds. "We also intended to make it easier for desktop users to get in touch with maintainers of software which is related to these herds," says Jan Brinkmann, hoping both the new IRC channel and mailing list will soon become both "popular and populated," especially in view of recruiting additional developers for the understaffed media herds. To subscribe to the mailing list, send a blank email to gentoo-media-subscribe@gentoo.org. If you would like to help with development on sound and video applications, contact Jan Brinkmann directly.

2.  Future Zone

Gentoo/FreeBSD

The Gentoo/FreeBSD project officially started in August 2004 as a set of system ebuilds based on FreeBSD 5.2.1 and a portage overlay provided by Grant Goodyear (g2boojum). As the release of FreeBSD 5.3 became imminent, the project slowly ported base system ebuilds to this new version, which is the actual base for our project.

The Gentoo/FreeBSD project, as its name implies, is an effort to have the whole set of Gentoo components running on top of a FreeBSD base system. This means that, for example, instead of having a Linux kernel and GNU LibC, one will have FreeBSD's kernel and FreeBSD's LibC. In addition, the project is also working on porting baselayout to Gentoo/FreeBSD in such a way that makes the management of startup services as easy as in Gentoo Linux.

Although this project is fairly young, a fair amount of progress has been achieved. The most important accomplishments include:

  • Portage now runs without needing to be patched.
  • the set of ebuilds that downloads and install specific FreeBSD system packages is now almost stable and the process of building it is, in general, painless.
  • we have defined a system profile as well as some non-FreeBSD packages that should be available.

At this moment, we are working on stabilizing the content of source tarballs in such a way that they provide all the reasonable things for their category (system sources tarballs, in Gentoo/FreeBSD are separated by category, like freebsd-lib, freebsd-usbin, etc).

Our efforts with baselayout have mainly been oriented towards getting Gentoo's dependency-based init system working with FreeBSD's userland. Unsurprisingly, certain parts (mainly involving gawk) have been problematic, but we currently have a package that can bring up a functional FreeBSD system, and should allow the initscripts in the main Portage tree to work unchanged. More work is needed to write initscripts for the less common parts of the FreeBSD system, and possibly to update the system to baselayout 1.11 when that becomes stable.

Goals for the immediate future include a set of stages that will be used to install Gentoo/FreeBSD, completion of the baselayout port, and finally, a release.

In a separate effort we are also looking into porting the glibc and GNU userland to the FreeBSD kernel. If you are interested in working on this, contact Dylan Carlson. (see also the post by Robert Millan to the gentoo-dev mailing list referenced below).

3.  Gentoo security

Gallery: Cross-site scripting vulnerability

Gallery is vulnerable to cross-site scripting attacks.

For more information, please see the GLSA Announcement

ClamAV: Multiple issues

ClamAV contains two vulnerabilities that could lead to Denial of Service and evasion of virus scanning.

For more information, please see the GLSA Announcement

ncpfs: Multiple vulnerabilities

The ncpfs utilities contain multiple flaws, potentially resulting in the remote execution of arbitrary code or local file access with elevated privileges.

For more information, please see the GLSA Announcement

FireHOL: Insecure temporary file creation

FireHOL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

UW IMAP: CRAM-MD5 authentication bypass

UW IMAP contains a vulnerability in the code handling CRAM-MD5 authentication allowing authentication bypass.

For more information, please see the GLSA Announcement

enscript: Multiple vulnerabilities

enscript suffers from vulnerabilities and design flaws, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

Squid: Multiple vulnerabilities

Squid contains vulnerabilities in the code handling WCCP, HTTP and LDAP which could lead to Denial of Service, access control bypass, web cache and log poisoning.

For more information, please see the GLSA Announcement

Newspost: Buffer overflow vulnerability

A buffer overflow can be exploited to crash Newspost remotely and potentially execute arbitrary code.

For more information, please see the GLSA Announcement

LessTif: Multiple vulnerabilities in libXpm

Multiple vulnerabilities have been discovered in libXpm, which is included in LessTif, that can potentially lead to remote code execution.

For more information, please see the GLSA Announcement

4.  Heard in the community

gentoo-dev

Gentoo/kFreeBSD

Visiting Debian developer Robert Millan posted to announce his work on porting the glibc and GNU userland to the FreeBSD kernel: "I started from the existing Gentoo FreeBSD system and gradually migrated it to Glibc."

GWN independence?

Grant Goodyear tries to come to terms with the status of the Gentoo Weekly Newsletter: "Is the GWN an official Gentoo newsletter that promotes Gentoo, or is it a quasi-independent newsletter that is free to criticize as well as evangelize?" How much influence should developers have on its content?

Proper if/else blocks in bash

Once again, Ciaran McCreesh gives some important info on bash syntax. This should be especially interesting for those among you that contribute ebuilds. Also, he does not point us at the not existing draft of the doc which, if it existed, would be a good ressource for all ebuild questions.

gcc-4 support in Gentoo

For all Gentooists who like new and shiny toys, Jeremy Huddleston has added gcc-4 ebuilds to portage. They are masked at the moment and totally unsupported, so if you wish to use them it's at your own risk! First reports are quite mixed, from random segfaults to flawless working everything seems to be possible. Enjoy!

autotools confusion

Some time ago, the autoconf / automake / libtool ebuilds were modified. Many users now complain that portage wants to install all available versions, but as Mike Frysinger explains: "The old ebuilds (autoconf-2.59-r5 / automake-1.8.5-r1 / libtool-1.5.2-r7) actually downloaded and installed multiple versions of each package. You thought you had just one autoconf, but boy oh boy were you wrong !"

5.  Gentoo International

Germany: Oberhausen GUM on Friday 11 February

Oberhausen, home to the "Friends of Gentoo e.V." and several active developers, is again the venue for a Gentoo User Meeting at the Gasthof Harlos, itself on the way to become an institution in the German Gentoo microcosmos. This week, preparations for the FOSDEM conference in Belgium later this month are on the agenda, as is the notorious Schnitzelplatte, a copious amount of meat traditionally served at Oberhausen GUMs. The organisers are also trying to bring one of the used Sun Blade 100 that have been bought recently by several German developers from a Swiss university to the meeting, which is going to take place on 11 February, starting at around 19:00 CET.

6.  Gentoo in the press

Linux Magazin (Issue 3/2005)

The German Linux Magazin carries an article by Gentoo developer Michael Kohl in its latest number. Michael explains the catalyst release engineering tool and the release process for Gentoo Linux on three pages full of interesting details, mentioning examples for using catalyst to create variant LiveCDs like the German "Fizzle Wizzle" release that includes a complete KDE environment running Knoppix-like from the CD without the need to install on the harddisk. The printed magazine is available at newsstands in Germany since Thursday last week, and also includes an additional Gentoo installation rundown by editor Oliver Frommel.

David Berlind's blog (31 January 2005)

CNET columnist David Berlind posted a clarification to his earlier article on Gentoo and OpenSolaris we referenced last week. In his new article "Gentoo: We're not the Napster of Open Source" he quotes from mails going back and forth between Gentoo developer Pieter Van den Abeele and himself, acknowledging that "the folks at Gentoo are disputing my characterization of their Portaris and Portage technologies as being Napster-like facilitators that can grease the wheels of open source license violation."

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 31 January 2005 and 07 February 2005, activity on the site has resulted in:

  • 875 new bugs during this period
  • 661 bugs closed or resolved during this period
  • 28 previously closed bugs were reopened this period

Of the 8006 currently open bugs: 105 are labeled 'blocker', 245 are labeled 'critical', and 601 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • Alexander Gabert
  • Andrew Bevitt (temporary leave)

Adds

The following developers recently joined the Gentoo Linux team:

  • Stefano Rossi (so) - Documentation
  • Andreas Pokorny (DieMumiee) - AMD64
  • Shigehiro Idani (idani) - Japanese translation

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • Chris Gianelloni (wolf31o2) - Changed from Release Engineering Operational to Strategic Lead
  • Tim Yamin (plasmaroo) - New Release Engineering Operational Lead

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated February 7, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 7 February 2005.

Ulrich Plate
Editor

Stephen Bennett
Author

Dylan Carlson
Author

Patrick Lauer
Author

Otavio R. Piske
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.