Figure 1.1: Post counter on forums.gentoo.org, 31 January 2005 at around 20:15 UTC
Gentoo at the Linux World Expo, Boston edition
With just a week to go before the U.S. east coast version of the LWE opens its gates, the Gentoo line-up is complete. Gentoo developers manning the booth will include Mike Frysinger, Chris Gianelloni, Dylan Carlson, Daniel Ostrow, Luke Macken, Jeffrey Forman, Rajiv Aaron Manglani and Chris Aniszczyk, aided by local organiser Andrew Fant who's been busy preparing everything to go smoothly at booth #6 on the exhibition floor at Boston's Hynes Convention Center. Visitors to the Gentoo stand will find Sparcs and x86, and a Mac Mini running Gentoo Linux/PPC among the architectures on display. The exhibition starts on Tuesday 15 February and lasts until Thursday 17, open daily from 10:00 to 17:00 (16:00 on Thursday).
Yet another record for the Gentoo Forums: The 2,000,000th post since the creation of Gentoo's phpBB user support forum was registered last Monday. While dozens of Forum regulars were watching the total post count move up towards the magic number, Naib from Birmingham in the United Kingdom finally hit the submit button at exactly the right time. His post, combining both clarity of expression and snotty Brum poetry, was in reply to someone asking for fullscreen capabilities in terminal programs. Naib's answer, scheduled for immortality: "Ctrl-Alt-F1"
Figure 1.1: Post counter on forums.gentoo.org, 31 January 2005 at around 20:15 UTC |
|
New IRC channel, mailing list for Gentoo media packages
Jan Brinkmann announced two new support platforms for the evergrowing number of packages in Portage dealing with audio and video applications. #gentoo-media is a new channel on irc.freenode.net where media package maintainers congregate, and a new mailing list, gentoo-media@gentoo.org, has also been created to improve the communication between the developers in media related herds. "We also intended to make it easier for desktop users to get in touch with maintainers of software which is related to these herds," says Jan Brinkmann, hoping both the new IRC channel and mailing list will soon become both "popular and populated," especially in view of recruiting additional developers for the understaffed media herds. To subscribe to the mailing list, send a blank email to gentoo-media-subscribe@gentoo.org. If you would like to help with development on sound and video applications, contact Jan Brinkmann directly.
The Gentoo/FreeBSD project officially started in August 2004 as a set of system ebuilds based on FreeBSD 5.2.1 and a portage overlay provided by Grant Goodyear (g2boojum). As the release of FreeBSD 5.3 became imminent, the project slowly ported base system ebuilds to this new version, which is the actual base for our project.
The Gentoo/FreeBSD project, as its name implies, is an effort to have the whole set of Gentoo components running on top of a FreeBSD base system. This means that, for example, instead of having a Linux kernel and GNU LibC, one will have FreeBSD's kernel and FreeBSD's LibC. In addition, the project is also working on porting baselayout to Gentoo/FreeBSD in such a way that makes the management of startup services as easy as in Gentoo Linux.
Although this project is fairly young, a fair amount of progress has been achieved. The most important accomplishments include:
At this moment, we are working on stabilizing the content of source tarballs in such a way that they provide all the reasonable things for their category (system sources tarballs, in Gentoo/FreeBSD are separated by category, like freebsd-lib, freebsd-usbin, etc).
Our efforts with baselayout have mainly been oriented towards getting Gentoo's dependency-based init system working with FreeBSD's userland. Unsurprisingly, certain parts (mainly involving gawk) have been problematic, but we currently have a package that can bring up a functional FreeBSD system, and should allow the initscripts in the main Portage tree to work unchanged. More work is needed to write initscripts for the less common parts of the FreeBSD system, and possibly to update the system to baselayout 1.11 when that becomes stable.
Goals for the immediate future include a set of stages that will be used to install Gentoo/FreeBSD, completion of the baselayout port, and finally, a release.
In a separate effort we are also looking into porting the glibc and GNU userland to the FreeBSD kernel. If you are interested in working on this, contact Dylan Carlson. (see also the post by Robert Millan to the gentoo-dev mailing list referenced below).
Gallery: Cross-site scripting vulnerability
Gallery is vulnerable to cross-site scripting attacks.
For more information, please see the GLSA Announcement
ClamAV contains two vulnerabilities that could lead to Denial of Service and evasion of virus scanning.
For more information, please see the GLSA Announcement
ncpfs: Multiple vulnerabilities
The ncpfs utilities contain multiple flaws, potentially resulting in the remote execution of arbitrary code or local file access with elevated privileges.
For more information, please see the GLSA Announcement
FireHOL: Insecure temporary file creation
FireHOL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
For more information, please see the GLSA Announcement
UW IMAP: CRAM-MD5 authentication bypass
UW IMAP contains a vulnerability in the code handling CRAM-MD5 authentication allowing authentication bypass.
For more information, please see the GLSA Announcement
enscript: Multiple vulnerabilities
enscript suffers from vulnerabilities and design flaws, potentially resulting in the execution of arbitrary code.
For more information, please see the GLSA Announcement
Squid: Multiple vulnerabilities
Squid contains vulnerabilities in the code handling WCCP, HTTP and LDAP which could lead to Denial of Service, access control bypass, web cache and log poisoning.
For more information, please see the GLSA Announcement
Newspost: Buffer overflow vulnerability
A buffer overflow can be exploited to crash Newspost remotely and potentially execute arbitrary code.
For more information, please see the GLSA Announcement
LessTif: Multiple vulnerabilities in libXpm
Multiple vulnerabilities have been discovered in libXpm, which is included in LessTif, that can potentially lead to remote code execution.
For more information, please see the GLSA Announcement
Gentoo/kFreeBSD
Visiting Debian developer Robert Millan posted to announce his work on porting the glibc and GNU userland to the FreeBSD kernel: "I started from the existing Gentoo FreeBSD system and gradually migrated it to Glibc."
GWN independence?
Grant Goodyear tries to come to terms with the status of the Gentoo Weekly Newsletter: "Is the GWN an official Gentoo newsletter that promotes Gentoo, or is it a quasi-independent newsletter that is free to criticize as well as evangelize?" How much influence should developers have on its content?
Proper if/else blocks in bash
Once again, Ciaran McCreesh gives some important info on bash syntax. This should be especially interesting for those among you that contribute ebuilds. Also, he does not point us at the not existing draft of the doc which, if it existed, would be a good ressource for all ebuild questions.
gcc-4 support in Gentoo
For all Gentooists who like new and shiny toys, Jeremy Huddleston has added gcc-4 ebuilds to portage. They are masked at the moment and totally unsupported, so if you wish to use them it's at your own risk! First reports are quite mixed, from random segfaults to flawless working everything seems to be possible. Enjoy!
autotools confusion
Some time ago, the autoconf / automake / libtool ebuilds were modified. Many users now complain that portage wants to install all available versions, but as Mike Frysinger explains: "The old ebuilds (autoconf-2.59-r5 / automake-1.8.5-r1 / libtool-1.5.2-r7) actually downloaded and installed multiple versions of each package. You thought you had just one autoconf, but boy oh boy were you wrong !"
Germany: Oberhausen GUM on Friday 11 February
Oberhausen, home to the "Friends of Gentoo e.V." and several active developers, is again the venue for a Gentoo User Meeting at the Gasthof Harlos, itself on the way to become an institution in the German Gentoo microcosmos. This week, preparations for the FOSDEM conference in Belgium later this month are on the agenda, as is the notorious Schnitzelplatte, a copious amount of meat traditionally served at Oberhausen GUMs. The organisers are also trying to bring one of the used Sun Blade 100 that have been bought recently by several German developers from a Swiss university to the meeting, which is going to take place on 11 February, starting at around 19:00 CET.
The German Linux Magazin carries an article by Gentoo developer Michael Kohl in its latest number. Michael explains the catalyst release engineering tool and the release process for Gentoo Linux on three pages full of interesting details, mentioning examples for using catalyst to create variant LiveCDs like the German "Fizzle Wizzle" release that includes a complete KDE environment running Knoppix-like from the CD without the need to install on the harddisk. The printed magazine is available at newsstands in Germany since Thursday last week, and also includes an additional Gentoo installation rundown by editor Oliver Frommel.
David Berlind's blog (31 January 2005)
CNET columnist David Berlind posted a clarification to his earlier article on Gentoo and OpenSolaris we referenced last week. In his new article "Gentoo: We're not the Napster of Open Source" he quotes from mails going back and forth between Gentoo developer Pieter Van den Abeele and himself, acknowledging that "the folks at Gentoo are disputing my characterization of their Portaris and Portage technologies as being Napster-like facilitators that can grease the wheels of open source license violation."
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 31 January 2005 and 07 February 2005, activity on the site has resulted in:
Of the 8006 currently open bugs: 105 are labeled 'blocker', 245 are labeled 'critical', and 601 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
11. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: