Gentoo Weekly Newsletter: April 18th, 2005

1. Gentoo News

Shyam Mani's excellent "USB Guide" for Gentoo Linux is among the highlighted additions to the ever-growing collection of in-house documentation, which also includes a paper on configuring Fluxbox this month. Complementing the existing Gnome and KDE documentation, this new Fluxbox window manager configuration aide was written by Jonathan Smith.

Meanwhile, an announcement in the "Gentoo on Sparc" section of the Gentoo Forums points to recently added documentation for Gentoo Linux on Sun hardware. Ciaran McCreesh, Todd Sunderlin and Colin Morey have written the guides that should improve both installation and usability of Gentoo Linux on Sparcs:

2005.0 aftermath releng meeting

On Thursday 14 April the Gentoo Releng Team had a meeting to discuss the good and bad things during the 2005.0 release and find new strategies for the next release. First the good things should be named, like building a CD that works well on a lot of systems and architectures, what was caused by not rushing the release, so that we had time to fix bugs. One part of the release that first went wrong was communication, but with the security-rebuilding communication improved a lot and the different arches worked pretty well together with the Release Management. And now to the bad things: We had that big delay of the release with more than six weeks after the first discussed release date. Then there were some md5sums which were not up to date with the LiveCDs, the announcement of the Release through our PR-team has not been covered well, the Handbook has now several updates which are not in the offline-version on the CD itself and finally the community didn't accepted the pre-orders by the store.

In order to resolve the issues, several strategies have been discussed. So the Release-team will make better use of the devwiki (devwiki means, that it is for developers only), where we will place our documention for the Release and create a Release-checklist, where every arch can note, which step has been passed. Every arch should build a testing LiveCD that will hit the mirrors in the experimental branch, so that users with special hardware can test new improvements and tell us about them in bug-reports. Common profiles and scripts should make the different arche's LiveCDs more similary, so that users can find the same utilities on every kind of LiveCD. And finally we want to do a better PR-work for the next release.

As a last point the next release date has been discussed. We don't want to force it on a special date, as we want to release a LiveCD without major bugs, although the 2005.1 release should be just a refresh of the 2005.0 release with newer software and less bugs. XLiveCDs with the Installer included are in discussion, but not mandatory for the next Release. The release date will be about late July or August.

New official Gentoo IRC channels

Two new Gentoo IRC channels were recently added to the Gentoo IRC channel list:

#gentoo-netmon: Network Monitoring Packages
#gentoo-voip: Voice over IP related Discussion

2. Future Zone

Luminocity X-LiveDVD for PPC released

Note: It started harmlessly as a development project for automatic X configuration by the Gentoo/PPC team. All they wanted back then was to showcase the new configurator in a couple of X-enabled LiveCDs. But what Pieter Van den Abeele did release last week went more than just slightly beyond the initial scope of the project...

A Gentoo-based PowerPC Altivec-Optimized LiveDVD with a long feature list has been released last week. It runs on Genesi's PegasosPPC Open Desktop Workstations, and its most unique feature is probably Luminocity, an OpenGL-based experimental window manager technology testbed. The medium allows you to try out Luminocity without having to compile or install any experimental software from the Gnome CVS repository. But the 1.8GB DVD is jock-full of other exciting features, too:

Smartcard integration: Gentoo sponsor company Genesi Inc. donated a number of smartcard readers, complete with media, cards . The LiveDVD supports authentication via smartcard for users to try it out, without the need to personalize the card at first -- to be done later, using opensc.
GRID support: Sun Grid Engine 6 (SGE) core ported to PowerPC, Apple's XGRID engine agent and standalone LAM-MPI, PVM libraries. These features enable users to develop their own grid-enabled applications.
Eclipse SDK: Much in demand, finally available from disk.
Video conferencing: Compatible with QuickCam webcams from Logitech, cross-platform audio and video conferencing that even works with Microsoft's "net-meeting" is available directly from the LiveDVD.
3D desktop switching: OpenGL technology to make use of 3D graphics features, including three-dimensional window managers.
Text to Speech, Blender, Ardour, and many more...
And last but not least, Gentoo's version of Xautoconfig on Apple machines

Figure 2.1: Gentoo LiveCD/DVD image asking for smartcard authentication

The Luminocity X-LiveDVD is available via bittorrent.

3. Heard in the community

Web forums

Search sucketh less

Tom Knight spent ample time improving the search function of the Forums, concerning both speed and selection criteria. Apart from getting results faster than before, the default settings of a search now exclude the entire Off The Wall section, the dustbin and all international forums, a feature that had been requested by many users, and since a long time. As an unpleasant side effect, searching for posts by specific users also excluded the same forums -- a few complaints and even fewer hours later, tomk had fixed this issue, too.

New search function

Return of the avatars

Avatars not belonging to the default gallery of the forums were recently disabled due to a vulnerability in php. While some users already feared they would never come back, the avatars were actually reinstalled after less than a day.

[solved]No more avatars?

4. Gentoo in the press

InternetNews.com (14 April 2005)

Last week InternetNews published an article titled "Non-Commercial Linux Use on The Rise", reporting that "new data released this week from research firm Evans Data indicates non-commercial Linux distribution use has passed the inflection point and is now more widely used by developers than commercial Linux distributions." Counting Gentoo Linux among those worth mentioning as examples for community distributions that have left RedHat and SuSE behind as preferred platforms for development, author Sean Michael Kerner quotes the research firm to explain why Gentoo et al. are more popular with developers than their commercial cousins: "As the general knowledge base of Linux has increased, developers are less reliant on formal models of support.", states the study by Evans Data.

PC Inpact (13 April 2005, in French)

A complete guide to installation and usage of a popular first-person shooter game for Linux, World of Warcraft, has been published by French "mégazine" PC Inpact in an article published last week. Interesting to note: Much of the content of the guide has been taken from the Gentoo Forums, which are credited in the article as one of its major sources.

5. Tips and tricks

Bootup with the Gentoo 2005.0 logo

When you boot from the 2005.0 LiveCD you see an awesome Gentoo bootlogo and progress-bar -- and you wish you could impress your friends with it during your usual bootup? Here we go:

Note: splashutils only work on x86 and amd64 architectures perfectly at the moment. Support for ppc is in progress.

First of all, we need to emerge splashutils and splash-themes-livecd:

Code Listing 5.1: emerge splashutils and splash-themes-livecd

# emerge splash-themes-livecd
splashutils is a dependency of splash-themes-livecd

Now we have to create an initial boot-disk. You are free to change the resolution to your choice, but choose one that is available as a config file in /etc/splash/livecd-2005.0/:

Code Listing 5.2: Creation of an initrd with the 2005.0-splash

Be sure that /boot is mounted before you call the command
# splash_geninitramfs -v -g /boot/splash-livecd-2005.0-1024x768 \
  -r 1024x768 livecd-2005.0

Check your kernel-config to make sure that "Initial RAM disk (initrd) support" is built in. You can find the option in "Device Drivers" --> "Block devices" --> "RAM disk support". Furthermore check that you are using an appropriate framebuffer for your video-card ("Graphics Support") or stick with the VESA-framebuffer. Usually splashutils should do the checks during the emerge-progress, but we want to be sure. Now tell your bootloader that it should load the initrd with the 2005.0-splash:

Code Listing 5.3: Configure the bootloader

# nano -w /boot/grub/menu.lst
First change your kernel-boot-line to something like this (depends on
your used framebuffer and further kernel-parameters):
kernel /boot/kernel-2.6.11-r6 root=/dev/hda3 video=vesafb:1024x768-32@72
  splash=silent,theme:livecd-2005.0 quiet CONSOLE=/dev/tty1
You must use more than 8bpp (in this example it is 32,
specified by 1024x768-32@72).

Add the following line to your kernel-config:
initrd /boot/splash-livecd-2005.0-1024x768

Now we have that nice bootup-splash installed. Finally we want a permanent Gentoo statusbar at the bottom of our terminal-session, like on the LiveCD. Therefore we have to change the default theme in /etc/splash:

Code Listing 5.4: Change the default splash

# cd /etc/splash
# rm default
# ln -s livecd-2005.0 default

This splash should be started after bootup has finished:

Code Listing 5.5: Add splash to the default runlevel

# rc-update add splash default

If you want to finetune the splash-theme, you should have a look at /etc/conf.d/splash. Happy Gentooing!

Thanks to Michael Januszewski for his work on splashutils and Nicholas D. Wolfwood for the 2005.0-theme.

6. Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

None this week

Adds

The following developers recently joined the Gentoo Linux team:

Harald van Dĳk (truedfx) - Portage
Vibhav Garg (vgarg) - Java
Diego Pettenò (Flameeyes) - FreeBSD, AMD64, video

Changes

The following developers recently changed roles within the Gentoo Linux project:

Nicholas Jones (carpaski) - Left the Portage team (and its lead position)
Marius Mauch (genone) - New Portage co-lead
Brian Harring (ferringb) - New Portage co-lead
Jason Stubbs (jstubbs) - New Portage co-lead

7. Gentoo security

phpMyAdmin: Cross-site scripting vulnerability

phpMyAdmin is vulnerable to a cross-site scripting attack.

For more information, please see the GLSA Announcement

Axel: Vulnerability in HTTP redirection handling

A buffer overflow vulnerability has been found in Axel which could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

Gld: Remote execution of arbitrary code

Gld contains several serious vulnerabilities, potentially resulting in the execution of arbitrary code as the root user.

For more information, please see the GLSA Announcement

JunkBuster: Multiple vulnerabilities

JunkBuster is vulnerable to a heap corruption vulnerability, and under certain configurations may allow an attacker to modify settings.

For more information, please see the GLSA Announcement

rsnapshot: Local privilege escalation

rsnapshot allows a local user to take ownership of local files, resulting in privilege escalation.

For more information, please see the GLSA Announcement

OpenOffice.Org: DOC document Heap Overflow

OpenOffice.Org is vulnerable to a heap overflow when processing DOC documents, which could lead to arbitrary code execution.

For more information, please see the GLSA Announcement

monkeyd: Multiple vulnerabilities

Format string and Denial of Service vulnerabilities have been discovered in the monkeyd HTTP server, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

PHP: Multiple vulnerabilities

Several vulnerabilities were found and fixed in PHP image handling functions, potentially resulting in Denial of Service conditions or the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

8. Bugzilla

Summary

Statistics
Closed bug ranking
New bug rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 10 April 2005 and 17 April 2005, activity on the site has resulted in:

835 new bugs during this period
436 bugs closed or resolved during this period
27 previously closed bugs were reopened this period

Of the 8583 currently open bugs: 90 are labeled 'blocker', 237 are labeled 'critical', and 641 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

Gentoo Recruiting Team, with 34 closed bugs
Xavier Neys, with 30 closed bugs
AMD64 Porting Team, with 30 closed bugs
media-video herd, with 19 closed bugs
Gentoo X-windows packagers, with 16 closed bugs
Gentoo Security, with 16 closed bugs
Gentoo Sound Team, with 12 closed bugs
Gentoo Games, with 11 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

GDesklets packages, with 44 new bugs
Gentoo Sound Team, with 22 new bugs
media-video herd, with 22 new bugs
AMD64 Porting Team, with 20 new bugs
Gentoo's Team for Core System packages, with 14 new bugs
Hanno Boeck, with 11 new bugs
Netmon Herd, with 10 new bugs
PHP Bugs, with 9 new bugs

9. GWN feedback

Please send us your feedback and help make the GWN better.

10. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

11. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

Page updated April 18, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 18 April 2005.

Ulrich Plate
Editor

Wernfried Haas
Author

Pieter Van den Abeele
Author

Lars Weiler
Author

Donate to support our development efforts.