Gentoo Logo

Gentoo Weekly Newsletter: June 27th, 2005

Content:

1.  Gentoo News

Gentoo developer wins award for home entertainment system

Congratulations to Gentoo developer Pieter van den Abeele who went to the Freescale Technology Forum in Orlando, Florida -- and away with the "Best of Show" award for his home media entertainment center based on a hardware design prototype by Gentoo-sponsor Genesi's, the maker of the Open Desktop Workstation. Features worth highlighting include a THX-certified 7.1 audio system, a 256M ATI graphics card, SATA hard disk capacity measured in terabytes, full-screen video conferencing support with Altivec optimized audio codecs, a dual TV tuner, Vacuum Fluorescent Display for system messages, fast DVD writer, smartcard support to protect recordings, for authentication and encryption, and infrared support so you can run your media center from a remote control just like any old VCR. More details about the show, including video and audio streams can be found at Pieter's blogsite.


Figure 1.1: Pieter and his award: Best of Show at the Freescale Technology Forum

Fig. 1: Award

Gentoo at the German LinuxTag 2005 in Karlsruhe

"Linux everywhere", the motto of this year's LinuxTag, held particularly true again for the Gentoo team when PPC developer Lars Weiler was once again invited to install Gentoo Linux on a machine at the close-by HP booth in the same exhibition hall. After a Quad-Opteron installation, Pylon this year bootstrapped Gentoo Linux on a sleek Dual Intel Itanium 2 server, featuring 1.6GHz processors, 4GB RAM and two 73GB Ultra320-SCSI disks, of which 36GB were set aside for the Gentoo installation. The machine had a gigabit network card, but no graphics or input devices: serial console and later ssh were the only ways in. From a chroot environment in an installed SuSE Linux, a flawless stage1 installation was done, including a 2.6.12 kernel that -- interestingly enough -- needed almost no variation from the default config settings. Trying for an ia64 install CD and a catalyst demonstration, fiddling around with the elilo bootloader and some interesting observations kept Lars busy and happy for a day.


Figure 1.2: HP's Christian Franck, Gentoo developers Robin Johnson and Lars Weiler hacking away

Fig. 2: HP

While the total number of visitors to the LinuxTag was somewhat diminished by the introduction of an entrance fee to be paid by all visitors, the Gentoo booth was as popular as ever. Portability was indeed the main focus of this year's Gentoo presence, with PPC, MIPS and x86 architectures on display at the Gentoo stand, and another HPPA host in the same hall at the Linux Portability stand - a 66MHz HP 735 running KDE 3.3.2... 60 T-Shirts were sold, 15 developers and helpers from Germany took care of visitors at the Gentoo booth, backed up by Robin Johnson visiting from Canada.


Figure 1.3: Still smiling on closing day: the Gentoo LinuxTag team 2005

Fig. 3: Linuxtag

Note: Left to right: Stefan Knoblich (stkn), Marc Herren (dj-submerge), Robin Johnson (robbat2),Lars Weiler (pylon), Michael Imhof (tantive), Sebastian Müller (dakjo), Christian Hartmann (ian!), Markus Nigbur (pyrania), Timo Antweiler (azze), Marc Hildebrand (zypher), Stefan Schweizer (genstef)

After the show, the unofficial localized Gentoo XLiveCD that has become sort of a traditional treat for visitors at IT fairs with a Gentoo representation manned by the German NFP "Friends of Gentoo e.V." has been made available. Everyone who couldn't buy one of the 120 CDs that went over the table at the booth in Karlsruhe can now download the image from the Fizzlewizzle server or via Bittorrent. x86 is uploaded, the PPC version will follow in a bit.


Figure 1.4: Cover art by Christian Hartmann (ian!) for the Fizzlewizzle Gentoo XLiveCD

Fig. 4: Fizzlewizzle

Developer accounts on donated AMD64 machine now available

Several new development systems are being brought online this week! Named pitr, dustpuppy and poseidon,the bulk of the hardware was generously donated by AMD last month. Other donations from various developers and the Gentoo Foundation have facilitated the purchase of parts essential to setting up the boxes, including power supplies and hard disks. Specifications for the three new machines are:

  • poseidon.amd64.dev.gentoo.org: Dual Opteron 844, 4GB ECC/Registered RAM, one 80GB HDD
  • pitr.amd64.dev.gentoo.org: Dual Opteron 842, 2GB ECC/Registered RAM, two 120GB drives
  • dustpuppy.amd64.dev.gentoo.org: Dual Opteron 842, 1GB ECC/Registered RAM, diskless node

Figure 1.5: Named after a character on userfriendly.org: Pitr in all its glory

Fig. 5: AMD64

Two of the systems will be deployed for Gentoo/AMD64 testing/development activities, while the third is destined to become a dedicated release engineering platform. Their deployment is neatly timed to coincide with the release cycle for Gentoo 2005.1 - where their significant processing power will contribute towards the construction of stages, hopefully dramatically reducing catalyst build times!

2.  Heard in the community

gentoo-dev

Splitting one source package into many binaries

Since most other Linux distros have split packages for binaries and headers, why isn't this done in Gentoo? Where does it help and what problems does it cause? Read on to find out

Glibc, non-glibc and external libs

As Gentoo/BSD is maturing some problems with the handling of the different libcs become more pronounced. How does one handle the extra libraries needed on BSD systems to get all glibc function?

3.  Gentoo International

Germany: Gentoo summer camp

Bring a tent, enough beverages and food to last for two days, and join the happy Gentoo campers at the first German Gentoo summer camp. From 13 to 14 August 2005, German and other European Gentooists are meeting on a campsite in Wissen, close to Siegen and Koblenz in the Westerwald forest region. Bring a laptop if you like, too, but the camp is mainly targeting real life interaction: just for fun, for getting to know each other and spending a nice weekend a la campagne. Computing -- if at all -- is going to be limited to whatever is stored on the campers' disks, as there will be no internet connectivity. Prices are very moderate at 5 EUR per night, please register at organiser Slick's website (link in German).

4.  Gentoo in the press

eMediawire (24 June 2005)

Sumo Computer, known for their Gentoo-driven Kuro-Box, has now taken an Asus Pundit-R Booksize Barebones system and added a 3.2 Ghz Pentium 4 Prescott processor, a GB of memory, 400 GB worth of SATA disk space and a DVD/CD-RW drive -- and again ships the small box with Gentoo Linux preinstalled, says the press release posted on eMediaWire.

5.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Johannes Traub (_bambam) - PPC arch tester

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • Andrea Barisani (lcars) - Adds sendmail ebuild maintenance to his infra duties

6.  Gentoo security

cpio: Directory traversal vulnerability

cpio contains a flaw which may allow a specially crafted cpio archive to extract files to an arbitrary directory.

For more information, please see the GLSA Announcement

SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability

SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service attack when handling certain malformed messages.

For more information, please see the GLSA Announcement

Tor: Information disclosure

A flaw in Tor may allow the disclosure of arbitrary memory portions.

For more information, please see the GLSA Announcement

SquirrelMail: Several XSS vulnerabilities

Squirrelmail is vulnerable to several cross-site scripting vulnerabilities which could lead to a compromise of webmail accounts.

For more information, please see the GLSA Announcement

Cacti: Several vulnerabilities

Cacti is vulnerable to several SQL injection and file inclusion vulnerabilities.

For more information, please see the GLSA Announcement

Trac: File upload vulnerability

Trac may allow remote attackers to upload files, possibly leading to the execution of arbitrary code.

For more information, please see the GLSA Announcement

sudo: Arbitrary command execution

A vulnerability in sudo may allow local users to elevate privileges.

For more information, please see the GLSA Announcement

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 19 June 2005 and 26 June 2005, activity on the site has resulted in:

  • 585 new bugs during this period
  • 397 bugs closed or resolved during this period
  • 18 previously closed bugs were reopened this period

Of the 8396 currently open bugs: 106 are labeled 'blocker', 208 are labeled 'critical', and 597 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated June 27, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 27 June 2005.

Ulrich Plate
Editor

Alex Howells
Author

Patrick Lauer
Author

Lars Weiler
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.