Gentoo Logo

Gentoo Weekly Newsletter: July 18th, 2005

Content:

1.  Gentoo News

Discontinuing Gentoo-2.4-sources

The Gentoo kernel maintainers are considering to discontinue the gentoo-sources-2.4 kernel series.

gentoo-sources-2.4 is a kernel based on the older 2.4 series kernel which is no longer under active development. x86 is the only supported architecture, and several feature-style patches are included.

Since January, gentoo-sources-2.6 has become the default kernel, and full migration documentation has been produced. Linux 2.6 is under active development and includes many of the feature patches which were included in gentoo-sources-2.4.

This only concerns the removal of gentoo-sources-2.4, a 'clean' Linux 2.4 kernel will still be provided through vanilla-sources. gentoo-sources-2.6 will also continue as normal.

If you have input on this subject, please mail kernel@gentoo.org with your opinion. We're especially interested to hear from current gentoo-sources-2.4 users. Do you depend on gentoo-sources-2.4 specifically, or are you able to migrate to vanilla-sources-2.4 with minimal hassle? We would especially like to know if there is anything preventing you from upgrading to gentoo-sources-2.6. Your input is appreciated!

Hardware Donations

The last weeks have brought two hardware donations to Gentoo. First is a SUN E250 from the Loyola University of Chicago and Mike Doty (kingtaco). It's a dual-processor 400Mhz UltraSparc2 box with 2GB RAM and 2x36GB disks, available for Gentoo Development from now on.

The second donation received is a Hewlett Packard management processor which has allowed remote testing and development of LiveCDs, which has not happened until now due to the rarity and lack of physical access to the hardware. In addition, HP has included a 73Gb 15,000rpm U320 SCSI drive with this donation, giving developers much needed space for testing applications in the Portage tree.

Additional thanks are directed to the Open Source Laboratory, at the Oregon State University (OSUOSL) - where Corey Shields and Michael Marineau provided invaluable assistance installing the newly donated hardware. Lance Albertson is also kindly acknowledged for allowing the use of other Gentoo infrastructure to access the serial consoles on the IA64 system.

These machines are a welcome addition to the existing development machines.

First IA64 LiveCD finished

Thanks to very generous hardware donations from Hewlett Packard, the Gentoo/IA64 team has finally been able to build a working LiveCD for systems based on the Itanium (IA64) architecture. The new LiveCD will allow users to quickly and painlessly deploy Gentoo on an IA64 platform, where previously another distribution was required to jumpstart the bootstrap process for a Gentoo installation. The CD is planned to be released as part of Gentoo 2005.1, and anyone who is interested in helping test the product should contact the IA64-Developer Tim Yamin.

Bugzilla Upgrade

Shortly before the release of this GWN, infrastructure-developer Jeffrey Forman upgraded Gentoo's Bugzilla from version 2.18.1 to 2.18.3. This update gives beside some security bugs an end to the duplicate-bugs-fiasco which was introduced in an earlier update. Furthermore there is a new autolink feature: just like being able to cite "bug #XXXX" and a link is created, now "glsa #XXXX-Y" will be active so that our security folks can more easily reference GLSA's.

2.  Developer of the week

“For the first impression there is no second chance” — Sven Wegener (swegener)


Figure 2.1: Sven Wegener aka swegener

Fig. 1: swegener

This weeks victim is Sven Wegener, one of the German devs. He's living near Hamelin, the city of the Pied Piper of Hamelin saga.

Most people might know him from his QA efforts (he was promoted to QA lead recently), but he also maintains the net-irc, net-news and shell-tools herds. In general he does bugfixing, package maintenance and looks out for tree breakage. One of his newest toys is ‘autorepoman’, an automated checker that sends mails whenever someones commit causes a problem. Like many other devs he never got to work on other OSS projects before being absorbed into the Gentoo collective.

He used to have a day job as a system administrator, but since that contract expired he's looking for new sources of income. About his education he says “I studied at the University of Cooperative Education in Hamelin and graduated as business data processing specialist. After a law change I was able to post-graduate as Bachelor of Science”, noting that it's quite difficult to translate these titles from German.

Right now Sven mostly uses his AthlonXP workstation and several computers in the basement (nothing fancy, all x86) for development. He adds: “I use gnome-light for my daily work, but occasionally switch to plain console. Mail is done via a mixture of mutt, pine and evolution, all connected to my IMAP server. My workstation is normally left running all time, but I count firefox and several terminals, to access my servers and other development computers, to the apps I normally start after login. irssi, centericq, mutt and pine are permanently running on a server outside of my house.” Speaking of outside: Whenever he finds some spare time he enjoys bowling.

Quote: “Gentoo makes easy things difficult, impossible things easy, but it also gives you enough rope to hang yourself.”

3.  Heard in the community

gentoo-dev

Another Spam victim

After different kinds of spam in the last week this week saw some really weird spam with a win32 executable as attachment. Even mailinglists seem to be an acceptable target to some spammers now.

Proposal: pre-emerge advisories

Since sometimes breakage happens during updates, an interested user suggests to add functionality to portage to warn about known issues before upgrading. Although this would be very interesting to have it is unlikely to become a portage feature in the foreseeable future.

upcoming portage changes

As portage continues to grow in CVS (which is not yet available for general consumption) the portage hackers warn of things to come: At some point in the future the ebuild format will change in a non-compatible way. To make any transition easier there will be a new EBUILD_FORMAT variable so that old and new ebuild can be distinguished. Also, the RDEPEND=DEPEND assumption that portage does right now will change.

devfs is dead, let's move on

Our resident kernel hacker and udev maintainer GregKH explains some of the changes that the removal of devfs from the 2.6 kernel series will cause. Also, a slight reorganization in the udev namespace might save some RAM for all involved.

Proposed security policy for web-based apps

Stuart Herbert offers a proposal for handling security bugs for web-apps. This should reduce the reaction time for Gentoo whenever there are such bugs (and thanks to sloppy coding there are more than enough of those).

4.  Gentoo International

Canada: Gentoo at the Ottawa Linux Symposium

The annual OLS is coming up this week, held from 20 to 23 July at the Ottawa Congress Centre (preceded by a desktop developer's conference at the same venue starting today, 18 to 19 July, open to anyone arriving early for the main event). At the OLS, Gentoo's Linux kernel developer and udev maintainer Greg Kroah-Hartman will be given a device upon the start of the class, and by the end, they will have created a kernel driver that controls the device that will be acceptable for inclusion in the main Linux kernel tree! Seating for Greg's tutorial is limited to 30 spaces, so please reserve now. He also hosts a birds-of-a-feather (BOF) session about "Linux device persistant naming policy", and fellow Gentoo developer Omkhar Arasaratnam will organize an impromptu Gentoo BOF session for any Gentoo user, developer or afficionado who happens to be in Ottawa. Please email Omkhar directly to announce your interest in participating.

Germany: Gentoo introductory talk at Oberhausen LUG

Gentoo Developer Tobias Scherbaum held a presentation about Gentoo including a demonstration how fast Gentoo can be installed using GRP packages last Wednesday at the monthly meeting of his local LUG in Oberhausen/Germany. First he introduced the concepts behind Gentoo, then how everyone can utilize Gentoo for his personal needs and finally Gentoo's big plus: our strong and manifold community.

Subsequent to his presentation the attendees got a practical introduction to Gentoo: Tobias installed Gentoo on a quite new HP notebook using the 2005.0 installation media and explained the necessary installation steps, including the usage of GRP packages to get a system quick set up.

5.  Gentoo in the press

Benchmarking AMD64 and P4 with Gentoo on linuxhardware

Linuxhardware did a current benchmark between different AMD64 and P4 machines. The interesting stuff: They used Gentoo/AMD64 for both platforms. Find out the winner!

6.  Tips and Tricks

Fullscreen task-switching: skippy

You know the problem: Too many applications open, too many windows open, and you are searching for one window you can't find in your taskbar or with the taskswitcher. That's the point when skippy becomes handy:


Figure 6.1: fullscreen task-switching with skippy

Fig. 1: skippy

For installation just run emerge skippy and start it with skippy. Now you can switch your tasks with F11. Or show the windows of the current application only with Alt-F11. Use your mouse for selecting the window or cycle through all windows with Alt-Tab.

You can customize the keys by copying the file /usr/share/skippy-0.5.0/skippyrc-default into ~/.skippyrc and change it to your preferences.

And finally there is a skippy thread in the forums with some customized config-files.

7.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • New staff member: Wernfried Haas (amne) (forum moderator)
  • New developer: Francesco Riosa (vivo) (MySQL)

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

8.  Gentoo security

Adobe Acrobat Reader: Buffer overflow vulnerability

Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Ruby: Arbitrary command execution through XML-RPC

A vulnerability in XMLRPC.iPIMethods allows remote attackers to execute arbitrary commands.

For more information, please see the GLSA Announcement

MIT Kerberos 5: Multiple vulnerabilities

MIT Kerberos 5 is vulnerable to a Denial of Service attack and remote execution of arbitrary code, possibly leading to the compromise of the entire Kerberos realm.

For more information, please see the GLSA Announcement

Bugzilla: Unauthorized access and information disclosure

Multiple vulnerabilities in Bugzilla could allow remote users to modify bug flags or gain sensitive information.

For more information, please see the GLSA Announcement

pam_ldap and nss_ldap: Plain text authentication leak

pam_ldap and nss_ldap fail to restart TLS when following a referral, possibly leading to credentials being sent in plain text.

For more information, please see the GLSA Announcement

Mozilla Firefox: Multiple vulnerabilities

Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leak.

For more information, please see the GLSA Announcement

PHP: Script injection through XML-RPC

PHP includes an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.

For more information, please see the GLSA Announcement

dhcpcd: Denial of Service vulnerability

A vulnerability in dhcpcd may cause the dhcpcd daemon to crash.

For more information, please see the GLSA Announcement

9.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 10 July 2005 and 16 July 2005, activity on the site has resulted in:

  • 634 new bugs during this period
  • 561 bugs closed or resolved during this period
  • 22 previously closed bugs were reopened this period

Of the 8131 currently open bugs: 104 are labeled 'blocker', 185 are labeled 'critical', and 552 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated July 18, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 18 July 2005.

Ulrich Plate
Editor

Daniel Drake
Author

Tim Yamin
Author

Patrick Lauer
Author

Tobias Scherbaum
Author

Lars Weiler
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.