Gentoo Logo

Gentoo Weekly Newsletter: October 10th, 2005

Content:

1.  Gentoo news

Gnome 2.12 moving to unstable

The new Gnome 2.12 will be moved into unstable (~arch) this week. An upgrade guide is available with step-by-step instructions for Gentoo users who'd like to update. If you experience any issues, please search the Gentoo bugzilla, wander into #gentoo-desktop on irc.freenode.net, or file a new bug. Changes to specific packages are shown in the upgrade guide.

Unstable KDE users are also affected by this change. If a KDE user upgrades hal/dbus/pmount then kde-base/kdebase-kioslaves will need to be recompiled afterwards.

Gentoo at the Linux World Expo London

Last weekend was the time for the annual Linux World Expo in London. This year Gentoo was represented by several developers, including Tim Yamin, Marcus Hanwell, Benjamin Smee, Tom Knight, Colin Morey, Tom Martin and Herbie Hopkins. Also present at the booth were Gentoo developers Rob Holland and Andrea Barisani, who had just launched their new company, Inverse Path Ltd., merely two days before the LWE opened its gates. Their brandnew venture - besides co-sponsoring the Gentoo booth - provides professional Gentoo support to corporate customers.


Figure 1.1: Left to right: James Le Cuirot (chewi) and developers strerror, plasmaroo, tomk, peitholm and cryos

Fig. 1: Team

The booth was fairly busy throughout the show, but the lack of internet access made it difficult to show the whole range of benefits Gentoo has. The decision to burn LiveCDs on demand worked out really nicely, as x86 LiveCDs could be stock-piled and handed out as and when necessary, and amd64 or PPC media were burnt on demand whenever people needed them. Thanks to Computashop on Tottenham Court Road for donating plenty of blank CDs and printed labels for them!.


Figure 1.2: Tigger (left) and peitholm receive the Linux Format Awards from Nick Veitch (right)

Fig. 2: Awards

Editor Nick Veitch from Linux Format, the UK Linux magazine, came to the booth to hand over the awards that the Gentoo project had won in March this year, in two categories, best support forum and best distribution. Outside the Gentoo booth the LWE had its moments, too: Gentoo Forums veteran and GWN author George Prowse managed to show ReactOS to two head people at the Novell booth. They found the open-source clone of a Windows NT environment impressing enough to send their team over to talk with its founder and discuss the legality of the project. Other highlights included the free discussions (attended also by Microsoft), appearances by Mark Cox and Alan Cox from Red Hat, and by Mark Spencer from Digium. But as always, the main highlight for everyone was the chance to meet up with the other developers and the users they're in contact with every day.

To top off what was a great show, Digium president and Asterisk creator Mark Spencer treated the entire Gentoo booth staff to drinks, food and talk about the future of open-source technology and Linux at a Sushi restaurant in Kensington. More photos from the expo, the after-show event, and other motives can be found at Marcus Hanwell's gallery.

2.  Heard in the community

Forums

CFLAGS for various Athlons

Forum user dannysauer asks about the various optimizations that can be found in the various Athlon chips from AMD. There seemed to be some confusion over what was best with Thunderbird, XP and MP models all having differentiating attributes.

gentoo-dev

Grub and Reiser4

Version 4 of the Reiser filesystem gets tested by more and more people. Some want to use it everywhere, including the boot partition - but for that to work the bootloader needs to understand the filesystem. Patches for grub do exist, but reiser4 is not officially supported - should GRUB be patched or not?

Interactive emerge

Every now and then a "bad" ebuild exists that is interactive, asking the user for some input. This thread discusses why that is in most if not all circumstances not acceptable - imagine starting an "emerge -uD world" only to come back an hour later to find an ebuild asking you "do you really want to install me?" instead of just doing what it's been told...

Gentoo classes?

As an idea to help Gentoo power users learn specific tools and concepts a user suggests to have "Gentoo Classes" - focused IRC discussions with a set timetable, supervised by someone with a reasonably good knowledge of the subject. While not without its faults this could turn out to be a nice experiment, with one criticism being that well-written documentation might be better than an IRC logfile.

3.  Gentoo international

Germany: Gentoo User Meeting in Oberhausen

4 November is the date for the next GUM at Gasthof Harlos in Oberhausen, the town in Germany's Ruhr region where a whole nucleus of Gentoo developers happen to live. On the agenda next month, among other things are: preparations for the November developer conference at Kransberg castle, and an introductory presentation of the "Capture the flag" contest (CTF) to be followed by some practicing and a test bout right then and there. The meeting - Oberhausen GUMs are monthly events, on every first Friday of a month - will start around 18:00, please reserve a seat and - if need be - your Schnitzelplatte in advance.

4.  Gentoo in the press

WAGM-TV (6 October 2005)

Local CBS affiliate TV station WAGM has a regular news segment called "Sci Tech Flash", produced by Samantha Hensell and scheduled each Thursday at 18:00. Last week WAGM-TV broadcast an interview with Michael Surran, computer science teacher and network administrator at the Greater Houlton Christian Academy, a private kindergarten-to-twelfth grade school in Houlton, a U.S. border-town to Canada. The 2:41 minutes spot covers the principles of steering a computer lab that's entirely Gentoo-driven: distributed compilation across all workstations, fast deployment, easy administration. And Surran does an excellent job of explaining in simple terms what source-based distributions are about. A thread in the Gentoo forums keeps an updated list of mirror sites for the recording, in different formats to meet all possible codecs and bandwidth limitations.

PPC Zone (8 October 2005)

Gentoo beta-testers wanted: a t-shirt bounty has been declared by Gentoo sponsor Genesi. Launching an initiative for beta-testing the PPC build of the REBOL programming environment we reported about a month ago, this post at the PPC Zone forums promises "the coolest t-shirt we ever made" to the 100 first beta-testers who report back.

5.  Tips and tricks

Recovering some log space

To keep your computer uncluttered and clean you can use these commands to keep /var/log nice and tidy.

Firstly, tar up those messages that are over a day old with:

Code Listing 5.1: Find old logs

# find /var/log/ -name "*.log" -mtime +1 -exec bzip2 -z '{}' \;

Then you can delete the tars' that are over 30 days old (or any amout of time, just edit the "-mtime +n" part) using this:

Code Listing 5.2: Delete old tars

# find /var/log -name "*.bz2" -mtime +30 -exec rm '{}' \;

6.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • Robb Romans

Adds

The following developers recently joined the Gentoo Linux team:

  • None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

7.  Gentoo Security

gtkdiskfree: Insecure temporary file creation

gtkdiskfree is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

Berkeley MPEG Tools: Multiple insecure temporary files

The Berkeley MPEG Tools use temporary files in various insecure ways, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

Uim: Privilege escalation vulnerability

Under certain conditions, applications linked against Uim suffer from a privilege escalation vulnerability.

For more information, please see the GLSA Announcement

Texinfo: Insecure temporary file creation

Texinfo is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

Ruby: Security bypass vulnerability

Ruby is vulnerable to a security bypass of the safe level mechanism.

For more information, please see the GLSA Announcement

Dia: Arbitrary code execution through SVG import

Improperly sanitised data in Dia allows remote attackers to execute arbitrary code.

For more information, please see the GLSA Announcement

RealPlayer, Helix Player: Format string vulnerability

RealPlayer and Helix Player are vulnerable to a format string vulnerability resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

xine-lib: Format string vulnerability

xine-lib contains a format string error in CDDB response handling that may be exploited to execute arbitrary code.

For more information, please see the GLSA Announcement

Weex: Format string vulnerability

Weex contains a format string error that may be exploited by malicious servers to execute arbitrary code.

For more information, please see the GLSA Announcement

8.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 02 October 2005 and 09 October 2005, activity on the site has resulted in:

  • 713 new bugs during this period
  • 379 bugs closed or resolved during this period
  • 40 previously closed bugs were reopened this period

Of the 8511 currently open bugs: 103 are labeled 'blocker', 181 are labeled 'critical', and 530 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

9.  GWN feedback

Please send us your feedback and help make the GWN better.

10.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

11.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated October 10, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 10 October 2005.

Ulrich Plate
Editor

John N. Laliberte
Author

Patrick Lauer
Author

George Prowse
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.