Gentoo Weekly Newsletter: 6 February 2006GNOME 2.12 was moved into stable on 22 January 2006. An updated upgrade guide is available. If you experience any issues, please search bugzilla, wander into #gentoo-desktop on irc.freenode.net, or file a new bug.
Following up on a recent weblog entry, Ryan Woodings, president of MetaGeek, LLC, has generously donated a free Wi-Spy spectrum analyzer to Gentoo developer Henrik Brix Andersen. The device will assist in debugging the various IEEE 802.11 wireless LAN drivers available in Portage. A huge thank you to Ryan for his donation. The first edition of the third-party open-source tools for the Wi-Spy device are now available in Gentoo Portage under net-wireless/wispy-tools. People interested in Gentoo's security announcements (GLSA) will have seen the many security bugs in the xpdf code that have been discovered over the last year. To make fixing them easier -- so that users only have to upgrade one package -- the "Poppler" library was introduced. Unfortunately the Poppler library was not used by kpdf to display PDFs because some patches in the KDE xpdf copy were missing in poppler. Thanks to Gentoo developer Stefan Schweizer who helped to get a big patch into Poppler, almost everything needed for kpdf-integration now seems to be integrated. However upstream KPDF is not yet using Poppler because KDE 3.5 is dependency-frozen, no new dependency can be added. Kubuntu has integrated a patch by Jonathan Riddell to make KPDF use Poppler, and Gentoo is now also using a -- slightly improved -- version thanks to Diego Pettenò. While this is mostly important for maintainers, as it greatly simplifies the security process, this change has some implications for users, too. As KPDF now is using Poppler directly, it creates a new dependency for kdegraphics and kpdf. The poppler-bindings are already a dependency for kpdf, and for kdegraphics with USE="pdf"). Reducing the duplication of code means that KPDF takes less time to build and occupies less space, and also seems notably faster than before.
EVDO access for Gentoo Living in Japan, the US or anywhere else where EVDO, the broadband data standard on CDMA2000 mobile phone networks is common? Here's a brandnew howto for those who'd like to use an EVDO PCMCIA card in their laptops, then: Make logrotate a global USE flag? A lengthy discussion on the merits of making logrotate a global useflag happened this week. While some ebuilds offer a (local) logrotate useflag it is not optimal to toggle this through a USE flag - changing log handling should be a config option and not force a recompile! USE flag change: pdflib --> pdf Merging three existing USE flags that all basically did the same thing is what Marius Mauch had in mind when he proposed a new unified USE="pdf" flag. Switzerland: Diet Pentoo released Mini-Pentoo is a trimmed version of the Pentoo LiveCD, a "penetration testing distribution" based on Gentoo Linux and maintained by Basel-based Michael Zanetta. It features tools for auditing and testing a network environment, from scanning and discovery to exploiting vulnerabilities. Its 186MB fit on a mini-CD or a 256MB USB stick, and the new version features a number of enhancements, including a 2.6.14 kernel with unionfs, support for package modules like Slax, non-volatile storage for Nessus plugins, SecurityForest's ExploitTree or config files, and enhanced wireless support.
GentooJP is busily preparing for the next open-source conference in Tokyo: the spring edition of Japan's dedicated open-source events series, OSC. The upcoming event is going to be held on 17 and 18 March at the usual venue, the Japan Electronics College in Ogikubo. Admission will be free, please use the GentooJP mailing list (gentoojp-misc@ml.gentoo.gr.jp) in case you'd like to offer your help at the booth. UK: EUsecwest security conference in London Andrea Barisani, Gentoo developer featured in the 9 January 2006 edition of the GWN, will be one of the speakers at EUSecWest, a security conference held in London on 20 and 21 February. His talk, entitled "Lessons in open-source security: the tale of a 0-day incident", will describe how the rsync exploit (see GLSA 200312-01 and GLSA 200312-03 for details) was handled by Gentoo and the rsync maintainers. Further topics include security in open-source environments with Hardened Gentoo as one of the covered examples. Lee Thompson, VP at E-Trade.com, gives a flamboyant testimonial to why he thinks that Gentoo Linux appeals so much from a technology management perspective: "the rate of patches coming out of the vendor" is so much faster than with any other operating system that "the amount of change that you are sustaining on a Gentoo system is orders of magnitude larger." In his job as CEO of E-Trade, he knows that change can destabilize at times, but it's still good, and worth the extra effort: "If you can sustain change faster than somebody else, you're going to survive, and the person who can't sustain the change is not going to evolve, and they're going to die off." The only thing he's missing is a dedicated Gentoo flavor for production servers -- which are still running RedHat, while Gentoo only powers his laptop. The article contains much more than just Thompson's love for Gentoo, explaining how open-source development can be leveraged for commercial success at a company like E-Trade, and he managed to stir up Steven J. Vaughn-Nichols who wrote another article at Linux Watch where he references Thompsons testimonial, titled "Selling Linux to bean-counters." Wine Headquarter (31 January 2006) Lo' and behold: Wine, the non-emulator for non-Linux applications on Linux, is actually faster than Windows XP when it comes to running Windows applications, claims a benchmark test from WineHQ. our mileage will vary depending on your Linux config, Wine version and Hardware," says author Tom Wickline, but it seems to hold true when the test was done with Wine 0.9.5 on a Gentoo Linux system... The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
MyDNS contains a vulnerability that may lead to a Denial of Service attack. For more information, please see the GLSA Announcement Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer overflows that may be exploited to execute arbitrary code. For more information, please see the GLSA Announcement GStreamer FFmpeg plugin: Heap-based buffer overflow The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code. For more information, please see the GLSA Announcement The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 29 January 2006 and 05 February 2006, activity on the site has resulted in:
Of the 9240 currently open bugs: 75 are labeled 'blocker', 169 are labeled 'critical', and 505 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better. 9. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
