Gentoo Logo

Gentoo Weekly Newsletter: 6 February 2006

Content:

1.  Gentoo news

GNOME 2.12 moved to stable

GNOME 2.12 was moved into stable on 22 January 2006. An updated upgrade guide is available. If you experience any issues, please search bugzilla, wander into #gentoo-desktop on irc.freenode.net, or file a new bug.

Note: If you were helping us test 2.12 by having the packages in your package.keywords file, please remove them all since we will be adding newer releases such as 2.12.3 and the 2.13 beta.

Wi-Spy device donation

Following up on a recent weblog entry, Ryan Woodings, president of MetaGeek, LLC, has generously donated a free Wi-Spy spectrum analyzer to Gentoo developer Henrik Brix Andersen. The device will assist in debugging the various IEEE 802.11 wireless LAN drivers available in Portage. A huge thank you to Ryan for his donation.

The first edition of the third-party open-source tools for the Wi-Spy device are now available in Gentoo Portage under net-wireless/wispy-tools.

Poppler and KPDF

People interested in Gentoo's security announcements (GLSA) will have seen the many security bugs in the xpdf code that have been discovered over the last year. To make fixing them easier -- so that users only have to upgrade one package -- the "Poppler" library was introduced. Unfortunately the Poppler library was not used by kpdf to display PDFs because some patches in the KDE xpdf copy were missing in poppler. Thanks to Gentoo developer Stefan Schweizer who helped to get a big patch into Poppler, almost everything needed for kpdf-integration now seems to be integrated.

However upstream KPDF is not yet using Poppler because KDE 3.5 is dependency-frozen, no new dependency can be added. Kubuntu has integrated a patch by Jonathan Riddell to make KPDF use Poppler, and Gentoo is now also using a -- slightly improved -- version thanks to Diego Pettenò.

While this is mostly important for maintainers, as it greatly simplifies the security process, this change has some implications for users, too. As KPDF now is using Poppler directly, it creates a new dependency for kdegraphics and kpdf. The poppler-bindings are already a dependency for kpdf, and for kdegraphics with USE="pdf"). Reducing the duplication of code means that KPDF takes less time to build and occupies less space, and also seems notably faster than before.

Note: Xpdf has also been ported to using Poppler. The current xpdf ebuild in Portage uses only Poppler for rendering.

2.  Heard in the community

Web forums

EVDO access for Gentoo

Living in Japan, the US or anywhere else where EVDO, the broadband data standard on CDMA2000 mobile phone networks is common? Here's a brandnew howto for those who'd like to use an EVDO PCMCIA card in their laptops, then:

gentoo-dev

Make logrotate a global USE flag?

A lengthy discussion on the merits of making logrotate a global useflag happened this week. While some ebuilds offer a (local) logrotate useflag it is not optimal to toggle this through a USE flag - changing log handling should be a config option and not force a recompile!

USE flag change: pdflib --> pdf

Merging three existing USE flags that all basically did the same thing is what Marius Mauch had in mind when he proposed a new unified USE="pdf" flag.

3.  Gentoo international

Switzerland: Diet Pentoo released

Mini-Pentoo is a trimmed version of the Pentoo LiveCD, a "penetration testing distribution" based on Gentoo Linux and maintained by Basel-based Michael Zanetta. It features tools for auditing and testing a network environment, from scanning and discovery to exploiting vulnerabilities. Its 186MB fit on a mini-CD or a 256MB USB stick, and the new version features a number of enhancements, including a 2.6.14 kernel with unionfs, support for package modules like Slax, non-volatile storage for Nessus plugins, SecurityForest's ExploitTree or config files, and enhanced wireless support.


Figure 3.1: 'Sexiest window manager available' -- Pentoo's new Enlightenment theme

Fig. 1: Pentoo

Note: Gentoo developer Marcelo Góes has written a review of Pentoo that's worth reading if you want to know more about what it contains, and check Pentoo's complete list of tools for detailed information.

Japan: OSC Tokyo coming up

GentooJP is busily preparing for the next open-source conference in Tokyo: the spring edition of Japan's dedicated open-source events series, OSC. The upcoming event is going to be held on 17 and 18 March at the usual venue, the Japan Electronics College in Ogikubo. Admission will be free, please use the GentooJP mailing list (gentoojp-misc@ml.gentoo.gr.jp) in case you'd like to offer your help at the booth.

UK: EUsecwest security conference in London

Andrea Barisani, Gentoo developer featured in the 9 January 2006 edition of the GWN, will be one of the speakers at EUSecWest, a security conference held in London on 20 and 21 February. His talk, entitled "Lessons in open-source security: the tale of a 0-day incident", will describe how the rsync exploit (see GLSA 200312-01 and GLSA 200312-03 for details) was handled by Gentoo and the rsync maintainers. Further topics include security in open-source environments with Hardened Gentoo as one of the covered examples.

4.  Gentoo in the press

eWeek.com (29 January 2006)

Lee Thompson, VP at E-Trade.com, gives a flamboyant testimonial to why he thinks that Gentoo Linux appeals so much from a technology management perspective: "the rate of patches coming out of the vendor" is so much faster than with any other operating system that "the amount of change that you are sustaining on a Gentoo system is orders of magnitude larger." In his job as CEO of E-Trade, he knows that change can destabilize at times, but it's still good, and worth the extra effort: "If you can sustain change faster than somebody else, you're going to survive, and the person who can't sustain the change is not going to evolve, and they're going to die off." The only thing he's missing is a dedicated Gentoo flavor for production servers -- which are still running RedHat, while Gentoo only powers his laptop. The article contains much more than just Thompson's love for Gentoo, explaining how open-source development can be leveraged for commercial success at a company like E-Trade, and he managed to stir up Steven J. Vaughn-Nichols who wrote another article at Linux Watch where he references Thompsons testimonial, titled "Selling Linux to bean-counters."

Wine Headquarter (31 January 2006)

Lo' and behold: Wine, the non-emulator for non-Linux applications on Linux, is actually faster than Windows XP when it comes to running Windows applications, claims a benchmark test from WineHQ. our mileage will vary depending on your Linux config, Wine version and Hardware," says author Tom Wickline, but it seems to hold true when the test was done with Wine 0.9.5 on a Gentoo Linux system...

5.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • None this week

Adds

The following developers recently joined the Gentoo project:

  • Zac Medico (zmedico) - Portage
  • Alec Warner (antarus) - Portage
  • Gérald Fenoy (djay) - app-sci herd

Changes

The following developers recently changed roles within the Gentoo project:

  • None this week

6.  Gentoo Security

MyDNS: Denial of Service

MyDNS contains a vulnerability that may lead to a Denial of Service attack.

For more information, please see the GLSA Announcement

Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer overflows that may be exploited to execute arbitrary code.

For more information, please see the GLSA Announcement

GStreamer FFmpeg plugin: Heap-based buffer overflow

The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code.

For more information, please see the GLSA Announcement

7.  Bugzilla

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 29 January 2006 and 05 February 2006, activity on the site has resulted in:

  • 830 new bugs during this period
  • 435 bugs closed or resolved during this period
  • 26 previously closed bugs were reopened this period

Of the 9240 currently open bugs: 75 are labeled 'blocker', 169 are labeled 'critical', and 505 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated February 6, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 6 February 2006.

Ulrich Plate
Editor

Henrik Brix Andersen
Author

Stefan Schweizer
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.