Gentoo Weekly Newsletter: 13 March 2006

1. Gentoo news

Gentoo store: 2006.0 release media available

Official 2006.0 CD releases have hit the Gentoo store this week! Five USD from every CD sale goes to the Gentoo Foundation, presenting a clever way to financially support the development of Gentoo Linux through purchasing the release media directly from the project.

Gentoo community directory

It's increasingly difficult to keep track of the multitude of international activities in and around the Gentoo project. Developers, power users and enthusiasts around the globe organize Gentoo-related events, hold classes at their universities, and man Gentoo booths at trade fairs and conferences. To keep up with what's going on internationally, the GWN team is actively looking for Gentoo user groups, associations, clubs or study circles that represent users or developers in their own town or country. If you're running a Gentoo-related website, a forum, a monthly user meeting or other events, please submit a short description of your activities and your contact details to our feedback address so we can start setting up a Gentoo community directory. Thanks a lot in advance!

2. Heard in the community

Web forums

glibc 2.4

glibc 2.4 officially hit the Portage tree. Forum users were surprised to see that it got straight into ~arch instead of being hard masked first. However, they did quite a lot of tests, like rebuilding the toolchain and all seemed to go well. Some of them even tried it with GCC 4.1 and experienced no problems. Nevertheless, they did find some minor issues when building nptl-only applications:

GLIBC 2.4 now officially in portage

Gentoo-based Xgl LiveCD

Forum veteran taskara just released a custom Gentoo LiveCD that provides Xgl support. Users who tried it are rather pleased with that kind of 3D hardware support on a LiveCD. Links and torrents are inside the thread, and of course you can discuss it right there:

Xgl Demo Live CD available (Gentoo based, of course!)

3. Gentoo international

India: Open-source event in Calicut this weekend

Gentoo developer Shyam Mani will give an introductory talk about Gentoo during the FOSS.NITC event at the National Institute of Technology in Calicut (Kerela) on 18 and 19 March. Together with fellow Gentoo enthusiast Ashish V, he plans to hold a Gentoo BoF (Birds of a Feather) session as well sometime during the event. Check the event schedule for details.

Germany: Gentoo user meeting in Leipzig

On Friday, 17 March 2006, a group of Gentooists from the Leipzig and Halle area in Saxony will meet for an evening at the Stuk (Studentenkeller). This first Leipzig GUM will start at 19:00, and if you're interested in attending, please tell the organizers via their Forum thread.

Germany: Report from Chemnitz

As in 2005, the Linuxtage in Chemnitz (4 and 5 March 2006) were not only visited by Gentoo developers, but you could also visit them at their booth for a little chat. You could see an SGI Octane constantly compile stuff, but at the end of the second day, finally xorg was running. Of course devotional objects such as stickers or a DVD with the 2006.0 release plus some extra goodies like stage archives and a lot of source packages could be purchased at the stand. Tobias Scherbaum also gave a speech about Gentoo.

Figure 3.1: Left to right: booth staffers tuxus, dertobi123 and Mr. Big

4. Gentoo in the press

Linux Magazin (4/2006, in German)

The April edition of Germany's Linux Magazin dedicates its cover story and half a dozen in-depth articles inside the printed magazine to virtualization in all its forms. One article features Gentoo developer Benedikt Böhm and the vserver project for Linux, based on the vserver-sources and utilities provided in Gentoo. The magazine is available at news stands in German-speaking countries.

Opensourcejahrbuch (March 2006)

Last week we published a reference to an interview with Bill Hilf, Microsoft's open-source lab director speaking about Gentoo Linux and Daniel Robbins, among other things. Now the English version of that article is available, along with the announcement of the 2006 edition of the Open-Source Jahrbuch that can be downloaded for free, or purchased in print for a moderate fee. With the English edition of the Opensourcejahrbuch not entirely translated yet, a Wiki for contributed translations of individual articles has been set up.

5. Tips and tricks

Iproute2 instead of ifconfig/route

For many, ifconfig and route are still the preferred commands for configuring a network through the command line. However, in modern network environments, ifconfig has its drawbacks. And as you would expect from a Free Software community, improved packages have been developed. iproute2 is one of them and is getting increasingly popular.

The default command to work with iproute2 is ip. Clean, simple to remember and extremely powerful. But its power is well described in many documents, including the iproute2 document and the Guide to IP Layer Network Administration with Linux. In this short introduction, we'll stay with the simplest basics that most people use just to show you how easy it is to "migrate" from ifconfig (sys-apps/net-tools) to ip (sys-apps/iproute2).

To configure a host to use IP address 192.168.0.102, netmask 255.255.255.0 and default gateway 192.168.0.1, the "old" commands were:

Code Listing 5.1: Using ifconfig and route

# ifconfig eth0 192.168.0.102 netmask 255.255.255.0 up
# route add default gw 192.168.0.1

Using iproute2, this becomes:

Code Listing 5.2: Using iproute2's ip command

# ip address 192.168.0.102/24 dev eth0
# ip route add default via 192.168.0.1

The syntax isn't all that difficult, is it? Let's take a look at our current routing table. With route you would run route -n:

Code Listing 5.3: Using route

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

With ip, you ask it to show the routes:

Code Listing 5.4: Using ip to show the routing table

# ip route show
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.121 
127.0.0.0/8 via 127.0.0.1 dev lo  scope link 
default via 192.168.0.1 dev eth0

You might find this output strange; however, it gives a lot of useful information. For instance, scope link means that the network is reachable while proto kernel informs us that the kernel has added this routing as part of bringing the interface up.

Using ip within Gentoo isn't difficult either. The Gentoo sys-apps/baselayout package supports both formats (ifconfig and ip):

Code Listing 5.5: Configuring the network through /etc/conf.d/net

(Old-style configuration)
config_eth0=( "192.168.0.102 netmask 255.255.255.0" )
routes_eth0=( "default gw 192.168.0.1" )

(Using iproute2 -- don't forget to emerge it first)
modules=( "iproute2" )
config_eth0=( "192.168.0.102/24" )
routes_eth0=( "default via 192.168.0.1" )

Note: For more /etc/conf.d/net magic, please read the commented file /etc/conf.d/net.example.

That's it for now; have fun with Gentoo !

6. Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

None this week

Adds

The following developers recently joined the Gentoo project:

Emanuele Giaquin (exg) - Gentoo/OS X and PPC
Alfredo Tupone (Tupone) - Games herd

Changes

The following developers recently changed roles within the Gentoo project:

None this week

7. Gentoo Security

IMAP Proxy: Format string vulnerabilities

Format string vulnerabilities in IMAP Proxy may lead to the execution of arbitrary code when connected to malicious IMAP servers.

For more information, please see the GLSA Announcement

zoo: Stack-based buffer overflow

A stack-based buffer overflow in zoo may be exploited to execute arbitrary code through malicious ZOO archives.

For more information, please see the GLSA Announcement

GNU tar: Buffer overflow

A malicious tar archive could trigger a Buffer overflow in GNU tar, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

flex: Potential insecure code generation

flex might generate code with a buffer overflow, making applications using such scanners vulnerable to the execution of arbitrary code.

For more information, please see the GLSA Announcement

GnuPG: Incorrect signature verification

GnuPG may erroneously report a modified or unsigned message has a valid digital signature.

For more information, please see the GLSA Announcement

SquirrelMail: Cross-site scripting and IMAP command injection

SquirrelMail is vulnerable to several cross-site scripting vulnerabilities and IMAP command injection.

For more information, please see the GLSA Announcement

Cube: Multiple vulnerabilities

Cube is vulnerable to a buffer overflow, invalid memory access and remote client crashes, possibly leading to a Denial of Service or remote code execution.

For more information, please see the GLSA Announcement

8. Bugzilla

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 05 March 2006 and 12 March 2006, activity on the site has resulted in:

849 new bugs during this period
413 bugs closed or resolved during this period
25 previously closed bugs were reopened this period

Of the 9683 currently open bugs: 62 are labeled 'blocker', 155 are labeled 'critical', and 539 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

Xavier Neys, with 22 closed bugs
Gentoo Security, with 20 closed bugs
Gentoo Games, with 17 closed bugs
NX Server Herd, with 16 closed bugs
GNU Emacs Herd, with 16 closed bugs
media-video herd, with 11 closed bugs
Portage team, with 10 closed bugs
Gentoo's Team for Core System packages, with 10 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

Default Assignee for New Packages, with 34 new bugs
Gentoo KDE team, with 12 new bugs
Gentoo Games, with 12 new bugs
Mozilla Gentoo Team, with 9 new bugs
Gentoo Science Related Packages, with 8 new bugs
AMD64 Project, with 8 new bugs
Gentoo Toolchain Maintainers, with 7 new bugs
Python Gentoo Team, with 7 new bugs

9. GWN feedback

Please send us your feedback and help make the GWN better.

10. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

11. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

Updated March 13, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 13 March 2006.

Ulrich Plate
Editor

Ioannis Aslanidis
Author

Wernfried Haas
Author

Shyam Mani
Author

Sven Vermeulen
Author

Donate to support our development efforts.