Gentoo Weekly Newsletter 13 March 2006

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 13 March 2006

Ulrich Plate
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 13 March 2006.
1. Gentoo news
Gentoo store: 2006.0 release media available
Official 2006.0 CD releases[1] have hit the Gentoo store this week! Five
USD from every CD sale goes to the Gentoo Foundation[2], presenting a
clever way to financially support the development of Gentoo Linux through
purchasing the release media directly from the project.

Gentoo community directory
It's increasingly difficult to keep track of the multitude of
international activities in and around the Gentoo project. Developers,
power users and enthusiasts around the globe organize Gentoo-related
events, hold classes at their universities, and man Gentoo booths at trade
fairs and conferences. To keep up with what's going on internationally,
the GWN team is actively looking for Gentoo user groups, associations,
clubs or study circles that represent users or developers in their own
town or country. If you're running a Gentoo-related website, a forum, a
monthly user meeting or other events, please submit a short description of
your activities and your contact details to our feedback address[3] so we
can start setting up a Gentoo community directory. Thanks a lot in

 3. [hidden email]
2. Heard in the community
Web forums
glibc 2.4
glibc 2.4 officially hit the Portage tree. Forum users were surprised to
see that it got straight into ~arch instead of being hard masked first.
However, they did quite a lot of tests, like rebuilding the toolchain and
all seemed to go well. Some of them even tried it with GCC 4.1 and
experienced no problems. Nevertheless, they did find some minor issues
when building nptl-only applications:
 * GLIBC 2.4 now officially in portage[4]


Forum veteran taskara[5] just released a custom Gentoo LiveCD that
provides Xgl support. Users who tried it are rather pleased with that kind
of 3D hardware support on a LiveCD. Links and torrents are inside the
thread, and of course you can discuss it right there:

 * Xgl Demo Live CD available (Gentoo based, of course!)[6]

3. Gentoo international
India: Open-source event in Calicut this weekend
Gentoo developer Shyam Mani[7] will give an introductory talk about Gentoo
during the FOSS.NITC[8] event at the National Institute of Technology in
Calicut (Kerela) on 18 and 19 March. Together with fellow Gentoo
enthusiast Ashish V, he plans to hold a Gentoo BoF (Birds of a Feather)
session as well sometime during the event. Check the event schedule[9] for

 7. [hidden email]
Germany: Gentoo user meeting in Leipzig
On Friday, 17 March 2006, a group of Gentooists from the Leipzig and Halle
area in Saxony will meet for an evening at the Stuk[10] (Studentenkeller).
This first Leipzig GUM will start at 19:00, and if you're interested in
attending, please tell the organizers via their Forum thread[11].

Germany: Report from Chemnitz
As in 2005, the Linuxtage in Chemnitz (4 and 5 March 2006) were not only
visited by Gentoo developers, but you could also visit them at their booth
for a little chat. You could see an SGI Octane constantly compile stuff,
but at the end of the second day, finally xorg was running. Of course
devotional objects such as stickers or a DVD with the 2006.0 release plus
some extra goodies like stage archives and a lot of source packages could
be purchased at the stand. Tobias Scherbaum[12] also gave a speech about

 12. [hidden email]
Figure 3.1: Left to right: booth staffers tuxus, dertobi123 and Mr. Big
4. Gentoo in the press
Linux Magazin (4/2006, in German)
The April edition of Germany's Linux Magazin dedicates its cover story and
half a dozen in-depth articles inside the printed magazine to
virtualization in all its forms. One article features Gentoo developer
Benedikt Böhm[13] and the vserver project for Linux, based on the
vserver-sources and utilities provided in Gentoo. The magazine is
available at news stands in German-speaking countries.

 13. [hidden email]
Opensourcejahrbuch (March 2006)
Last week we published a reference to an interview with Bill Hilf,
Microsoft's open-source lab director. Now the full publication is
available, the 2006 edition of the Open-Source Jahrbuch[14] can be
downloaded for free, or purchased in print for a moderate fee.

5. Tips and tricks
Iproute2 instead of ifconfig/route
For many, ifconfig and route are still the preferred commands for
configuring a network through the command line. However, in modern network
environments, ifconfig has its drawbacks. And as you would expect from a
Free Software community, improved packages have been developed. iproute2
is one of them and is getting increasingly popular.
The default command to work with iproute2 is ip. Clean, simple to remember
and extremely powerful. But its power is well described in many documents,
including the iproute2 document[15] and the Guide to IP Layer Network
Administration with Linux[16]. In this short introduction, we'll stay with
the simplest basics that most people use just to show you how easy it is
to "migrate" from ifconfig (sys-apps/net-tools) to ip (sys-apps/iproute2).

To configure a host to use IP address, netmask
and default gateway, the "old" commands were:
| Code Listing 5.1:                                                       |
| Using ifconfig and route                                                |
|                                                                         |
|# ifconfig eth0 netmask up                   |
|# route add default gw                                       |
|                                                                         |
Using iproute2, this becomes:
| Code Listing 5.2:                                                       |
| Using iproute2's ip command                                             |
|                                                                         |
|# ip address dev eth0                                   |
|# ip route add default via                                   |
|                                                                         |
The syntax isn't all that difficult, is it? Let's take a look at our
current routing table. With route you would run route -n:
| Code Listing 5.3:                                                       |
| Using route                                                             |
|                                                                         |
|# route -n                                                               |
|Kernel IP routing table                                                  |
|Destination     Gateway         Genmask         Flags Metric Ref    Use  |
|   U     0      0        0  |
|       UG    0      0        0 lo|
|         UG    0      0        0  |
|                                                                         |
With ip, you ask it to show the routes:
| Code Listing 5.4:                                                       |
| Using ip to show the routing table                                      |
|                                                                         |
|# ip route show                                                          |
| dev eth0  proto kernel  scope link  src     |
| via dev lo  scope link                             |
|default via dev eth0                                         |
|                                                                         |
You might find this output strange; however, it gives a lot of useful
information. For instance, scope link means that the network is reachable
while proto kernel informs us that the kernel has added this routing as
part of bringing the interface up.
Using ip within Gentoo isn't difficult either. The Gentoo
sys-apps/baselayout package supports both formats (ifconfig and ip):
| Code Listing 5.5:                                                       |
| Configuring the network through /etc/conf.d/net                         |
|                                                                         |
|(Old-style configuration)                                                |
|config_eth0=( " netmask" )                    |
|routes_eth0=( "default gw" )                                 |
|                                                                         |
|(Using iproute2 -- don't forget to emerge it first)                      |
|modules=( "iproute2" )                                                   |
|config_eth0=( "" )                                       |
|routes_eth0=( "default via" )                                |
|                                                                         |
Note:  For more /etc/conf.d/net magic, please read the commented file
That's it for now; have fun with Gentoo !
6. Gentoo developer moves
The following developers recently left the Gentoo project:
 * None this week
The following developers recently joined the Gentoo project:
 * Emanuele Giaquin (exg) - Gentoo/OS X and PPC  
 * Alfredo Tupone (Tupone) - Games herd  
The following developers recently changed roles within the Gentoo project:
 * None this week
7. Gentoo Security
IMAP Proxy: Format string vulnerabilities
Format string vulnerabilities in IMAP Proxy may lead to the execution of
arbitrary code when connected to malicious IMAP servers.
For more information, please see the GLSA Announcement[17]

zoo: Stack-based buffer overflow
A stack-based buffer overflow in zoo may be exploited to execute arbitrary
code through malicious ZOO archives.
For more information, please see the GLSA Announcement[18]

GNU tar: Buffer overflow
A malicious tar archive could trigger a Buffer overflow in GNU tar,
potentially resulting in the execution of arbitrary code.
For more information, please see the GLSA Announcement[19]

flex: Potential insecure code generation
flex might generate code with a buffer overflow, making applications using
such scanners vulnerable to the execution of arbitrary code.
For more information, please see the GLSA Announcement[20]

GnuPG: Incorrect signature verification
GnuPG may erroneously report a modified or unsigned message has a valid
digital signature.
For more information, please see the GLSA Announcement[21]

SquirrelMail: Cross-site scripting and IMAP command injection
SquirrelMail is vulnerable to several cross-site scripting vulnerabilities
and IMAP command injection.
For more information, please see the GLSA Announcement[22]

Cube: Multiple vulnerabilities
Cube is vulnerable to a buffer overflow, invalid memory access and remote
client crashes, possibly leading to a Denial of Service or remote code
For more information, please see the GLSA Announcement[23]

8. Bugzilla
The Gentoo community uses Bugzilla ([24]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 05 March 2006 and 12 March 2006, activity on the
site has resulted in:

 * 849 new bugs during this period
 * 413 bugs closed or resolved during this period
 * 25 previously closed bugs were reopened this period
Of the 9683 currently open bugs: 62 are labeled 'blocker', 155 are labeled
'critical', and 539 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period
 * Xavier Neys[25], with 22 closed bugs[26]  
 * Gentoo Security[27], with 20 closed bugs[28]  
 * Gentoo Games[29], with 17 closed bugs[30]  
 * NX Server Herd[31], with 16 closed bugs[32]  
 * GNU Emacs Herd[33], with 16 closed bugs[34]  
 * media-video herd[35], with 11 closed bugs[36]  
 * Portage team[37], with 10 closed bugs[38]  
 * Gentoo's Team for Core System packages[39], with 10 closed bugs[40]  
 25. [hidden email]
 27. [hidden email]
 29. [hidden email]
 31. [hidden email]
 33. [hidden email]
 35. [hidden email]
 37. [hidden email]
 39. [hidden email]

New bug rankings
The developers and teams who have been assigned the most new bugs during
this period are:
 * Default Assignee for New Packages[41], with 34 new bugs[42]  
 * Gentoo KDE team[43], with 12 new bugs[44]  
 * Gentoo Games[45], with 12 new bugs[46]  
 * Mozilla Gentoo Team[47], with 9 new bugs[48]  
 * Gentoo Science Related Packages[49], with 8 new bugs[50]  
 * AMD64 Project[51], with 8 new bugs[52]  
 * Gentoo Toolchain Maintainers[53], with 7 new bugs[54]  
 * Python Gentoo Team[55], with 7 new bugs[56]  
 41. [hidden email]
 43. [hidden email]
 45. [hidden email]
 47. [hidden email]
 49. [hidden email]
 51. [hidden email]
 53. [hidden email]
 55. [hidden email]

9. GWN feedback
Please send us your feedback[57] and help make the GWN better.

 57. [hidden email]
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
[hidden email].
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
[hidden email] from the email address you are
subscribed under.
11. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[58]  
 * Dutch[59]  
 * English[60]  
 * German[61]  
 * French[62]  
 * Korean[63]  
 * Japanese[64]  
 * Italian[65]  
 * Polish[66]  
 * Portuguese (Brazil)[67]  
 * Portuguese (Portugal)[68]  
 * Russian[69]  
 * Spanish[70]  
 * Turkish[71]  

Ulrich Plate <[hidden email]> - Editor
Ioannis Aslanidis <[hidden email]> - Author
Wernfried Haas <[hidden email]> - Author
Shyam Mani <[hidden email]> - Author
Sven Vermeulen <[hidden email]> - Author

[hidden email] mailing list