Gentoo Weekly Newsletter 20 March 2006

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 20 March 2006

Ulrich Plate
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 20 March 2006.
1. Gentoo news
Gentoo x86 arch testers wanted
The x86 team has adopted the Arch Tester program and is looking for some
ambitious members of the community to join the team and help out. If you
would like to give back to Gentoo, but don't know how, then this may be a
good way for you to start. You would be helping by testing applications to
be marked stable and assisting in general x86-specific bugs. Please take a
look at the x86 AT documentation[1], and if you have questions about
anything, please either email Homer Parker[2] or Mark Loeser[3].

 2. [hidden email]
 3. [hidden email]
New Athlon X2 for Gentoo developers
As part of Roger Williams University[4] and the School of Business'[5]
continuing expansion into undergraduate and graduate research, access to a
dual-core Athlon X2 is now being provided to faculty, staff and students
of RWU -- and to Gentoo developers! The new host -- baptized "pearl" --
will facilitate Gentoo's official support for dual-core AMD64 systems in
the future. Thanks to RWU for their generous support!

Figure 1.1: Athlon X2 4600+, 4GB RAM, 500GB storage, Gentoo Linux 2006.0
Countdown for Modular X
As reported in the GWN of 30 January[6], the X team is preparing to unmask
289 modular X packages. They will enter ~arch (testing) this week for most
architectures, be sure to read the migration guide[7] before upgrading to
modular X!

2. Heard in the community
Web forums
Gentoo girls wear, anyone?
A female Forums user, star.dancer[8], shows her disappointment in the
total absence of Gentoo merchandise for women. Maybe it's the time to add
women apparel and other schwag on the official Gentoo Store?

 * Gentoo Shop: T-Shirts for girls[9]
 * Link to Gentoo store[10]

glibc 2.4 some more
Last week's GWN mentioned the ascension of glibc-2.4 into the Portage
tree. As the number of users that emerge it grows, problems are increasing
as well. Some users confess to have fallen into a real mess with
glibc-2.4, the library and the nptl and nptlonly USE flags,
while others using prelink on their respective systems had to prelink
their whole system again:
 * glibc,, nptl, nptlonly = problems[11]
 * Upgrading to glibc requires nptlonly use flag[12]

Overlay for overlays?
Some users have been discussing alternatives for applications to find
their way into Portage. One idea is to publish the most popular overlays
on a website. What do you think?
 * maybe a better way to get programmes into portage[13]

3. Gentoo international
Japan: OSC 2006 spring event report
Figure 3.1: CD cover for 2006.0 release at OSC
Note: Cover art for the CD hand-outs at the OSC booth can be downloaded
from Tomoyuki Sakurai's webspace.
The media didn't last long: GentooJP had 150 CDs prepared as give-aways at
the Tokyo Open-Source Conference last weekend, but they were "sold out" by
the end of the first day. The Gentoo x86 and PPC boxes on display at the
booth showed the first official release of the Gentoo installer, and KDE.
Gentoo developers to visit or man the booth included Matsuu Takuto[14],
Shigehiro Idani[15], Jason Stubbs[16] and Mamoru Komachi[17], the latter
just back from Europe where he went to the FOSDEM meeting in Brussels.

 14. [hidden email]
 15. [hidden email]
 16. [hidden email]
 17. [hidden email]
Figure 3.2: The Gentoo booth at OSC
Note: Featuring developers matsuu (right) and idani (center), friends and
visitors. This and more pictures are available at Kalin's website.
Twelve attendants participated in the "Gentoo ebuild Howto" session, an
unexpectedly high turnout of people actually interested in writing and
submitting ebuilds themselves. There's hope for some of them to eventually
help with Gentoo development, especially in i18n and CJK.
The day ended as usual, with a nomikai (drinking bout) at an izakaya
(pub). The next meeting to be held in the Tokyo area is scheduled for
sometime in April, when Dutch Gentoo developer Andres Loeh[18] will be in
town for a conference. If you are available around that time, join
#gentoo-ja on or subscribe to the GentooJP mailing list
[hidden email] for more information.

 18. [hidden email]
4. Gentoo in the press
Distrowatch (13 March 2006)
Distrowatch has mentioned Kororaa[19] -- a Gentoo-based binary
distribution featuring a simplified installation process -- before, in
November 2005[20]. The GWN in turn featured the Kororaa project's latest
release of an Xgl LiveCD[21] just last week. Now the amazing 3D effects of
the Xgl display server as you manipulate windows on your desktop have
caught Ladislav Bodnar's attention too, who interviewed Chris Smart[22] in
his last edition. A similar interview and an article appeared in NewsForge
a day later[23].

5. Tips and tricks
Efficient file change notifications
Many applications rely on tracking filesystem changes internally, and
until recently, the most popular library providing functionality like this
was app-admin/fam. Packages which use FAM for file-monitoring include
GNOME, KDE, PHP, various file managers, various mail clients and servers,
and many more. FAM works by repeatedly polling directory contents and
looking to see if things have changed. This is inefficient, but it did the
job for a while.
More recently, ultra-efficient kernel-side support for monitoring file
changes was merged into Linux 2.6. This functionality, called inotify, is
on by default, and is probably already available on your system (assuming
you are relatively up-to-date). app-admin/gamin is a direct replacement
for FAM, even implementing an identical API. The biggest bonus about gamin
is that where available, gamin monitors the filesystem using inotify,
destroying the ugly overhead which FAM had.
Gamin will be the default for new Gentoo installs, but there is no
automatic migration for existing users at this time. It is recommended
that you make the switch manually:
| Code Listing 5.1:                                                       |
| Switching to gamin                                                      |
|                                                                         |
|# emerge -C app-admin/fam                                                |
|# emerge --oneshot app-admin/gamin                                       |
|It is not necessary to re-merge any software that is built on            |
|FAM, as gamin is literally a drop-in replacement.                        |
|                                                                         |
|                                                                         |
Note:  Gamin also supports plain old filesystem polling, and seems to do a
better job than FAM did. Even if you do not have an inotify-enabled
system, it is still recommended that you change.
Given that the overhead for monitoring filesystem events is now so low, it
is also suggested that you enable file-monitoring support for applications
which optionally support it. To do so, enable the "fam" USE flag:
| Code Listing 5.2:                                                       |
| Add 'fam' USE flag and rebuild world                                    |
|                                                                         |
|# nano -w /etc/make.conf                                                 |
|Add "fam" to your USE variable and save the file                         |
|# emerge --newuse world                                                  |
|                                                                         |
6. Gentoo developer moves
The following developers recently left the Gentoo project:
 * None this week
The following developers recently joined the Gentoo project:
 * Karol Pasternak (reb) - Gentoo OpenBSD  
The following developers recently changed roles within the Gentoo project:
 * None this week
7. Gentoo Security
Freeciv: Denial of Service
A memory allocation bug in Freeciv allows a remote attacker to perform a
Denial of Service attack.
For more information, please see the GLSA Announcement[24]

zoo: Buffer overflow
A buffer overflow in zoo may be exploited to execute arbitrary when
creating archives of specially crafted directories and files.
For more information, please see the GLSA Announcement[25]

PEAR-Auth: Potential authentication bypass
PEAR-Auth did not correctly verify data passed to the DB and LDAP
containers, thus allowing to inject false credentials to bypass the
For more information, please see the GLSA Announcement[26]

Heimdal: rshd privilege escalation
An error in the rshd daemon of Heimdal could allow authenticated users to
elevate privileges.
For more information, please see the GLSA Announcement[27]

Crypt::CBC: Insecure initialization vector
Crypt::CBC uses an insecure initialization vector, potentially resulting
in a weaker encryption.
For more information, please see the GLSA Announcement[28]

Metamail: Buffer overflow
A buffer overflow in Metamail could possibly be exploited to execute
arbitrary code.
For more information, please see the GLSA Announcement[29]

8. Bugzilla
The Gentoo community uses Bugzilla ([30]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 12 March 2006 and 19 March 2006, activity on the
site has resulted in:

 * 865 new bugs during this period
 * 417 bugs closed or resolved during this period
 * 20 previously closed bugs were reopened this period
Of the 9800 currently open bugs: 67 are labeled 'blocker', 151 are labeled
'critical', and 540 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period
 * Gentoo Games[31], with 36 closed bugs[32]  
 * Gentoo Linux Gnome Desktop Team[33], with 23 closed bugs[34]  
 * AMD64 Project[35], with 19 closed bugs[36]  
 * Gentoo Release Team[37], with 17 closed bugs[38]  
 * Xavier Neys[39], with 17 closed bugs[40]  
 * Gentoo Toolchain Maintainers[41], with 15 closed bugs[42]  
 * Gentoo Science Related Packages[43], with 14 closed bugs[44]  
 * ppc64 architecture team[45], with 13 closed bugs[46]  
 31. [hidden email]
 33. [hidden email]
 35. [hidden email]
 37. [hidden email]
 39. [hidden email]
 41. [hidden email]
 43. [hidden email]
 45. [hidden email]

New bug rankings
The developers and teams who have been assigned the most new bugs during
this period are:
 * Default Assignee for New Packages[47], with 44 new bugs[48]  
 * AMD64 Project[49], with 14 new bugs[50]  
 * Gentoo Games[51], with 12 new bugs[52]  
 * Perl Devs @ Gentoo[53], with 8 new bugs[54]  
 * Netmon Herd[55], with 8 new bugs[56]  
 * Gentoo Linux Gnome Desktop Team[57], with 8 new bugs[58]  
 * Gentoo Toolchain Maintainers[59], with 6 new bugs[60]  
 * Gentoo Web Application Packages Maintainers[61], with 5 new bugs[62]  
 47. [hidden email]
 49. [hidden email]
 51. [hidden email]
 53. [hidden email]
 55. [hidden email]
 57. [hidden email]
 59. [hidden email]
 61. [hidden email]

9. GWN feedback
Please send us your feedback[63] and help make the GWN better.

 63. [hidden email]
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
[hidden email].
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
[hidden email] from the email address you are
subscribed under.
11. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[64]  
 * Dutch[65]  
 * English[66]  
 * German[67]  
 * French[68]  
 * Korean[69]  
 * Japanese[70]  
 * Italian[71]  
 * Polish[72]  
 * Portuguese (Brazil)[73]  
 * Portuguese (Portugal)[74]  
 * Russian[75]  
 * Spanish[76]  
 * Turkish[77]  

Ulrich Plate <[hidden email]> - Editor
Ioannis Aslanidis <[hidden email]> - Author
Daniel Drake <[hidden email]> - Author
Chris Gianelloni <[hidden email]> - Author
Gerald J. Normandin Jr. <[hidden email]> - Author
Tomoyuki Sakurai <[hidden email]> - Author

[hidden email] mailing list