Gentoo Weekly Newsletter 6 February 2006

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 6 February 2006

Ulrich Plate
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 6 February 2005.
1. Gentoo news
GNOME 2.12 moved to stable
GNOME 2.12 was moved into stable on 22 January 2006. An updated upgrade
guide[1] is available. If you experience any issues, please search
bugzilla[2], wander into #gentoo-desktop on, or file a
new bug.

Note: If you were helping us test 2.12 by having the packages in your
package.keywords file, please remove them all since we will be adding
newer releases such as 2.12.3 and the 2.13 beta.
Wi-Spy device donation
Following up on a recent weblog entry[3], Ryan Woodings, president of
MetaGeek, LLC[4], has generously donated a free Wi-Spy spectrum analyzer
to Gentoo developer Henrik Brix Andersen[5]. The device will assist in
debugging the various IEEE 802.11 wireless LAN drivers available in
Portage. A huge thank you to Ryan for his donation.

 5. [hidden email]
The first edition of the third-party open-source tools[6] for the Wi-Spy
device are now available in Gentoo Portage under

Poppler and KPDF
People interested in Gentoo's security announcements (GLSA) will have seen
the many security bugs in the xpdf code that have been discovered over the
last year. To make fixing them easier -- so that users only have to
upgrade one package -- the "Poppler" library was introduced. Unfortunately
the Poppler library was not used by kpdf to display PDFs because some
patches in the KDE xpdf copy were missing in poppler. Thanks to Gentoo
developer Stefan Schweizer[8] who helped to get a big patch into Poppler,
almost everything needed for kpdf-integration[9] now seems to be

 8. [hidden email]
However upstream KPDF is not yet using Poppler because KDE 3.5 is
dependency-frozen, no new dependency can be added. Kubuntu has integrated
a patch by Jonathan Riddell to make KPDF use Poppler, and Gentoo is now
also using a -- slightly improved -- version thanks to Diego Pettenò[10].

 10. [hidden email]
While this is mostly important for maintainers, as it greatly simplifies
the security process, this change has some implications for users, too. As
KPDF now is using Poppler directly, it creates a new dependency for
kdegraphics and kpdf. The poppler-bindings are already a dependency for
kpdf, and for kdegraphics with USE="pdf"). Reducing the duplication of
code means that KPDF takes less time to build and occupies less space, and
also seems notably faster than before.
Note: Xpdf has also been ported to using Poppler. The current xpdf ebuild
in Portage uses only Poppler for rendering.
2. Heard in the community
Web forums
EVDO access for Gentoo
Living in Japan, the US or anywhere else where EVDO, the broadband data
standard on CDMA2000 mobile phone networks is common? Here's a brandnew
howto for those who'd like to use an EVDO PCMCIA card in their laptops,
 * How-To: EVDO on Gentoo Linux[11]

Make logrotate a global USE flag?
A lengthy discussion on the merits of making logrotate a global useflag
happened this week. While some ebuilds offer a (local) logrotate useflag
it is not optimal to toggle this through a USE flag - changing log
handling should be a config option and not force a recompile!
 * Make logrotate a global USE flag? [12]
 * Default ebuild behaviour [13]

USE flag change: pdflib --> pdf
Merging three existing USE flags that all basically did the same thing is
what Marius Mauch[14] had in mind when he proposed a new unified USE="pdf"

 14. [hidden email]
 * pdf use flags[15]

3. Gentoo international
Switzerland: Diet Pentoo released
Mini-Pentoo[16] is a trimmed version of the Pentoo LiveCD[17], a
"penetration testing distribution" based on Gentoo Linux and maintained by
Basel-based Michael Zanetta[18]. It features tools for auditing and
testing a network environment, from scanning and discovery to exploiting
vulnerabilities. Its 186MB fit on a mini-CD or a 256MB USB stick, and the
new version features a number of enhancements, including a 2.6.14 kernel
with unionfs, support for package modules like Slax, non-volatile storage
for Nessus plugins, SecurityForest's ExploitTree or config files, and
enhanced wireless support.

 18. [hidden email]
Figure 3.1: 'Sexiest window manager available' -- Pentoo's new
Enlightenment theme
Note:  Gentoo developer Marcelo Góes has written a review of Pentoo that's
worth reading if you want to know more about what it contains, and
check Pentoo's complete list of tools for detailed information.
Japan: OSC Tokyo coming up
GentooJP[19] is busily preparing for the next open-source conference in
Tokyo: the spring edition of Japan's dedicated open-source events series,
OSC[20]. The upcoming event is going to be held on 17 and 18 March at the
usual venue, the Japan Electronics College[21] in Ogikubo. Admission will
be free, please use the GentooJP mailing list
([hidden email]) in case you'd like to offer your help at
the booth.

UK: EUsecwest security conference in London
Andrea Barisani[22], Gentoo developer featured in the 9 January 2006
edition[23] of the GWN, will be one of the speakers at EUSecWest[24], a
security conference held in London on 20 and 21 February. His talk,
entitled "Lessons in open-source security: the tale of a 0-day
incident"[25], will describe how the rsync exploit (see GLSA 200312-01[26]
and GLSA 200312-03[27] for details) was handled by Gentoo and the rsync
maintainers. Further topics include security in open-source environments
with Hardened Gentoo as one of the covered examples.

 22. [hidden email]
4. Gentoo in the press
====================== (29 January 2006)
Lee Thompson, VP at, gives a flamboyant testimonial to why he
thinks that Gentoo Linux appeals so much from a technology management
perspective: "the rate of patches coming out of the vendor" is so much
faster than with any other operating system that "the amount of change
that you are sustaining on a Gentoo system is orders of magnitude larger."
In his job as CEO of E-Trade, he knows that change can destabilize at
times, but it's still good, and worth the extra effort: "If you can
sustain change faster than somebody else, you're going to survive, and the
person who can't sustain the change is not going to evolve, and they're
going to die off." The only thing he's missing is a dedicated Gentoo
flavor for production servers -- which are still running RedHat, while
Gentoo only powers his laptop. The article[28] contains much more than
just Thompson's love for Gentoo, explaining how open-source development
can be leveraged for commercial success at a company like E-Trade, and he
managed to stir up Steven J. Vaughn-Nichols who wrote another article at
Linux Watch[29] where he references Thompsons testimonial, titled "Selling
Linux to bean-counters."

Wine Headquarter (31 January 2006)
Lo' and behold: Wine, the non-emulator for non-Linux applications on
Linux, is actually faster than Windows XP when it comes to running Windows
applications, claims a benchmark test from WineHQ[30]. our mileage will
vary depending on your Linux config, Wine version and Hardware," says
author Tom Wickline, but it seems to hold true when the test was done with
Wine 0.9.5 on a Gentoo Linux system...

5. Gentoo developer moves
The following developers recently left the Gentoo project:
 * None this week
The following developers recently joined the Gentoo project:
 * Zac Medico (zmedico) - Portage  
 * Alec Warner (antarus) - Portage  
 * Gérald Fenoy (djay) - app-sci herd  
The following developers recently changed roles within the Gentoo project:
 * None this week
6. Gentoo Security
MyDNS: Denial of Service
MyDNS contains a vulnerability that may lead to a Denial of Service
For more information, please see the GLSA Announcement[31]

Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer
overflows that may be exploited to execute arbitrary code.
For more information, please see the GLSA Announcement[32]

GStreamer FFmpeg plugin: Heap-based buffer overflow
The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be
exploited by attackers to execute arbitrary code.
For more information, please see the GLSA Announcement[33]

7. Bugzilla
The Gentoo community uses Bugzilla ([34]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 29 January 2006 and 05 February 2006, activity
on the site has resulted in:

 * 830 new bugs during this period
 * 435 bugs closed or resolved during this period
 * 26 previously closed bugs were reopened this period
Of the 9240 currently open bugs: 75 are labeled 'blocker', 169 are labeled
'critical', and 505 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period
 * Gentoo's Team for Core System packages[35], with 23 closed bugs[36]  
 * Gentoo KDE team[37], with 20 closed bugs[38]  
 * Simon Stelling[39], with 20 closed bugs[40]  
 * Gentoo Security[41], with 14 closed bugs[42]  
 * AMD64 Porting Team[43], with 13 closed bugs[44]  
 * Stefano Rossi[45], with 12 closed bugs[46]  
 * Volkov Peter[47], with 12 closed bugs[48]  
 * Printing Team[49], with 12 closed bugs[50]  
 35. [hidden email]
 37. [hidden email]
 39. [hidden email]
 41. [hidden email]
 43. [hidden email]
 45. [hidden email]
 47. [hidden email]
 49. [hidden email]

New bug rankings
The developers and teams who have been assigned the most new bugs during
this period are:
 * Default Assignee for New Packages[51], with 71 new bugs[52]  
 * Gentoo Games[53], with 9 new bugs[54]  
 * AMD64 Porting Team[55], with 9 new bugs[56]  
 * Gentoo KDE team[57], with 8 new bugs[58]  
 * Default Assignee for Orphaned Packages[59], with 7 new bugs[60]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[61], with 7 new
 * Gentoo's Team for Core System packages[63], with 7 new bugs[64]  
 * Python Gentoo Team[65], with 6 new bugs[66]  
 51. [hidden email]
 53. [hidden email]
 55. [hidden email]
 57. [hidden email]
 59. [hidden email]
 61. [hidden email]
 63. [hidden email]
 65. [hidden email]

8. GWN feedback
Please send us your feedback[67] and help make the GWN better.

 67. [hidden email]
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
[hidden email].
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
[hidden email] from the email address you are
subscribed under.
10. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[68]  
 * Dutch[69]  
 * English[70]  
 * German[71]  
 * French[72]  
 * Korean[73]  
 * Japanese[74]  
 * Italian[75]  
 * Polish[76]  
 * Portuguese (Brazil)[77]  
 * Portuguese (Portugal)[78]  
 * Russian[79]  
 * Spanish[80]  
 * Turkish[81]  

Ulrich Plate <[hidden email]> - Editor
Henrik Brix Andersen <[hidden email]> - Author
Stefan Schweizer <[hidden email]> - Author

[hidden email] mailing list