Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 20 September 2004
Date: Mon, 20 Sep 2004 19:09:38
Message-Id: 20040920205711.2be7af7c.plate@gentoo.org
1 Gentoo Weekly Newsletter: September 20, 2004
2
3 1. Gentoo News
4
5 First Official Gentoo User Survey
6
7 The Gentoo User Survey has been released. This survey is meant to get
8 some feedback from Gentoo Linux users and give us a feel on how Gentoo
9 is being used and what we can do to improve. The survey should take
10 around ten minutes to complete and will be available through the rest
11 of September. Upon registering for the survey at our new [1]Survey
12 site an activation code will be sent to your email address.
13
14 Forum Platform Embellishments
15
16 As reported three weeks ago, the forums [2]have been moved to new
17 hardware lately. However, many users were still experiencing
18 [3]sluggish behaviour. Now the Forum administrators have looked a
19 little closer into this and started to analyse the problem. They
20 decided not to prune forums because they don't wanted to lose any
21 information that could be of any help to the users. Analysis of the
22 database showed that some tables had become very choppy and filled
23 with search terms hardly anyone would ever use for a search, or the
24 terms, if used at all, wouldn't produce usable results. [4]Robert Coie
25 created a list containing the top 256 words used in posts and broke it
26 down to only a handful of useful search terms. On Wednesday last week,
27 15 September, he [5]dropped all useless words from the wordmatch
28 tables and registered them in the stopword list so that in future
29 these words will stay ignored. Rac thus reduced search index volume by
30 about 20 percent, and the forums became much snappier immediately.
31
32 Benefitting from the few hours that the Forums were read-only on that
33 same day, fellow admin [6]Christian Hartmann applied some patches to
34 the phpBB sources that reduce the hits on the database server by
35 caching and prestoring those tables almost every page relies on. The
36 patches make the Forum software query the database server about 50,000
37 times less per hour. The search for more opportunities to tweak
38 performance is still on, with the aim of pushing the Forum's
39 responsiveness even beyond the level of three years ago when there was
40 only a handful of users.
41
42 2. Gentoo Security
43
44 Samba: Denial of Service vulnerabilities
45
46 Two Denial of Service vulnerabilities have been found and fixed in
47 Samba.
48
49 For more information, please see the [7]GLSA Announcement
50
51 SUS: Local root vulnerability
52
53 SUS contains a string format bug that could lead to local privilege
54 escalation.
55
56 For more information, please see the [8]GLSA Announcement
57
58 cdrtools: Local root vulnerability in cdrecord if set SUID root
59
60 cdrecord, if manually set SUID root, is vulnerable to a local root
61 exploit allowing users to escalate privileges.
62
63 For more information, please see the [9]GLSA Announcement
64
65 Heimdal: ftpd root escalation
66
67 Several bugs exist in the Heimdal ftp daemon which could allow a
68 remote attacker to gain root privileges.
69
70 For more information, please see the [10]GLSA Announcement
71
72 mpg123: Buffer overflow vulnerability
73
74 mpg123 decoding routines contain a buffer overflow bug that might lead
75 to arbitrary code execution.
76
77 For more information, please see the [11]GLSA Announcement
78
79 Apache 2, mod_dav: Multiple vulnerabilities
80
81 Several vulnerabilities have been found in Apache 2 and mod_dav for
82 Apache 1.3 which could allow a remote attacker to cause a Denial of
83 Service or a local user to get escalated privileges.
84
85 For more information, please see the [12]GLSA Announcement
86
87 phpGroupWare: XSS vulnerability in wiki module
88
89 The phpGroupWare software contains a cross site scripting
90 vulnerability in the wiki module.
91
92 For more information, please see the [13]GLSA Announcement
93
94 SnipSnap: HTTP response splitting
95
96 SnipSnap is vulnerable to HTTP response splitting attacks such as web
97 cache poisoning, cross-user defacement, and cross-site scripting.
98
99 For more information, please see the [14]GLSA Announcement
100
101 3. Featured Developer of the Week
102
103 NN - Your Name Here?
104
105 No featured developer this week. If you're a Gentoo developer and you
106 would like to see your portrait here, please contact [15]the GWN team.
107
108 4. Heard in the Community
109
110 gentoo-user
111
112 Comparing Gentoo with Debian
113
114 Just about everyone in the Linux community has heard of Debian Linux.
115 It has been a cornerstone in the Linux distribution world. This week,
116 a rather diverse thread developed from the question of what advantages
117 Gentoo has over Debian. In the end it really all comes down to
118 personal choice; and whatever distribution is right for the job.
119 * [16]vs. Debian
120
121 gentoo-dev
122
123 GCC 3.4 goes ~x86
124
125 After much discussion, GCC 3.4.0 is considered stable enough to be
126 used in ~x86. A few apps like OpenOffice and Sun Java2 SDK still break
127 since GCC 3.4 has stricter syntax checking. It still has some SSE2
128 bugs, too, most noticeable in xorg / xfree, and some 64bit bugs,
129 resulting in some package up/down/cross-grading.
130 * [17]GCC 3.4 goes ~x86
131
132 Portage 2.0.51 becoming stable
133
134 The .51 series of portage has reached _pre23 and is now considered
135 almost stable enough for most uses. Among the many changes are
136 performance enhancements (faster dependency calculation), some cool
137 new features (rebuilding of packages when USE flags have changed, GPG
138 signature verification) and FHS compliance have been introduced.
139 * [18]Portage 2.0.51 becoming stable
140
141 experimental ConfCache patch
142
143 Stuart Herbert writes: "GNU autoconf is a bottleneck for compiling
144 packages - especially on multi-processor boxes. It supports the idea
145 of a cache, but provides no tools for maintaining the cache at all.
146 I've put together an experimental patch for Portage 2.0.50-r10, which
147 maintains a cache for configure to reuse."
148 * [19]experimental ConfCache patch
149
150 Portage prelink patch?
151
152 Every now and then requests for direct portage support for prelink are
153 heard. As it seems, this functionality is mostly included, but still
154 not completely supported. The best course of action now seems to be
155 running prelink manually after large updates.
156 * [20]Portage prelink patch?
157
158 5. Gentoo International
159
160 Germany: International Gentoo PPC Developer Meeting 30 September
161
162 [21]Kransberg Castle is going to be the venue for an impromptu
163 GentooPPC developer meeting scheduled for the 30th of this month.
164 Hosted by GWN editor Ulrich Plate, at least five Gentoo PPC developers
165 including Damien Krotkine (France), David Holm (Sweden), Luca Barbato
166 (Italy), Lars Weiler (Germany) and Bryon Roche (USA) will have dinner,
167 drinks and talks all evening, starting around 19:00. Benjamin Judas of
168 Gentoo Release Enginering will make a special appearance, too. The
169 event marks the closing day of the [22]Freescale Smart Networks
170 Developer Conference in near-by Frankfurt, and it's open for people
171 with an interest in Gentoo PPC, active developers and users alike. If
172 you happen to be in the area and would like to attend the meeting,
173 register with [23]Ulrich Plate, especially if you need accomodation.
174
175 6. Bugzilla
176
177 Summary
178 * [24]Statistics
179 * [25]Closed Bug Ranking
180 * [26]New Bug Rankings
181
182 Statistics
183
184 The Gentoo community uses Bugzilla ([27]bugs.gentoo.org) to record and
185 track bugs, notifications, suggestions and other interactions with the
186 development team. Between 12 September 2004 and 18 September
187 2004,activity on the site has resulted in:
188 * 729 new bugs during this period
189 * 289 bugs closed or resolved during this period
190 * 25 previously closed bugs were reopened this period
191
192 Of the 7369 currently open bugs: 140 are labeled 'blocker', 216 are
193 labeled 'critical', and 589 are labeled 'major'.
194
195 Closed Bug Rankings
196
197 The developers and teams who have closed the most bugs during this
198 period are:
199 * [28]Gentoo Games, with 19 [29]closed bugs
200 * [30]Jeremy Huddleston, with 18 [31]closed bugs
201 * [32]Gentoo KDE team, with 17 [33]closed bugs
202 * [34]Java team, with 16 [35]closed bugs
203 * [36]Gentoo Security, with 13 [37]closed bugs
204 * [38]AMD64 Porting Team, with 10 [39]closed bugs
205 * [40]GCC Porting Team, with 8 [41]closed bugs
206 * [42]Alpha Porters, with 8 [43]closed bugs
207
208 New Bug Rankings
209
210 The developers and teams who have been assigned the most new bugs
211 during this period are:
212 * [44]Net-Mail Packages, with 25 [45]new bugs
213 * [46]Gentoo X-windows packagers, with 20 [47]new bugs
214 * [48]Gentoo's Team for Core System packages, with 17 [49]new bugs
215 * [50]Gentoo KDE team, with 15 [51]new bugs
216 * [52]Portage team, with 15 [53]new bugs
217 * [54]Mozilla Gentoo Team, with 14 [55]new bugs
218 * [56]Gentoo Linux Gnome Desktop Team, with 14 [57]new bugs
219 * [58]AMD64 Porting Team, with 12 [59]new bugs
220
221 7. Tips and Tricks
222
223 Using Unison to Synchronize Two Directories
224
225 A very common question often asked in the Forums and on IRC is how to
226 synchronize directories and files on a host or between different
227 hosts. [60]Unison is a robust user-level file-synchronization tool
228 that works cross-platform available under the GNU Public License.
229
230 Unison offers a textural interface an an interface based on Gtk. If
231 you want to use the Gtk interface make sure to compile unison with gtk
232 useflag enabled.
233
234 Code listing 7.1: Install unison
235 # emerge unison
236
237 To get in touch with the usage of unison we&rsquo;ll create two
238 directories, create some files and sync them with the help of unison.
239
240 Code listing 7.2: Creating some test files and directories
241 # mkdir testdir1
242 # touch testdir1/foo testdir1/bar
243 # mkdir testdir1/null
244 # touch testdir1/null/foobar
245 # mkdir testdir2
246
247 Now we want to synchronize testdir1 and testdir2 so that these
248 directorys will contain the same files after unison finishes.
249
250 Code listing 7.3: Running unison for the first time
251 // We will use the textclient in this example:
252 # unison -ui text testdir1 testdir2
253 [...]
254 testdir1 testdir2
255 file ----> bar [f]
256 file ----> foo [f]
257 dir ----> null [f]
258 [...]
259 #
260
261 The output of unison tells us that it successfully copied 2 files (bar
262 and foo) and 1 directory from testdir1 to testdir2.
263
264 For tutorials and more information about the usage of unison check the
265 [61]Unison - User Manual and Reference.
266
267 8. Moves, Adds, and Changes
268
269 Moves
270
271 The following developers recently left the Gentoo team:
272 * None this week
273
274 Adds
275
276 The following developers recently joined the Gentoo Linux team:
277 * None this week
278
279 Changes
280
281 The following developers recently changed roles within the Gentoo
282 Linux project:
283 * None this week
284
285 9. Contribute to GWN
286
287 Interested in contributing to the Gentoo Weekly Newsletter? Send us an
288 [62]email.
289
290 10. GWN Feedback
291
292 Please send us your [63]feedback and help make the GWN better.
293
294 11. GWN Subscription Information
295
296 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
297 [64]gentoo-gwn-subscribe@g.o.
298
299 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
300 [65]gentoo-gwn-unsubscribe@g.o from the email address you are
301 subscribed under.
302
303 12. Other Languages
304
305 The Gentoo Weekly Newsletter is also available in the following
306 languages:
307 * [66]Danish
308 * [67]Dutch
309 * [68]English
310 * [69]German
311 * [70]French
312 * [71]Japanese
313 * [72]Italian
314 * [73]Polish
315 * [74]Portuguese (Brazil)
316 * [75]Portuguese (Portugal)
317 * [76]Russian
318 * [77]Spanish
319 * [78]Turkish
320
321 line
322 Updated 20 September 2004
323 line
324 [79]Ulrich Plate
325 Editor
326 [80]Brian Downey
327 Author
328 [81]Christian Hartmann
329 Author
330 [82]Patrick Lauer
331 Author
332 [83]Emmet Wagle
333 Author
334 line
335 Summary: This is the Gentoo Weekly Newsletter for the week of 20
336 September 2004.
337 line
338
339 Donate to support our development efforts.
340 Make payments with PayPal - it's fast, free and secure!
341 line
342 [84]The Gentoo Linux Store
343 line
344 [85]php|architect
345
346 php|architect is the monthly magazine for PHP professionals, available
347 worldwide in print and electronic format. A percentage of all the
348 sales will be donated back into the Gentoo project.
349 line
350 [86]Tek Alchemy
351
352 Tek Alchemy offers dedicated servers and other hosting solutions
353 running Gentoo Linux.
354 line
355 [87]DDR Memory at Crucial.com
356
357 Purchase RAM from Crucial.com and a percentage of your sale will go
358 towards further Gentoo Linux development.
359 line
360 [88]Win4Lin at NeTraverse
361
362 Win4Lin from NeTraverse lets you run Windows applications under Gentoo
363 Linux at native speeds.
364 line
365 Copyright 2001-2003 Gentoo Technologies, Inc. Questions, Comments,
366 Corrections? Email [89]www@g.o.
367
368 References
369
370 1. http://survey.gentoo.org/index.php?sid=3
371 2. http://www.gentoo.org/news/en/gwn/20040830-newsletter.xml
372 3. http://forums.gentoo.org/viewtopic.php?p=1534764#1534764
373 4. mailto:rac@g.o
374 5. http://forums.gentoo.org/viewtopic.php?t=223469
375 6. mailto:ian@g.o
376 7. http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml
377 8. http://www.gentoo.org/security/en/glsa/glsa-200409-17.xml
378 9. http://www.gentoo.org/security/en/glsa/glsa-200409-18.xml
379 10. http://www.gentoo.org/security/en/glsa/glsa-200409-19.xml
380 11. http://www.gentoo.org/security/en/glsa/glsa-200409-20.xml
381 12. http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
382 13. http://www.gentoo.org/security/en/glsa/glsa-200409-22.xml
383 14. http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml
384 15. mailto:gwn-feedback@g.o
385 16. http://thread.gmane.org/gmane.linux.gentoo.user/98856
386 17. http://thread.gmane.org/gmane.linux.gentoo.devel/21195
387 18. http://thread.gmane.org/gmane.linux.gentoo.devel/21204
388 19. http://thread.gmane.org/gmane.linux.gentoo.devel/21171
389 20. http://thread.gmane.org/gmane.linux.gentoo.devel/21251
390 21. http://www.schloss-kransberg.de/
391 22. http://www.freescale.com/webapp/sps/site/overview.jsp?nodeId=02VS0llCc5pzMP2861
392 23. mailto:plate@g.o
393 24. file://localhost/home/uli/gwn/20040920-newsletter.html#doc_chap1_sect2
394 25. file://localhost/home/uli/gwn/20040920-newsletter.html#doc_chap1_sect3
395 26. file://localhost/home/uli/gwn/20040920-newsletter.html#doc_chap1_sect4
396 27. http://bugs.gentoo.org/
397 28. mailto:games@g.o
398 29. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-09-12&chfieldto=2004-09-18&resolution=FIXED&assigned_to=games@g.o
399 30. mailto:eradicator@g.o
400 31. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-09-12&chfieldto=2004-09-18&resolution=FIXED&assigned_to=eradicator@g.o
401 32. mailto:kde@g.o
402 33. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-09-12&chfieldto=2004-09-18&resolution=FIXED&assigned_to=kde@g.o
403 34. mailto:java@g.o
404 35. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-09-12&chfieldto=2004-09-18&resolution=FIXED&assigned_to=java@g.o
405 36. mailto:security@g.o
406 37. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-09-12&chfieldto=2004-09-18&resolution=FIXED&assigned_to=security@g.o
407 38. mailto:amd64@g.o
408 39. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-09-12&chfieldto=2004-09-18&resolution=FIXED&assigned_to=amd64@g.o
409 40. mailto:gcc-porting@g.o
410 41. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-09-12&chfieldto=2004-09-18&resolution=FIXED&assigned_to=gcc-porting@g.o
411 42. mailto:alpha@g.o
412 43. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-09-12&chfieldto=2004-09-18&resolution=FIXED&assigned_to=alpha@g.o
413 44. mailto:net-mail@g.o
414 45. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-12&chfieldto=2004-09-18&assigned_to=net-mail@g.o
415 46. mailto:x11@g.o
416 47. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-12&chfieldto=2004-09-18&assigned_to=x11@g.o
417 48. mailto:base-system@g.o
418 49. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-12&chfieldto=2004-09-18&assigned_to=base-system@g.o
419 50. mailto:kde@g.o
420 51. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-12&chfieldto=2004-09-18&assigned_to=kde@g.o
421 52. mailto:dev-portage@g.o
422 53. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-12&chfieldto=2004-09-18&assigned_to=dev-portage@g.o
423 54. mailto:mozilla@g.o
424 55. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-12&chfieldto=2004-09-18&assigned_to=mozilla@g.o
425 56. mailto:gnome@g.o
426 57. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-12&chfieldto=2004-09-18&assigned_to=gnome@g.o
427 58. mailto:amd64@g.o
428 59. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-12&chfieldto=2004-09-18&assigned_to=amd64@g.o
429 60. http://www.cis.upenn.edu/~bcpierce/unison/
430 61. http://www.cis.upenn.edu/~bcpierce/unison/download/stable/latest/unison-manual.html
431 62. mailto:gwn-feedback@g.o
432 63. mailto:gwn-feedback@g.o
433 64. mailto:gentoo-gwn-subscribe@g.o
434 65. mailto:gentoo-gwn-unsubscribe@g.o
435 66. http://www.gentoo.org/news/da/gwn/gwn.xml
436 67. http://www.gentoo.org/news/be/gwn/gwn.xml
437 68. http://www.gentoo.org/news/en/gwn/gwn.xml
438 69. http://www.gentoo.org/news/de/gwn/gwn.xml
439 70. http://www.gentoo.org/news/fr/gwn/gwn.xml
440 71. http://www.gentoo.org/news/ja/gwn/gwn.xml
441 72. http://www.gentoo.org/news/it/gwn/gwn.xml
442 73. http://www.gentoo.org/news/pl/gwn/gwn.xml
443 74. http://www.gentoo.org/news/br/gwn/gwn.xml
444 75. http://www.gentoo.org/news/pt/gwn/gwn.xml
445 76. http://www.gentoo.org/news/ru/gwn/gwn.xml
446 77. http://www.gentoo.org/news/es/gwn/gwn.xml
447 78. http://www.gentoo.org/news/tr/gwn/gwn.xml
448 79. mailto:plate@g.o
449 80. mailto:bdowney@×××××××××××.net
450 81. mailto:ian@g.o
451 82. mailto:patrick@g.o
452 83. mailto:ewagle@×××××.com
453 84. http://store.gentoo.org/
454 85. http://www.phparch.com/bannerclick.php?AID=68&BID=1&BT=127929
455 86. http://www.tek.net/
456 87. http://www.qksrv.net/click-477620-5032687
457 88. http://www.netraverse.com/gentoo.htm
458 89. mailto:www@g.o
459
460 --
461 gentoo-gwn@g.o mailing list