Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-gwn
Lists: gentoo-gwn: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-gwn@g.o
From: Ulrich Plate <plate@g.o>
Subject: Gentoo Weekly Newsletter 10 January 2005
Date: Mon, 10 Jan 2005 01:51:46 +0100
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 10 January 2005.
1. Gentoo News
Discouraging Forum abuse: visual registration confirmation added
In the last week of December 2004, an attacker had registered about 8,500 
user accounts from more than 160 hosts, in less than one hour. While the 
Forum admins were working on a solution to block these registrations, 
users started reporting the mass forum account registrations[1]. A few 
hours later 15696 user accounts were deleted[2], taking along a number of 
inactive accounts from the past.
To prevent these mass registration attempts from happening again, a visual 
registration confirmation has now been added to the Forum user account 
registration process. This function was originally implemented in the 
phpBB[3] 2.2 development versions, with the changes being backported to 
version 2.0.11 of phpBB. The same changes have now been applied to the 
customized version of phpBB that is installed at[4].
2.6.10 kernel marked stable
By the time you are reading this, the Linux 2.6.10 release of 
gentoo-dev-sources will be marked stable, or in the final stages of being 
tested, on supported system architectures. Linux 2.6.10, released late on 
Christmas Eve, is proving to be the best kernel release in a long time, 
fixing almost all of the issues we know about present in 2.6.9 and 
earlier. Relatively few new issues have been reported, and the major ones 
have already been fixed. 2.6 users are recommended to upgrade as soon as 
possible, as this release also fixes some recently discovered security 
2. Future zone
Project goals for 2005
A meta-thread on the gentoo-dev mailing list keeps track of goals set 
forth for some Gentoo projects. Here's an overview of items scheduled to 
see the light of day shortly: 
Release engineering
 * Biannual release schedule: The first release (2005.0) will be in 
January, and the second release (2005.1) will be in July/ August. Each 
release will include install cds, stages, and GRP. 
 * LiveCDs: Plans are to replace the current universal LiveCD with a 
Knoppix-like XLiveCD. Media will be renamed accordingly; the minimal 
LiveCD will remain but will instead be called the minimal installCD. 
 * Gentoo Reference Platform (GRP): Working in a joint effort with the 
installer project, Release Engineering is working on redefining the GRP. 
The current plan, which is subject to change, will use functionality 
similar to quickpkg by packaging the installed packages on the XLiveCD and 
copying them to the target system. 
 * Migrate all existing ebuilds to kernel-2 and linux-* eclasses 
 * Push 2.6 for default where possible for headers and sources. 
 * Consolidate appropriate source packages, e.g. dev-sources -> 
 * Further improve our current eclass framework for additional kernels 
(BSD, Darwin) 
 * Have a stage or a set of stages that will be used to install 
 * Have a working baselayout. 
 * Have an installation CD (a.t.m. FreeSBIE can be used) 
 * Have a fair amount of keyworded ebuilds 
 * Have some of our *BSD specific patches applied to portage 
 * Finish our profile, stabilize our set of tarballs 
3. Gentoo security
LinPopUp: Buffer overflow in message reply
LinPopUp contains a buffer overflow potentially allowing execution of 
arbitrary code. 
For more information, please see the GLSA Announcement[5] 
a2ps: Multiple vulnerabilities
The fixps and psmandup scripts in the a2ps package are vulnerable to 
symlink attacks, potentially allowing a local user to overwrite arbitrary 
files. A vulnerability in a2ps filename handling could also result in 
arbitrary command execution. 
For more information, please see the GLSA Announcement[6] 
Mozilla, Firefox, Thunderbird: Various vulnerabilities
Various vulnerabilities were found and fixed in Mozilla-based products, 
ranging from a potential buffer overflow and temporary files disclosure to 
anti-spoofing issues. 
For more information, please see the GLSA Announcement[7] 
Shoutcast Server: Remote code execution
Shoutcast Server contains a possible buffer overflow that could lead to 
the execution of arbitrary code. 
For more information, please see the GLSA Announcement[8] 
mit-krb5: Heap overflow in libkadm5srv
The MIT Kerberos 5 administration library (libkadm5srv) contains a heap 
overflow that could lead to execution of arbitrary code. 
For more information, please see the GLSA Announcement[9] 
tiff: New overflows in image decoding
An integer overflow has been found in the TIFF library image decoding 
routines and the tiffdump utility, potentially allowing arbitrary code 
For more information, please see the GLSA Announcement[10] 
xine-lib: Multiple overflows
xine-lib contains multiple overflows potentially allowing execution of 
arbitrary code. 
For more information, please see the GLSA Announcement[11] 
phpGroupWare: Various vulnerabilities
Multiple vulnerabilities have been discovered in phpGroupWare that could 
lead to information disclosure or remote compromise. 
For more information, please see the GLSA Announcement[12] 
xzgv: Multiple overflows
xzgv contains multiple overflows that may lead to the execution of 
arbitrary code. 
For more information, please see the GLSA Announcement[13] 
Vilistextum: Buffer overflow vulnerability
Vilistextum is vulnerable to a buffer overflow that allows an attacker to 
execute arbitrary code through the use of a malicious webpage. 
For more information, please see the GLSA Announcement[14] 
4. Heard in the community
Web forums
Disappearing X causing slight unrest
The decision by Gentoo developers to gently nudge people to use xorg-x11 
isn't entirely new, but the deletion of XFree86 from Portage on 1 January 
seems to have come as a nasty surprise to some people. One thread out of a 
handful, to represent them all:
 * I refuse to use sucks! (nevermind....user error)[15] 
New global moderator Earthwings
Earthwings[16] has already served in the German subforum for several 
months before being promoted to deal with the rest of the lot now:
 * [forums-announce] New global moderator[17] 
Achieving Hardware Happiness?
Many laptop users experience the same conundrum: Having a mobile computer 
results in different configurations. Most of the time these are 
network-related, for example the difference between a corporate LAN and a 
home network. But occasionally this includes hardware as well. Many 
laptops have hardware docking stations with additional network cards, 
video adapters, and even SCSI. This presents a unique issue to Linux users 
since most of the time, the various settings are hard-edited into various 
files in /etc. Curious how to find your own way to portable paradise? Read 
 * gentoo and "rc hell"?[18] 
Bash Arguments
What could be more Linux-y than a debate on the proper way to delete many 
files out of a directory? There's xargs, find, even... for loops? An 
informative thread of opinionated answers is what we got this week! 
 * Bash query? 'Argument list too long'[19] 
"Monitoring" CPU Usage
On a more humorous note, one list member posted a "helpful" link to a 
newsforge article on a CPU monitoring package called "Hot Babe". We'll 
provide GWN readers a link to the gentoo-user thread, and leave it at 
 * Hot Babe and Debian (GENTOO :-)[20] 
RFC: Advice on driving compile times down
Stuart Herbert[21] asks how to reduce compile times. Read the thread for 
the different possibilities offered to Gentoo users. 
 21. stuart@g.o
 * RFC: Advice on driving compile times down[22] 
xfree gone
With this short notice Gentoo officially stopped supporting xfree. All 
users are asked to migrate to xorg. 
 * xfree gone[23] 
2005.0 2.4 & 2.6 stages
John Davis[24] asks, on behalf of the Gentoo Releng subproject, which 
kernel header and sources 2005.0 stages should be offered. He writes: "Our 
options for building include (a) only 2.6 stages, (b) only 2.4 stages, or 
(c) a combination of 2.4 and 2.6 stages." From rom a release point of view 
only one set would be preferred, but many users still depend on 2.4 
kernels. This rather long thread explores the many small problems that may 
arise and shows how difficult it is to make all people equally happy :-) 
 24. zhen@g.o
 * 2005.0 2.4 & 2.6 stages[25] 
>From a mailing list mostly frequented by people using Gentoo for 
non-desktop purposes, gentoo-server@g.o, here's a noteworthy thread 
that has spun from the original poster asking a simple question: 
 * Who uses Gentoo in production?[26] 
5. Gentoo International
USA: Gentoo lectures at MIT, 10 and 24 January
Rajiv Manglani[27], Gentoo Linux Security Team member and PPC developer, 
will give an introductory (10 January) and an advanced lecture (24 
January) on Gentoo Linux at the Massachusetts Institute of Technology, 
MIT, in Cambridge, MA. Both lectures are sponsored by the MIT's Student 
Information Processing Board (SIPB) and will be held tonight and Monday 24 
starting at 20:00, at Building 4[28] room 237 (today) and room 231 (24 
January) respectively. The first lecture will focus on giving an overview 
and demonstrating a running Gentoo system, while the "Advanced Gentoo 
Linux" presentation on 24 January will have more in-depth discussions of 
Portage and ebuild script creation, system tools such as qpkg and etcat. 
More details can be found in Rajiv's Independent Activities Period Gentoo 
lecture announcements[29]. Please make sure to RSVP to the Student 
Information Board[30] if you plan on attending.
 27. rajiv@g.o
 30. sipb-iap-gentoo@...
Canada: Gentoo LTSP project at elementary school
The Prairie Linux User Group[31] (PLUG) is planning to deploy Gentoo Linux 
at the Holy Cross Elementary School in Winnipeg. The project will use 
reclaimed hardware previously running various shades of Windows that are 
being replaced with Linux due to cost of licensing for upgrades, concerns 
about lax security, growing hardware requirements if Windows was chosen as 
an upgrade path, and the current platform generally not meeting the 
educational requirements at the school any longer. The setup includes an 
implementation of the Linux Terminal Server Project[32] (LTSP) across 
thirty workstations, with Gentoo Linux running openmosix for the terminal 
server system. On Thursday 20 January the PLUG will meet at the University 
of Winnipeg[33] (starting at 19:00 in room 2M70) to get a few things 
straightened out before performing their real world test at the school on 
Sunday, 23 January from 10:00. Thirty elementary students have been 
invited to stress-test the system that they might get to keep if it works 
as advertized: "If the system is successfully able to meet the 
requirements it would be permanently installed," says PLUG member Mike 
Crawford[34], a Gentoo dev-perl developer-to-be and maintainer of one of 
the official Gentoo file mirrors ( More details 
can be found at the PLUG meeting announcement[35]. 
 34. ali3n@...
6. Gentoo in the press
Linux Journal (5 January 2005)
Andrew Cowie with the Linux Journal published a rather flattery piece on 
"Gentoo for all the unusual reasons,"[36] providing extensive coverage of 
Portage as a tool for professional use: "You might think of Gentoo as a 
bleeding-edge distribution for development workstations, but the simple 
packaging system can make it a good choice for any production system that 
needs to stay up to date," writes the author in his introduction, before 
explaining in great detail the steps for installing and updating software 
in Gentoo, all nicely accompanied by screenshots. The thoroughly 
researched article was among LJ's top reads and most commented-on articles 
last week - even without the GWN boosting its popularity yet again... 
7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([37]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 02 January 2005 and 09 January 2005, activity on 
the site has resulted in: 
 * 815 new bugs during this period 
 * 528 bugs closed or resolved during this period 
 * 23 previously closed bugs were reopened this period 
Of the 7862 currently open bugs: 117 are labeled 'blocker', 229 are 
labeled 'critical', and 568 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo's Team for Core System packages[38], with 32 closed bugs[39]  
 * Java team[40], with 26 closed bugs[41]  
 * AMD64 Porting Team[42], with 26 closed bugs[43]  
 * media-video herd[44], with 25 closed bugs[45]  
 * Gentoo Games[46], with 21 closed bugs[47]  
 * Gentoo X-windows packagers[48], with 15 closed bugs[49]  
 * Gentoo Security[50], with 15 closed bugs[51]  
 * Tim Yamin[52], with 13 closed bugs[53]  
 38. base-system@g.o
 40. java@g.o
 42. amd64@g.o
 44. media-video@g.o
 46. games@g.o
 48. x11@g.o
 50. security@g.o
 52. plasmaroo@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Gentoo Sound Team[54], with 30 new bugs[55]  
 * AMD64 Porting Team[56], with 21 new bugs[57]  
 * media-video herd[58], with 20 new bugs[59]  
 * optical media herd[60], with 19 new bugs[61]  
 * Gentoo X-windows packagers[62], with 17 new bugs[63]  
 * Gentoo Linux Gnome Desktop Team[64], with 14 new bugs[65]  
 * Gentoo's Team for Core System packages[66], with 11 new bugs[67]  
 * Gentoo VMWare Bug Squashers[68], with 10 new bugs[69]  
 54. sound@g.o
 56. amd64@g.o
 58. media-video@g.o
 60. media-optical@g.o
 62. x11@g.o
 64. gnome@g.o
 66. base-system@g.o
 68. vmware@g.o
8. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * Benedikt Böhm (hollow) - Apache 
 * Saleem Abdulrasool (compnerd) - Java 
The following developers recently changed roles within the Gentoo Linux 
 * Lance Albertson (Ramereth) - New dev for netmon et al. (on top of his 
regular assignment to the infrastructure team) 
 * Danny Van Dyk (Kugelfang) and Mike Doty (KingTaco) - AMD64 operational 
co-leads (taking over from Travis Tilley) 
 * Jeremy Huddleston (eradicator) - Recruiting co-lead 
9. Tips and tricks
Denu - a Portage-savvy menu generator for window managers
Are you switching from Fluxbox to Gnome to KDE a lot? Would you like to 
try out even more window managers, if it wasn't for the missing 
application entries in the menus to hop along with you? This week's tip 
brings a nifty solution in reach: Denu[70] is a brandnew tool to assist in 
menu generation. It can generate similarly structured menus for various 
window managers enabling easy transitions from one to another. Denu 
synchronizes with an online database to allow program definitions to be 
updated without a software update, and best of all: Portage itself 
provides the installed program data!
| Code Listing 9.1:                                                       |
|Emerge                                                                   |
|                                                                         |
|# cd $PORTDIR_OVERLAY/x11-misc/denu Create the appropriate overlay as    |
necessary (Denu is not in Portage yet)
|# wget   |
|# emerge denu                                                            |
|                                                                         |
Before we go any further backup any menu configurations you don't want 
overwritten. Now run denu as a normal user, Denu is not meant to be run as 
Figure 9.1: Screenshot of menu creation with Denu
The first step after installing Denu is to run Update (for program 
definitions) and Sysupdate (for the current list of installed programs). 
Neither of these are run at startup, so after installing a new program via 
Portage, Sysupdate will need execution again. 
To create a menu there are two approaches: hand pick entries from the 
Installed Tree and add them, or you can hit Autofill, and Denu will 
automatically generate a menu based on the information it has. 
Reorganizing a newly created menu is as simple as drag and drop, menu 
systems will respect the order of entries, except for Gnome and KDE who 
sort things alphabetically. Click on generate and then one of the boxes 
corresponding to your desired window manager or desktop environment. Some 
window managers like Fluxbox be able to use your menu immediately, others 
may need to be reconfigured or restarted. 
Denu is still under development, but author Shux[71] has scanned half of 
the Portage tree for items that might be needed in a GUI menu already. For 
the remaining half (or things that might need adding in the future) Denu 
provides a tool to include other applications not in its database yet. 
Adding programs and their categories, descriptions etc. is just as easy as 
shifting them around. For questions and answers of all sorts check the 
lively Denu 2.0 thread in the Forums[72]. 
 71. shux_linux@...
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
 73. gwn-feedback@g.o
11. GWN feedback
Please send us your feedback[74] and help make the GWN better.
 74. gwn-feedback@g.o
12. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
13. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[75] 
 * Dutch[76] 
 * English[77] 
 * German[78] 
 * French[79] 
 * Japanese[80] 
 * Italian[81] 
 * Polish[82] 
 * Portuguese (Brazil)[83] 
 * Portuguese (Portugal)[84] 
 * Russian[85] 
 * Spanish[86] 
 * Turkish[87] 
Ulrich Plate <plate@g.o> - Editor
Brian Downey <bdowney@...> - Author
Daniel Drake <dsd@g.o> - Author
Christian Hartmann <ian@g.o> - Author
Patrick Lauer <patrick@g.o> - Author

gentoo-gwn@g.o mailing list

Lists: gentoo-gwn: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Gentoo Weekly Newsletter 3 January 2005
Next by thread:
Gentoo Weekly Newsletter 17 January 2005
Previous by date:
Gentoo Weekly Newsletter 3 January 2005
Next by date:
Gentoo Weekly Newsletter 17 January 2005

Updated Jun 17, 2009

Summary: Archive of the gentoo-gwn mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.