Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-gwn
Navigation:
Lists: gentoo-gwn: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-gwn@g.o
From: Ulrich Plate <plate@g.o>
Subject: Gentoo Weekly Newsletter 8 November 2004
Date: Mon, 8 Nov 2004 00:55:08 +0100
---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 8 November 2004.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
Gentoo User Survey Results
--------------------------
  
Corey Shields[1] has published the preliminary results of the Gentoo User 
Survey[2]. Conducted during two weeks in September, all purely numerical 
data has now been evaluated and processed for publication on Corey's own 
developer webspace, pending interpretation of three additional text-based 
questions that respondents have answered using their own words, which 
requires more work to aggregate, to be added to the published data at a 
later date. 
 1. cshields@g.o
 2. http://dev.gentoo.org/~cshields/survey/survey.html
 
Figure 1.1: Portage and optimizations most important for users
http://www.gentoo.org/images/gwn/20041108-survey1.jpg
 
The results bear little to no surprises as long as current user habits are 
concerned. Out of experience, a majority of Gentooists synchronizing and 
updating their configuration on a daily basis was to be expected. Some of 
the questions concerning future plans for Gentoo provoked answers quite 
outside expectations, though. Who would have thought that simplified, 
possibly GUI-based installation routines would figure so prominently among 
user preferences?
 
Figure 1.2: Caveat: Most respondents said 'None of these'
http://www.gentoo.org/images/gwn/20041108-survey2.jpg
 
Other requests are already reflected in Gentoo's policy. The release 
schedule, estimated to be most useful at a new release every six months by 
47 percent of Gentooists asked, will effectively be changed to a 
twice-a-year rhythm starting with 2005.0. 
    
==================
2. Gentoo security
==================
  
ppp: No denial of service vulnerability
---------------------------------------
  
pppd contains a bug that allows an attacker to crash his own connection, 
but it cannot be used to deny service to other users. 
 
For more information, please see the GLSA Announcement[3]
 3. http://www.gentoo.org/security/en/glsa/glsa-200411-01.xml
    
Cherokee: Format string vulnerability
-------------------------------------
  
Cherokee contains a format string vulnerability that could lead to denial 
of service or the execution of arbitary code. 
 
For more information, please see the GLSA Announcement[4]
 4. http://www.gentoo.org/security/en/glsa/glsa-200411-02.xml
    
Apache 1.3: Buffer overflow vulnerability in mod_include
--------------------------------------------------------
  
A buffer overflow vulnerability exists in mod_include which could possibly 
allow a local attacker to gain escalated privileges. 
 
For more information, please see the GLSA Announcement[5]
 5. http://www.gentoo.org/security/en/glsa/glsa-200411-03.xml
    
Speedtouch USB driver: Privilege escalation vulnerability
---------------------------------------------------------
  
A vulnerability in the Speedtouch USB driver can be exploited to allow 
local users to execute arbitrary code with escalated privileges. 
 
For more information, please see the GLSA Announcement[6]
 6. http://www.gentoo.org/security/en/glsa/glsa-200411-04.xml
    
libxml2: Remotely exploitable buffer overflow
---------------------------------------------
  
libxml2 contains multiple buffer overflows which could lead to the 
execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[7]
 7. http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
    
MIME-tools: Virus detection evasion
-----------------------------------
  
MIME-tools doesn't handle empty MIME boundaries correctly. This may 
prevent some virus-scanning programs which use MIME-tools from detecting 
certain viruses. 
 
For more information, please see the GLSA Announcement[8]
 8. http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
    
Proxytunnel: Format string vulnerability
----------------------------------------
  
Proxytunnel is vulnerable to a format string vulnerability, potentially 
allowing a remote server to execute arbitrary code with the rights of the 
Proxytunnel process. 
 
For more information, please see the GLSA Announcement[9]
 9. http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml
    
GD: Integer overflow
--------------------
  
The PNG image decoding routines in the GD library contain an integer 
overflow that may allow execution of arbitrary code with the rights of the 
program decoding a malicious PNG image. 
 
For more information, please see the GLSA Announcement[10]
 10. http://www.gentoo.org/security/en/glsa/glsa-200411-08.xml
    
shadow: Unauthorized modification of account information
--------------------------------------------------------
  
A flaw in the chfn and chsh utilities might allow modification of account 
properties by unauthorized users. 
 
For more information, please see the GLSA Announcement[11]
 11. http://www.gentoo.org/security/en/glsa/glsa-200411-09.xml
    
Gallery: Cross-site scripting vulnerability
-------------------------------------------
  
Gallery is vulnerable to cross-site scripting attacks. 
 
For more information, please see the GLSA Announcement[12]
 12. http://www.gentoo.org/security/en/glsa/glsa-200411-10.xml
    
ImageMagick: EXIF buffer overflow
---------------------------------
  
ImageMagick contains an error in boundary checks when handling EXIF 
information, which could lead to arbitrary code execution. 
 
For more information, please see the GLSA Announcement[13]
 13. http://www.gentoo.org/security/en/glsa/glsa-200411-11.xml
    
=========================
3. Heard in the community
=========================
  
gentoo-user
-----------
  
Sharing /usr/portage
 
Supporting multiple Gentoo systems typically means maintaining separate 
copies of the portage tree. To save disk space and time, several users 
discuss how to manage a single shared copy across all systems.
 
 * How much of portage can be shared/deleted?[14]  
 14. http://thread.gmane.org/gmane.linux.gentoo.user/105834
 
Perl modules in Portage
 
One user inquires about installing perl modules in portage after having 
trouble finding them. Portage offers a helpful script to search for perl 
modules and dynamically generate an ebuild to install them.
 
 * GPG and Perl Modules[15]  
 15. http://thread.gmane.org/gmane.linux.gentoo.user/106090
    
gentoo-dev
----------
  
PS2 and Gentoo Linux
 
As Gentoo seems to run on everything (except maybe refrigerators), this 
thread explores the feasibility of Gentoo on the PlayStation 2. Getting a 
full Gentoo install on it will not be easy, but it looks like lots of fun 
trying to. 
 
 *  PS2 and Gentoo Linux[16] 
 16. http://thread.gmane.org/gmane.linux.gentoo.devel/22674
 
Handling multiple packages providing a symlink
 
Ciaran McCreesh[17] explores the possibilities of handling multiple 
packages (like vi, vim, elvis) providing symlinks (in this case for vi). 
Most suggestions from others included implementing a system like Debian 
alternatives, so expect some nice and pleasant modifications soon. 
 17. ciaranm@g.o
 
 * Handling multiple packages providing a symlink[18] 
 18. http://thread.gmane.org/gmane.linux.gentoo.devel/22647
 
Official Gentoo motto?
 
Following a NewsForge article claiming that the official Gentoo Motto was 
"If it moves, compile it", people were wondering - since clearly this 
isn't it - what could in fact be a good motto for Gentoo. 
 
 *  Official Gentoo Motto?[19] 
 19. http://thread.gmane.org/gmane.linux.gentoo.devel/22540
   
=======================
4. Gentoo International
=======================
  
Italy: Gentoo Day
-----------------
  
27 November 2004 is going to be the date for the fourth time that Italy's 
ever-growing open-source movement organizes a national Linux day[20], and 
the second time that this Italy-wide event is reason enough for the 
Italian Gentoo users to prepare for some evangelism of their own: For the 
second year in a row, "Gentoo Day" is going to be held simultaneously in 
two cities in Italy, Prato and Milano, thanks to those Gentooists active 
in the Gentoo Channel Italia (Gechi) framework, and the hospitality of two 
co-organizing local Linux User Groups, MiLUG[21] and PLUG[22]. Gentoo Day 
encompasses talks by weathered Gentoo presenters, various architectures on 
display, some paraphernalia for collectors of Gentoo gadgetry, and of 
course the opportunity to meet other Gentoo users and developers. If you 
want to join the Gechi in this endeavour in either of the two cities 
separated by about 300 kilometres, check this Forum thread[23] and the 
Gechi's own forum[24] (both links in Italian). 
 20. http://www.linux.it/LinuxDay/
 21. http://www.milug.org/
 22. http://www.prato.linux.it/
 23. http://forums.gentoo.org/viewtopic.php?t=242767
 24. http://www.gechi.it/forums/viewtopic.php?t=12
    
UK: Gentoo User Meeting in Cambridge
------------------------------------
  
Last Thursday, 4 November 2004, Gentoo users and developers flocked from 
places such as Poland, Peru, and even as far away as Cambridge, to meet up 
for a quick drink in "The Eagle" pub, Cambridge, UK. Accompanied by a few 
members of the Cambridge LUG[25], the turnout was higher than expected, at 
about 15. Overall an enjoyable evening in anticipation for future Gentoo 
UK meetings. 
 25. http://www.cambridge-lug.org/
    
======================
5. Gentoo in the press
======================
  
Notebook Review (5 November 2004)
---------------------------------
  
User experiences with a recent LG Electronics notebook model is what the 
LG X-Note LM50 notebook review[26] is really all about, marking good old 
Korean Lucky Goldstar's[27] debut on the North-American notebook market. A 
plain hardware review, if it wasn't for a rather unexpected twist the 
article takes about halfway down: The author has to cut the list of 
hardware items he intended to write shorter than planned because he can't 
access the device info in Windows - with the review not even finished, his 
new LM50 is already busy installing Gentoo Linux.
 26. http://www.notebookreview.com/default.aspx?newsID=2079
 27. http://lg.ca
    
===========
6. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[28]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 31 October 2004 and 07 November 2004, activity 
on the site has resulted in: 
 28. http://bugs.gentoo.org
 
 * 743 new bugs during this period 
 * 428 bugs closed or resolved during this period 
 * 26 previously closed bugs were reopened this period 
 
Of the 7400 currently open bugs: 122 are labeled 'blocker', 251 are 
labeled 'critical', and 560 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * ppc64 architecture team[29], with 70 closed bugs[30]  
 * Gentoo's Team for Core System packages[31], with 23 closed bugs[32]  
 * Gentoo Security[33], with 18 closed bugs[34]  
 * Gentoo Linux Gnome Desktop Team[35], with 17 closed bugs[36]  
 * Jeremy Huddleston[37], with 14 closed bugs[38]  
 * Gentoo KDE team[39], with 12 closed bugs[40]  
 * Chris Gianelloni[41], with 11 closed bugs[42]  
 * Gentoo Linux bug wranglers[43], with 11 closed bugs[44]  
 29. ppc64@g.o
 30. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=ppc64@g.o
 31. base-system@g.o
 32. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=base-system@g.o
 33. security@g.o
 34. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=security@g.o
 35. gnome@g.o
 36. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=gnome@g.o
 37. eradicator@g.o
 38. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=eradicator@g.o
 39. kde@g.o
 40. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=kde@g.o
 41. wolf31o2@g.o
 42. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=wolf31o2@g.o
 43. bug-wranglers@g.o
 44. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=bug-wranglers@g.o
    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * AMD64 Porting Team[45], with 30 new bugs[46]  
 * Gentoo's Team for Core System packages[47], with 13 new bugs[48]  
 * SpanKY[49], with 12 new bugs[50]  
 * Gentoo Games[51], with 10 new bugs[52]  
 * Gentoo X-windows packagers[53], with 8 new bugs[54]  
 * Net-Mail Packages[55], with 8 new bugs[56]  
 * Gentoo KDE team[57], with 8 new bugs[58]  
 * media-video herd[59], with 7 new bugs[60]  
 45. amd64@g.o
 46. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=amd64@g.o
 47. base-system@g.o
 48. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=base-system@g.o
 49. vapier@g.o
 50. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=vapier@g.o
 51. games@g.o
 52. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=games@g.o
 53. x11@g.o
 54. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=x11@g.o
 55. net-mail@g.o
 56. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=net-mail@g.o
 57. kde@g.o
 58. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=kde@g.o
 59. media-video@g.o
 60. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=media-video@g.o
    
==================
7. Tips and Tricks
==================
  
Specifying only needed locales
------------------------------
  
The locales a user can choose from are built by the glibc. Usually all 
available locales starting from aa_DJ (Afar locale for Djibouti) over 
en_US (English locale for the USA) to zu_ZA.utf8 (Zulu locale for South 
Africa) will be installed. Unless you're working at the UN and administer 
a central server for all member states, it is difficult to conceive why 
you would need a system where all of these locales are installed. This 
week's tip was written with all those of you in mind who'd like to save 90 
percent of the space occupied by locales in their system, by limiting the 
number of installed locales to the bare minimum. 
 
Ever since sys-libs/glibc-2.3.4.20040619-r2 has been in Portage, a 
USE-flag called userlocales was provided to make sure only those locales 
mentioned in /etc/locales.build are to be built and installed. As a 
side-effect, this also leads to a much faster emerge of glibc, obviously. 
 
---------------------------------------------------------------------------
| Code Listing 7.1:                                                       |
|Activate the userlocales USE flag especially for                         |
glibc----------------------------------------------------------------------
---
|                                                                         |
|echo "sys-libs/glibc userlocales" >> /etc/portage/package.use            |
|                                                                         |
---------------------------------------------------------------------------
 
Now specify the locales you want to be able to use: 
 
---------------------------------------------------------------------------
| Code Listing 7.2:                                                       |
|nano -w                                                                  |
/etc/locales.build---------------------------------------------------------
----------------
|                                                                         |
|The format of the locales is described in the file itself.               |
|en_US/ISO-8859-1                                                         |
|en_US.UTF-8/UTF-8                                                        |
|de_DE/ISO-8859-1                                                         |
|de_DE@euro/ISO-8859-15                                                   |
|de_DE.UTF-8/UTF-8                                                        |
|                                                                         |
---------------------------------------------------------------------------
 
For further information about locale-handling make sure you read our 
Gentoo Linux Localization Guide[61].
 61. http://www.gentoo.org/doc/en/guide-localization.xml
 
Another interesting tool is app-admin/localepurge which can clean out any 
installed man-page or info-file in languages you don't need on your 
system. You should read the man-page to localepurge in any case, and 
configure languages you intend to keep in /etc/locale.nopurge. 
 
By the way, if you want to prohibit the installation of all man-pages, 
info-files or documentation, for example when space on your disk is 
severely limited, you can add noman, nodoc and/or noinfo to FEATURES in 
your /etc/make.conf. 
    
===========================
8. Moves, adds, and changes
===========================
  
Moves
-----
  
The following developers recently left the Gentoo team:
 
 * Yi Qiang - Gnome 
    
Adds
----
  
The following developers recently joined the Gentoo Linux team:
 
 * Simone Gotti (motaboy) - KDE 
 * Roy Marples (uberlord) - Init scripting 
 * Michael Tindal (urilith) - Apache, Embedded, Hardened 
 * Alin Nastac (mrness) - Net dialup 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project:
 
 * None this week 
    
====================
9. Contribute to GWN
====================
   
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
email[62].
 62. gwn-feedback@g.o
    
================
10. GWN feedback
================
   
Please send us your feedback[63] and help make the GWN better.
 63. gwn-feedback@g.o
    
================================
11. GWN subscription information
================================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-subscribe@g.o.
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
    
===================
12. Other languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[64] 
 * Dutch[65] 
 * English[66] 
 * German[67] 
 * French[68] 
 * Japanese[69] 
 * Italian[70] 
 * Polish[71] 
 * Portuguese (Brazil)[72] 
 * Portuguese (Portugal)[73] 
 * Russian[74] 
 * Spanish[75] 
 * Turkish[76] 
 64. http://www.gentoo.org/news/da/gwn/gwn.xml
 65. http://www.gentoo.org/news/be/gwn/gwn.xml
 66. http://www.gentoo.org/news/en/gwn/gwn.xml
 67. http://www.gentoo.org/news/de/gwn/gwn.xml
 68. http://www.gentoo.org/news/fr/gwn/gwn.xml
 69. http://www.gentoo.org/news/ja/gwn/gwn.xml
 70. http://www.gentoo.org/news/it/gwn/gwn.xml
 71. http://www.gentoo.org/news/pl/gwn/gwn.xml
 72. http://www.gentoo.org/news/br/gwn/gwn.xml
 73. http://www.gentoo.org/news/pt/gwn/gwn.xml
 74. http://www.gentoo.org/news/ru/gwn/gwn.xml
 75. http://www.gentoo.org/news/es/gwn/gwn.xml
 76. http://www.gentoo.org/news/tr/gwn/gwn.xml
   
Ulrich Plate <plate@g.o> - Editor
Brian Downey <bdowney@...> - Author
Patrick Lauer <patrick@g.o> - Author
Emmet Wagle <ewagle@...> - Author
Lars Weiler <pylon@g.o> - Author


--
gentoo-gwn@g.o mailing list

Navigation:
Lists: gentoo-gwn: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Gentoo Weekly Newsletter 1 November 2004
Next by thread:
Gentoo Weekly Newsletter 15 November 2004
Previous by date:
Gentoo Weekly Newsletter 1 November 2004
Next by date:
Gentoo Weekly Newsletter 15 November 2004


Updated Jun 17, 2009

Summary: Archive of the gentoo-gwn mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.