Gentoo Archives: gentoo-gwn

From: Kurt Lieber <klieber@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter -- Volume 2, Issue 22
Date: Sun, 01 Jun 2003 23:12:06
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of June 2nd, 2003.
1. Gentoo News
 * North America gets two new source mirrors 
 * CFLAGS/cpuinfo collection project 
 * Upcoming infrastructure changes 
North America gets two new source mirrors
As most Gentoo users in North America know, source mirrors for Gentoo 
Linux have often been overloaded as the distribution continues to gain in 
popularity. Fortunately, the load will be eased somewhat with the addition 
of two new source mirrors, provided by the University of California, Santa 
Barbara[1] and pair Networks[2]. 

UCSB, located in sunny Santa Barbara, California, was recently ranked the 
14th best public university in the United States. Renown for its 
scientific research, UCSB professors recently won three Nobel Prizes in 
chemistry and physics for their landmark research. 
pair Networks provides world-class web hosting services to customers 
around the globe. With over 140,000 unique web sites and customers from 
150 different countries, pair Networks has established a reputation in the 
industry for outstanding service at reasonable prices. 
Gentoo Linux wishes to thank both pair Networks and the University of 
California, Santa Barbara, for their generous support of the project. 
Without their support, along with the support of our other sponsors, 
Gentoo Linux would not be the successful distribution that it is today. 
Users interested in taking advantage of these new mirrors can find more 
information on our mirrors[3] page. 

CFLAGS/cpuinfo collection project
One of the projects being worked on within the Gentoo Linux project is an 
application that will generate a recommended set of CHOST/CFLAGS/CXXFLAGS 
for a given system. In order to make this application as useful and 
accurate as possible, we are in need of much sample /proc/cpuinfo data. To 
facilitate this, a web page[4] has been created with both submission forms 
and a quick submission tool. Users are encouraged to submit their 
information. The web page contains additional information about specific 
systems for which we particularly need more data. 

Upcoming infrastructure changes
The infrastructure that supports Gentoo Linux will be undergoing a number 
of changes over the coming weeks. These include: 
 * Migrating our DNS to an outsourced provider. 
 * Load balancing and failover services for the multiple servers that run[5]. 
 * Moving[6] to a new, dedicated server. 
 * Moving[7] to a new, dedicated server. 
 * Distributing and de-centralizing our mail infrastructure, placing list 
   mail on one server and other mail on another server. 
 * Significant changes to the security infrastructure, including kernel 
   patches, chrooted environments for many of our public services,
   iptables scripts and other areas. 
 * Many other smaller changes. 

Considerable effort will be put into ensuring these changes are as smooth 
as possible, with little or no direct impact to the user community. 
However, as with all things technology-related, unforseen circumstances 
and Murphy's Law generally crop up at the most inopportune times. Your 
patience as we work through these changes will be greatly appreciated. 
2. Gentoo Security
 * GLSA: heimdal 
 * GLSA: nessus 
 * New Security Bug Reports 
GLSA: heimdal
A crytographic weakness in Kerberos 4 allows an attacker to impersonate 
any principal in a realm through using a chosen-plaintext attack. This 
vulnerability extends to the implementation of mit-krb5 (see the the GLSA 
in the April 7th GWN[8]) and the Heimdal implementation. 

 * Severity: Critical - Authentication compromise. 
 * Packages Affected: app-crypt/heimdal prior to heimdal-0.6 
 * Rectification: Synchronize and emerge heimdal, emerge clean. 
 * GLSA Announcement[9] 
 * Advisory[10] 

GLSA: nessus
The scripting engine in the Nessus security scanner has several 
vulnerabilities. Exploiting these vulnerabilities to execute arbitrary 
code would require a malicious user to have a valid account as well as 
tricking a user into running a script. 
 * Severity: Moderate - Arbitrary code execution, mitigated by requirement 
   for privileges by exploiter. 
 * Packages Affected: net-analyzer/nessus prior to nessus-2.0.6a 
 * Rectification: Synchronize and emerge nessus, emerge clean. 
 * GLSA Announcement[11] 
 * Advisory[12] 

New Security Bug Reports
The following new security bugs were posted this week: 
 * [13]net-print/cups 
 * [14]sys-devel/gcc 
 * [15]net-www/apache 
3. User stories
A little reminder
Sadly we received no submissions for a user story during the last week. :( 
So it seems like a good time to remind you to send your experiences with 
Gentoo Linux which might be interesting to fellow Gentooers to 
user-stories@g.o like Kai[16], Kenneth[17] and Mathy[18] did!

Fortunately we already have a candidate (who will be quite interesting, 
promise!) for the next issue, we just ran out of time for this week...
4. Featured Developer of the Week
Jon Portnoy, aka avenj
This week we feature Jon Portnoy[19], whose duties in the Gentoo 
development team include recruitment and management of developers (along 
with Development Manager Seemant Kulleen[20]), coordination of releases, 
caretaking of the distfiles repository, and maintenance of some thirty or 
so ebuilds, including ICC[21], Intel's C++ Compiler. As developer 
recruiter and manager, Jon is the person project managers talk to when 
they want to get someone on the team, and oversees the training of new 
recruits (which is conducted by the original sponsor/mentor). He and 
Seemant also handle much of developer policy creation. As release 
coordinator, Jon oversees the entire release process, delegating tasks 
like stage building, QA, GRP building, and works to keep the release 
process flowing smoothly. All the while he makes sure the distfiles 
repository is in shape as much as possible, and has been working to 
integrate ICC into Gentoo Linux's current GCC-focused environment ever 
since he joined the development team. Jon had stopped in at freenode's 
#gentoo seeking help with a tricky initrd problem, ended up staying and 
helping people with their problems, and eventually got noticed by Seemant 
and joined the team as ICC implementor. He's proud of everything he's done 
for Gentoo, especially his management of developers and coordination of 

 19. avenj@g.o
 20. seemant@g.o
Jon uses Enlightenment 0.16.5 with the Maw theme, as well as X-Chat 2, 
Mutt, Mozilla, XMMS, screen, and slrn (he's very active on 
comp.os.linux.advocacy and alt.os.linux.gentoo) on his workstation - 
cerberus, a P3 866mhz with 384MB RAM. He also finds the game Icebreaker 
very addictive. He also uses three other boxen: tempest, a P3 
development/testing box, eris, a K6-2 nameserver/proxy server, and 
lucifer, a celeron 1.8ghz dedicated to compilation. A student living out 
in the middle of nowhere in New Hampshire, Jon enjoys spending time 
outdoors away from his monitors, whether it be walking, biking, or 
kayaking. He also spends lots of time reading and studying history, 
especially Russian history. An aficionado of a variety of kinds of music, 
from Bob Dylan to Lucinda Williams to Juno Reactor to KMFDM, Jon is a 
particularly big fan of industrial music. 
5. Heard In The Community
Web Forums
Spam, Spam, Spam, Baked Beans and Spam
Did you know that Episode 25 of Monty Python's Flying Circus is the reason 
we call it that? SPiced hAM has become a synonym for unsolicited, 
obnoxious commercial email clutter that enrages the Internet community. 
Gentoo users are no different, albeit a little more versatile in anti-spam 
combat, and the forums are witness to some of the more inventive ideas how 
to deal with the no. 1 nuisance on the Internet these days:
 * How about: The Gentoo antispam initiative?[22] 
 * Causing spammers serious pain[23] 
Break My Gentoo
Promoted as "a haven for all those cvs ebuilds left homeless by the Great 
Portage CVS Purge of '03", links to a website maintained by Forums gurus 
karl11[24] and Lin_Matt[25] are occasionally rippling the waves whenever 
something new is not immediately reflected by the official Gentoo 
development activities. does have a bugzilla of their 
own, but everybody seems to prefer swapping experiences at the Gentoo 
 * - Quick howto[27] 
 * CVS HEAD rhythmbox ebuild[28] 

OSnews Poll: And the Winner Is...
Whatever the significance of this may be: Gentoo beat all the other major 
distributions in this year's Linux popularity poll at, up from 
11 percent last year to exactly twice that share of the cake this time 
around. Interestingly enough, the thread that solicited Gentooists to go 
and vote (which at the current traffic experienced inside the Gentoo 
forums may well have contributed to the clear lead in the poll) even 
triggered one of the rare but welcome visits of Eugenia Loli-Queru[29], 
head mistress of everybody's favourite website, and Gentoo forum user with 
one of the earliest membership numbers around...
 * Poll: Vote for your Favorite Linux Distribution[30] 
 * Please vote for Gentoo on OSNews poll[31] 


Performance of nVidia cards
In an uncommonly active thread, Spider called for the -user community to 
submit glxgear benchmark results of their Nvidia graphics cards. The 
submissions provide a good way to compare your hardware to others, 
allowing you to gauge any configuration errors that may be sucking 
precious FPS(frames per second). I'm sure we all appreciate Ernie Schroder 
whoopin' it up[32] in the 3D world. 
 * Perfromance of nVidia cards[33] 

** fixpackages **
As portage travels down the road of becoming the best package manager for 
Linux -- ever --, new features are thrown into the mix. After Tom 
Veldhouse updated portage, he was soon confronted with an unfamilar prompt 
to 'fixpackages'. Other community members may have experienced similar 
confusion. Brett Holcomb notes[34] that, "It's a new feature that fixes 
things when packages move from one category to another" and is located in 
/usr/lib/portage/bin/fixpackages. The gentoo-forums also developed a 
thread[35] discussing the new feature. 
 * emerge and 'fixpackages'?[36] 


Seemant Kulleen posted[37] a message announcing the r3 (masked) release of 

The plan for this 3rd release of xfree is to move all font building into 
seperate packages. However, though it has been released it still needs 
some work.
Menu system for all gentoo wm's
Also an exciting idea[38] was brought up to implement a 
windowmanager-independent menu layout system. A system which maintains 
entries for installated / removed programs in a non wm specific way. Much 
like the .desktop system from

Assigning unique system uid/gid for new ebuild
Considerable discussion took place regarding how to decide what 
uid/gid[39] the new package should run as. The plan apparantly is to make 
the installation process more flexible to include dynamically modifying a 
list of uids/gids. However for now everything is fixed around /etc/passwd, 
which is part of baselayout.

6. Gentoo International
Documentation Translations
Fresh off the presses: Makoto Yamakura has announced an up-to-date 
Japanese version of the Gentoo Installation Guide (x86), available via the 
main Gentoo website. While the Japanese, Dutch, French and German 
translators have thus pretty much synchronized their documents with the 
current state of things, documentation in Spanish, Italian and Swedish is 
lagging behind by a few steps. If you want to contribute to the 
translation efforts for the Gentoo documentation, either by brushing up 
existing language versions or adding new ones, please contact John P. 

 40. zhen@g.o
7. Portage Watch
The following notable packages were updated or added to portage this week

 * sys-kernel/aa-sources: Full sources for Andrea Arcangeli's Linux 
 * sys-kernel/ac-sources: Full sources for Alan Cox's Linux kernel[42] 
 * sys-kernel/development-sources: Full sources for the Development Branch 
   of the Linux kernel[43] 
The following stable packages were updated or added to portage this week
 * app-crypt/heimdal: Kerberos 5 implementation from KTH[44] 
 * app-editors/gvim: Graphical Vim[45] 
 * app-office/gnucash: A personal finance manager[46] 
 * app-office/openoffice:, a full office productivity 
 * app-sci/qcad: A 2D CAD package based upon Qt.[48] 
 * app-shells/pdksh: The Public Domain Korn Shell[49] 
 * dev-db/hk_classes: GUI-independent C++ libraries for database 
 * dev-db/knoda: KDE database frontend based on the hk_classes library[51] 
 * dev-java/ant: Java-based build tool similar to 'make' that uses XML 
   configuration files.[52] 
 * dev-java/blackdown-jre: Blackdown Java Runtime Environment 1.4.1[53] 
 * dev-lang/R: R is GNU S - A language and environment for statistical 
   computing and graphics.[54] 
 * dev-python/PyOpenGL: Python OpenGL bindings[55] 
 * dev-python/docutils: Set of python tools for processing plaintext docs 
   into HTML, XML, etc.[56] 
 * gnome-base/ORBit2: ORBit2 is a high-performance CORBA ORB[57] 
 * gnome-base/bonobo-activation: Gnome2 replacement for OAF[58] 
 * gnome-base/gnome-applets: Applets for the Gnome2 Desktop and Panel[59] 
 * gnome-base/libbonoboui: User Interface part of Lib bonobo[60] 
 * gnome-base/libgnome: Essential Gnome Libraries[61] 
 * gnome-base/libgnomeprint: Printer handling for Gnome[62] 
 * gnome-extra/gnome-media: Multimedia related programs for the Gnome2 
 * gnome-extra/gnome-system-monitor: Procman - The Gnome System 
 * gnome-extra/gnome-utils: Utilities for the Gnome2 desktop[65] 
 * media-gfx/blender: 3D Creation/Animation/Publishing System[66] 
 * media-sound/alsa-driver: Advanced Linux Sound Architecture kernel 
 * net-firewall/fwbuilder: A firewall GUI[68] 
 * net-firewall/kmyfirewall: Graphical KDE iptables configuration tool[69] 
 * net-firewall/shorewall: Full state iptables firewall[70] 
 * net-fs/autofs: Kernel based automounter[71] 
 * net-fs/samba: SAMBA is a suite of SMB and CIFS client/server programs 
   for UNIX[72] 
 * net-irc/xchat: X-Chat is a graphical IRC client for UNIX operating 
 * net-libs/libesmtp: libESMTP is a library that implements the client 
   side of the SMTP protocol[74] 
 * net-libs/libfwbuilder: A firewall GUI (library functions)[75] 
 * net-libs/nss_ldap: NSS LDAP Module[76] 
 * net-libs/pam_ldap: PAM LDAP Module[77] 
 * net-mail/bogofilter: Bayesian spam filter designed with fast 
   algorithms, and tuned for speed.[78] 
 * net-mail/courier-imap: An IMAP daemon designed specifically for 
 * net-mail/disspam: A Perl script that removes spam from POP3 mailboxes 
   based on RBLs.[80] 
 * net-nds/openldap: LDAP suite of application and development tools[81] 
 * net-nds/yp-tools: NIS Tools[82] 
 * net-nds/ypbind: Multithreaded NIS bind service[83] 
 * net-nds/ypserv: NIS SERVER[84] 
 * net-print/cups: The Common Unix Printing System[85] 
 * net-wireless/wireless-tools: A collection of tools to configure 
   wireless lan cards.[86] 
 * net-www/apache: Apache Web Server, Version 2.0.x[87] 
 * sys-apps/di: Disk Information Utility[88] 
 * sys-cluster/ipvsadm: ipvsadm is a utility to administer the IP virtual 
   server services offered by the Linux kernel with IP virtual server 
 * sys-devel/binutils: Tools necessary to build programs[90] 
 * sys-devel/distcc: a program to distribute compilation of C code across 
   several machines on a network[91] 
 * sys-devel/gcc: The GNU Compiler Collection. Includes C/C++ and java 
 * sys-libs/db: Berkeley DB[93] 
 * x11-base/xfree: Xfree86: famous and free X server[94] 
 * x11-libs/gtk+: Gimp ToolKit + [95] 
 * x11-libs/gtkglarea: GL extensions for gtk+[96] 
Total categories: 82
Total packages: 4478 (82 packages added since last week)
8. Bugzilla
Due to technical difficulties with the server on Friday, 
bug statistics will be unavailable this week. Next week's GWN will include 
a two-week summary. 
9. Tips and Tricks
Export an X Session
This week's tip shows you how to run GUI programs remotely by exporting an 
X session and tunneling it over SSH. Note that this is heavily dependant 
on the speed of your network connection. If you're trying to run Mozilla 
off of a box on the other side of the country on a 56K modem it is 
probably not going to work very well. The best application for this is 
running programs over the same LAN or possibly a high-speed WAN. An easy 
example application is running gvim remotely so you can have a GUI editor. 
For this example we assume the local machine has an IP of and 
the remote machine has an IP of On the local machine you're 
going to need to give the remote machine access to connect to your X 
server. Use the command xhost to do this. 
| Code Listing 9.1:                                                       |
| Local machine                                                           |
|                                                                         |
|This command allows the machine with the IP to connect       |
|# xhost +                                                     |
|                                                                         |
On the remote machine, you need to export the $DISPLAY variable to your 
local machine. After that, you should be ready to run GUI programs 
| Code Listing 9.2:                                                       |
| Remote machine                                                          |
|                                                                         |
|# export DISPLAY=""                                       |
|# gvim /etc/passwd                                                       |
|You should see gvim open on your local machine with the contents         |
|of the remote machine's /etc/passwd file.                                |
|                                                                         |

This is very unsecure and not recommended since everything you type 
including passwords will be transmitted over the network unencrypted. 
To tunnel the connection over SSH and thus encrypt the traffic edit your 
/etc/sshd2_config file. 
| Code Listing 9.3:                                                       |
| /etc/sshd2_config                                                       |
|                                                                         |
|Add or edit the following line                                           |
|ForwardX11     yes                                                       |
|                                                                         |
Now connect from the local machine to the remote machine via ssh and start 
your X application. 
| Code Listing 9.4:                                                       |
| Remote machine                                                          |
|                                                                         |
|# gvim /etc/passwd                                                       |
|You should see gvim open on your local machine with the contents         |
|of the remote machine's /etc/passwd file.                                |
|                                                                         |
|Notice that you don't have to set the DISPLAY variable, ssh automagically|
|does that for you. You do however have to allow access to your local     |
|machine's X server (see above).                                          |
|                                                                         |
10. Moves, Adds and Changes
The following developers recently left the Gentoo team: 
 * none this week 
The following developers recently joined the Gentoo Linux team:
 * Rob Holland (robh) -- media-sound 
 * Ned Ludd (solar) -- Hardened Gentoo, grsecurity 
The following developers recently changed roles within the Gentoo Linux 
 * none this week 
11. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 97. gwn-feedback@g.o
12. GWN Feedback
Please send us your feedback[98] and help make GWN better.

 98. gwn-feedback@g.o
13. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
14. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch[99] 
 * English[100] 
 * German[101] 
 * French[102] 
 * Japanese[103] 
 * Italian[104] 
 * Portuguese (Brazil)[105] 
 * Portuguese (Portugal)[106] 
 * Russian[107] 
 * Spanish[108] 
 * Turkish[109] 

Kurt Lieber <klieber@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brice Burgess <nesta@×××××××.net> - Contributor
Michael Kohl <citizen428@g.o> - Contributor
Yuji Carlos Kosugi <carlos@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Peter Sharp <mail@××××××××××××××.net> - Contributor
Kim Tingkaer <kim@×××××××.dk> - Contributor
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
Peter ter Borg <peter@××××××.nl> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
Gerard van den Berg <gerard@××××××.net> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Antoine Raillon <cabec2@××××××.net> - French Translation
Sebastien Cevey <seb@×××××.net> - French Translation
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Klaus-J. Wolf <yanestra@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Christian Apolloni <bsolar@×××××××.ch> - Italian Translation
Daniel Ketel <kage-chan@g.o> - Japanese Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Andy Hunne <andy@×××××××××.com> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Takashi Ota <088@××××××××××.jp> - Japanese Translation
Jaroslaw Swierad <messer@××××××××.net> - Polish Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <gustavo@××××××××××.net> - Portuguese (Portugal) 
Ricardo Jorge Louro <rjlouro@×××××××.org> - Portuguese (Portugal) 
Ricardo Nogueira <R.Nogueira@××××××××××××××××.au> - Portuguese (Brazil) 
Sergey Kuleshov <svyatogor@g.o> - Russian Translator
Dmitry Suzdalev <dimsuz@××××.ru> - Russian Translator
Anton Vorovatov <mazurous@××××.ru> - Russian Translator
Lanark <lanark@××××××××××.ar> - Spanish Translation
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
Jesús García Crespo <correo@××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio Gómez <s3r@××××××××××××.ar> - Spanish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation