Gentoo Archives: gentoo-gwn

From: Yuji Carlos Kosugi <carlos@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter -- Volume 2, Issue 34
Date: Mon, 22 Sep 2003 15:00:07
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of September 22nd, 2003.
1. Gentoo News
 * Gentoo 1.4 maintenance release 1 for x86 
 * Experimental IA-64 stage1 available 
Gentoo 1.4 maintenance release 1 for x86
New 20030911 builds of Gentoo 1.4 are now available on mirrors[1] and at 
the Gentoo Store[2] so this may be a good time to reburn your CDs or to 
order some copies of the LiveCDs. This maintenance build has the same 
functionality as the 1.4 release but fixes many bugs. Also, if you 
installed Gentoo with the 1.4 release there's no need to worry because the 
releases are only relevant for the LiveCDs and GRPs; run emerge rsync; 
emerge -u world and your Gentoo system will be as up-to-date as anyone 

Experimental IA-64 stage1 available
The IA-64 port can now be fully built from stage1, and an experimental 
IA-64 stage1 tarball is now available under experimental/ia64. There's no 
LiveCD, but users are encouraged to try building a system, see how it 
works, and submit bugs to Bugzilla[3]. 

2. Gentoo Security
 * GLSA: mysql 
 * GLSA: exim 
 * GLSA: pine 
 * GLSA: openssh 
 * GLSA: sendmail 
GLSA: mysql
Quote from advisory: 
"Anyone with global administrative privileges on a MySQL server may 
execute arbitrary code even on a host he isn't supposed to have a shell 
on, with the privileges of the system account running the MySQL server."
 * Severity: High - execute arbitrary code. 
 * Packages Affected: <mysql-3.23.57-r1 <mysql-4.0.13-r4 
* Rectification: emerge sync; emerge dev-db/mysql/<mysql version>; emerge clean * GLSA Announcement[4] 4. GLSA: exim ---------- "There's a heap overflow in all versions of exim3 and exim4 prior to version 4.21. It can be exercised by anyone who can make an SMTP connection to the exim daemon." * Severity: Low - heap overflow * Packages Affected: <exim-4.21 * Rectification: Synchronize and emerge exim, emerge clean. * GLSA Announcement[5] 5. GLSA: pine ---------- "A remotely exploitable buffer overflow exists within the parsing of the message/external-body type attribute name/value pairs. Failure to check that the length of the longest attribute is less than the space available allows a maliciously formed e-mail message to overwrite control structures." * Severity: High - Remotely exploitable buffer overflow * Packages Affected: <pine-4.58 * Rectification: Synchronize and emerge pine, emerge clean. * GLSA Announcement[6] 6. GLSA: openssh ------------- "All versions of OpenSSH's sshd prior to 3.7.1_p1 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." * Severity: Low - Buffer Management error * Packages Affected: <openssh-3.7.1_p1 * Rectification: Synchronize and emerge ssh, emerge clean. * GLSA Announcement[7] * GLSA Announcement Update[8] 7. 8. GLSA: sendmail -------------- "Fix a buffer overflow in address parsing. Problem detected by Michal Zalewski, patch from Todd C. Miller of Courtesan Consulting." Fix a potential buffer overflow in ruleset parsing. This problem is not exploitable in the default sendmail configuration; only if non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients rulesets are used then a problem may occur. Problem noted by Timo Sirainen." * Severity: High - Buffer Overflow * Packages Affected: <sendmail-8.2.10 * Rectification: Synchronize and emerge sendmail, emerge clean. * GLSA Announcement[9] 9. New Security Bug Reports ------------------------ There were no new security bugs opened this week. ================================= 3. Featured Developer of the Week ================================= Brian Jackson Figure 3.1: Brian Jackson We are pleased to present Brian Jackson[10], who has gone by the handle iggy for the better part of a decade. Brian maintains the courier MTA package, as well as working on the gentoo-cluster project[11] and assisting with patch maintenance for the kernel team. He modestly describes his duties as "mostly bug-fixing" and kernel "patch monkey", and keeps an eye peeled for prospective new developers while participating in the recently-inaugurated Gentoo Bugdays[12]. 10. iggy@g.o 11. 12. Brian lives in Montgomery, Texas, just outside Houston. His home enjoys a surfeit of mammals: three cats, 300 lbs of Great Dane (in two discrete packages) and a wife share the space. He also seems to have an infestation of computers, with an Athlon XP 2600 (2 GB, NForce2) main workstation, Athlon XP 1800 (1 Gb, Radeon) media server, P2 450 file server, two Epia boxen for cluster testing and a pair of test servers. Given the situation, his lament that he has "poor air conditioning" seems particularly poignant. He is a professional network administrator and programmer who has unfortunately recently been numbered among the victims of IT startup failures - a situation unlikely to continue for long. He currently works from a home office decorated with a lava lamp and a sumo penguin. Brian attended the US Navy's Nuclear Power School, and enjoys working with sport compact cars when not working on his computers. When he finds time, he is a skilled cook. He also spends a lot of time with his pets, and generally starts his day by letting the dogs out before retiring to his office and computers. Brian first began using Linux in the mid-1990's, trying out Red Hat and SuSE before a friend firmly admonished him to start using Slackware. He first heard about Gentoo on a Linux news-site about a year ago, and migrated to it once he had confirmed that lilo was available as a bootloader. Brian is a KDE user, generally having KMail and a number of Konsoles open at any given time. One of the Konsoles is invariably connected to a screen'd IRSSI client running on one of his servers. In addition, he uses Kate for editing, courier for his MTA, and is fond of the djbdns DNS server. When asked to provide a favorite quote, Brian cited Edmond Burke: "All that is necessary for the triumph of evil is that good men do nothing." ========================= 4. Heard in the Community ========================= Web Forums ---------- Life on the Bleeding Edge Accepting the ~x86 keyword is usually not near as unstable as people might think. Nonetheless: on occasion, very nasty things are known to happen. They may not be that big a deal if you're a developer and used to your system breaking apart every now and then, but ~x86 is being followed by newbyish to intermediate Gentooists, too. They like to stick to it to get the latest and greatest software across all genres, even if they know they could be in for a bumpy ride. Nothing wrong with that as long as you manage to stay in the saddle, but on occasion the horse turns its head and delivers some very painful bites... * Problems with gcc 3.3.1-r2?[13] 13. KDE 3.1.4 and 3.2 Alpha The forums have been teeming with threads about KDE last week, with the appearance of both KDE 3.1.4 (including a brief episode of chicken-and-egg blocking of Qt 3.2.1 ebuilds), and - more importantly - the first alpha version of the next major minor release bump scheduled for early December: KDE 3.2. The ebuilds for the latter are still masked, but Gentoo KDE lead caleb[14] who started both forum threads encourages people to test the new version... 14. * KDE 3.1.4 now out - Qt 3.2 unmasked[15] * KDE 3.2 now in portage[16] 15. 16. gentoo-dev ---------- Where we come from. Ever wondered where Gentoo came from? The tales of its journeys? The frivolous fantasies that have followed its growth? Well have a look here![17] After a post to gentoo-dev on what gentoo hopes to achieve, this short history was posted. 17. ======================= 5. Gentoo International ======================= Germany: Regional Gentoo Meetings Separated by only 24 hours and 98,5 kilometres, two regional German Gentooist gatherings are going to take place in October. The Ruhrgebiet - a sprawl of dozens of loosely connected cities with a total of 5,5 million inhabitants - Gentoo faction elected a quite appropriately oversized steel and glass complex located in Oberhausen, the Centro[18], as their venue on 8 October, 19:00 hours. Meanwhile, the Bonn bunch has (tentatively) decided to meet on 9 October in a classic grassroots community location, the Netzladen[19], just one day later, on 9 October. Details for both meetings are being swapped via forum threads, click here for Oberhausen[20] or here for Bonn[21]. Busy week for people who'd also like to attend the Practical Linux day in Gie??en[22] two days later - and another 155,6 kilometres west... 18. 19. 20. 21. 22. ter.xml#doc_chap6 ================ 6. Portage Watch ================ Portage Watch is on hiatus this week. =========== 7. Bugzilla =========== Summary ------- * Statistics * Closed Bug Ranking * New Bug Rankings Statistics ---------- The Gentoo community uses Bugzilla ([23]) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 12 September 2003 and 18 September 2003, activity on the site has resulted in: 23. * 539 new bugs during this period * 281 bugs closed or resolved during this period * 4 previously closed bugs were reopened this period Of the 3942 currently open bugs: 90 are labeled 'blocker', 198 are labeled 'critical', and 295 are labeled 'major'. Closed Bug Rankings ------------------- The developers and teams who have closed the most bugs during this period are: * Gentoo Games[24], with 24 closed bugs[25] * Seemant Kulleen[26], with 22 closed bugs[27] * Text-Markup Team[28], with 20 closed bugs[29] * Gentoo Linux Gnome Desktop Team[30], with 19 closed bugs[31] * Gentoo Sound Team[32], with 18 closed bugs[33] 24. games@g.o 25. field=bug_status&chfieldfrom=2003-09-12&chfieldto=2003-09-18&resolution=FIX ED&assigned_to=games@g.o 26. seemant@g.o 27. field=bug_status&chfieldfrom=2003-09-12&chfieldto=2003-09-18&resolution=FIX ED&assigned_to=seemant@g.o 28. text-markup@g.o 29. field=bug_status&chfieldfrom=2003-09-12&chfieldto=2003-09-18&resolution=FIX ED&assigned_to=text-markup@g.o 30. gnome@g.o 31. field=bug_status&chfieldfrom=2003-09-12&chfieldto=2003-09-18&resolution=FIX ED&assigned_to=gnome@g.o 32. sound@g.o 33. field=bug_status&chfieldfrom=2003-09-12&chfieldto=2003-09-18&resolution=FIX ED&assigned_to=sound@g.o New Bug Rankings ---------------- The developers and teams who have been assigned the most new bugs during this period are: * GCC Porting Team[34], with 34 new bugs[35] * Text-Markup Team[36], with 29 new bugs[37] * Rob Holland[38], with 17 new bugs[39] * Gentoo Linux Gnome Desktop Team[40], with 14 new bugs[41] * Martin Schlemmer[42], with 14 new bugs[43] 34. gcc-porting@g.o 35. tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-09-12&chfieldto=2003-09 -18&assigned_to=gcc-porting@g.o 36. text-markup@g.o 37. tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-09-12&chfieldto=2003-09 -18&assigned_to=text-markup@g.o 38. tigger@g.o 39. tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-09-12&chfieldto=2003-09 -18&assigned_to=tigger@g.o 40. gnome@g.o 41. tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-09-12&chfieldto=2003-09 -18&assigned_to=gnome@g.o 42. azarah@g.o 43. tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-09-12&chfieldto=2003-09 -18&assigned_to=azarah@g.o ================== 8. Tips and Tricks ================== An introduction to info This week's tip introduces the info command. Just about everyone has used the man command to look up information on a command, but the info command is less well known. However, it's actually the preferred documentation method of many programmers. So if man doesn't have what you're looking for, try using info instead. info uses the concept of nodes for information. Each page of information on a topic is a node and you can navigate between nodes using n to move forward and p to move backwards. To get started with info, just type info at the command prompt. There's an easy to follow tutorial you can view by typing h or, for just a list of available commands, type ?. If you're looking for documentation on a specific command, you can use info command (e.g. info tar). If you're not quite sure what the command name is, but want to search, add the --apropos=STRING option. For example, if you're looking for documentation on mysqld, you could use info --apropos=mysqld. This displays a list of nodes with information on mysqld. This is just an introduction to info, but hopefully it will help you get to know your system a little better. Remember, to get started with the primer, use info and the press h. ========================== 9. Moves, Adds and Changes ========================== Moves ----- The following developers recently left the Gentoo team: * none this week Adds ---- The following developers recently joined the Gentoo Linux team: * Wolfram Schlich (wschlich) -- virus scanning * Hallgrimur H. Gunnarsson (hhg) -- daemontools * Marius Mauch (genone) -- portage * Douglas Russell (puggy) -- repoman * Markus Nigbur (pYrania) -- portage, general bugfixing * Ian Leitch (port001) -- general bugfixing Changes ------- The following developers recently changed roles within the Gentoo Linux project. * none this week ===================== 10. Contribute to GWN ===================== Interested in contributing to the Gentoo Weekly Newsletter? Send us an email[44]. 44. gwn-feedback@g.o ================ 11. GWN Feedback ================ Please send us your feedback[45] and help make the GWN better. 45. gwn-feedback@g.o ================================ 12. GWN Subscription Information ================================ To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@g.o. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@g.o from the email address you are subscribed under. =================== 13. Other Languages =================== The Gentoo Weekly Newsletter is also available in the following languages: * Dutch[46] * English[47] * German[48] * French[49] * Japanese[50] * Italian[51] * Polish[52] * Portuguese (Brazil)[53] * Portuguese (Portugal)[54] * Russian[55] * Spanish[56] * Turkish[57] 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. Yuji Carlos Kosugi <carlos@g.o> - Editor AJ Armstrong <aja@×××××××××××××.com> - Contributor Brian Downey <bdowney@×××××××××××.net> - Contributor Cal Evans <cal@××××××××.com> - Contributor Chris Gavin <gubbs@××××.org> - Contributor Luke Giuliani <cold_flame@×××××.com> - Contributor Shawn Jonnet <shawn.jonnet@×××××××.net> - Contributor Michael Kohl <citizen428@g.o> - Contributor Kurt Lieber <klieber@g.o> - Contributor Rafael Cordones Marcos <rcm@×××××××.net> - Contributor David Narayan <david@×××××××.net> - Contributor Gerald J Normandin Jr. <gerrynjr@g.o> - Contributor Ulrich Plate <plate@g.o> - Contributor Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation Peter ter Borg <peter@××××××.nl> - Dutch Translation Jochen Maes <linux@××××.be> - Dutch Translation Roderick Goessen <rgoessen@××××.nl> - Dutch Translation Gerard van den Berg <gerard@××××××.net> - Dutch Translation Matthieu Montaudouin <mat@××××××××.com> - French Translation Martin Prieto <riverdale@×××××××××.org> - French Translation Antoine Raillon <cabec2@××××××.net> - French Translation Sebastien Cevey <seb@×××××.net> - French Translation Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation Steffen Lassahn <madeagle@g.o> - German Translation Matthias F. Brandstetter <haim@g.o> - German Translation Thomas Raschbacher <lordvan@g.o> - German Translation Klaus-J. Wolf <yanestra@g.o> - German Translation Marco Mascherpa <mush@××××××.net> - Italian Translation Claudio Merloni <paper@×××××××.it> - Italian Translation Christian Apolloni <bsolar@×××××××.ch> - Italian Translation Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation Katsuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation Takashi Ota <088@××××××××××.jp> - Japanese Translation Radoslaw Janeczko <sototh@×××.pl> - Polish Translation Lukasz Strzygowski <lucass.home@××.pl> - Polish Translation Michal Drobek <veng@××.pl> - Polish Translation Adam Lyjak <apo@××××××××××××××××××××.pl> - Polish Translation Krzysztof Klimonda <cthulhu@×××××××××.net> - Polish Translation Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese (Brazil) Translation Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation Jo??o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) Translation Marcelo Gon??alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese (Brazil) Translation Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) Translation Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese (Brazil) Translation Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) Translation Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) Translation Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) Translation Jos?? Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation Sergey Galkin <gals_home@××××.ru> - Russian Translator Sergey Kuleshov <svyatogor@g.o> - Russian Translator Alex Spirin <asp13@××××.ru> - Russian Translator Dmitry Suzdalev <dimsuz@××××.ru> - Russian Translator Anton Vorovatov <mazurous@××××.ru> - Russian Translator Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator Lanark <lanark@××××××××××.ar> - Spanish Translation Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation Jes??s Garc??a Crespo <correo@××××××.com> - Spanish Translation Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation Julio Castillo <julio@×××××××××××××.com> - Spanish Translation Sergio G??mez <s3r@××××××××××××.ar> - Spanish Translation Aycan Irican <aycan@××××××××.tr> - Turkish Translation Bugra Cakir <bugra@×××××××××.com> - Turkish Translation Cagil Seker <cagils@××××××××××.tr> - Turkish Translation Emre Kazdagli <emre@××××××××.tr> - Turkish Translation Evrim Ulu <evrim@××××××××.tr> - Turkish Translation Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation