Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 13 March 2006
Date: Mon, 13 Mar 2006 08:06:55
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 13 March 2006.
1. Gentoo news
Gentoo store: 2006.0 release media available
Official 2006.0 CD releases[1] have hit the Gentoo store this week! Five 
USD from every CD sale goes to the Gentoo Foundation[2], presenting a 
clever way to financially support the development of Gentoo Linux through 
purchasing the release media directly from the project. 

Gentoo community directory
It's increasingly difficult to keep track of the multitude of 
international activities in and around the Gentoo project. Developers, 
power users and enthusiasts around the globe organize Gentoo-related 
events, hold classes at their universities, and man Gentoo booths at trade 
fairs and conferences. To keep up with what's going on internationally, 
the GWN team is actively looking for Gentoo user groups, associations, 
clubs or study circles that represent users or developers in their own 
town or country. If you're running a Gentoo-related website, a forum, a 
monthly user meeting or other events, please submit a short description of 
your activities and your contact details to our feedback address[3] so we 
can start setting up a Gentoo community directory. Thanks a lot in 

 3. gwn-feedback@g.o
2. Heard in the community
Web forums
glibc 2.4
glibc 2.4 officially hit the Portage tree. Forum users were surprised to 
see that it got straight into ~arch instead of being hard masked first. 
However, they did quite a lot of tests, like rebuilding the toolchain and 
all seemed to go well. Some of them even tried it with GCC 4.1 and 
experienced no problems. Nevertheless, they did find some minor issues 
when building nptl-only applications: 
 * GLIBC 2.4 now officially in portage[4] 


Forum veteran taskara[5] just released a custom Gentoo LiveCD that 
provides Xgl support. Users who tried it are rather pleased with that kind 
of 3D hardware support on a LiveCD. Links and torrents are inside the 
thread, and of course you can discuss it right there: 

 * Xgl Demo Live CD available (Gentoo based, of course!)[6] 

3. Gentoo international
India: Open-source event in Calicut this weekend
Gentoo developer Shyam Mani[7] will give an introductory talk about Gentoo 
during the FOSS.NITC[8] event at the National Institute of Technology in 
Calicut (Kerela) on 18 and 19 March. Together with fellow Gentoo 
enthusiast Ashish V, he plans to hold a Gentoo BoF (Birds of a Feather) 
session as well sometime during the event. Check the event schedule[9] for 

 7. fox2mike@g.o
Germany: Gentoo user meeting in Leipzig
On Friday, 17 March 2006, a group of Gentooists from the Leipzig and Halle 
area in Saxony will meet for an evening at the Stuk[10] (Studentenkeller). 
This first Leipzig GUM will start at 19:00, and if you're interested in 
attending, please tell the organizers via their Forum thread[11]. 

Germany: Report from Chemnitz
As in 2005, the Linuxtage in Chemnitz (4 and 5 March 2006) were not only 
visited by Gentoo developers, but you could also visit them at their booth 
for a little chat. You could see an SGI Octane constantly compile stuff, 
but at the end of the second day, finally xorg was running. Of course 
devotional objects such as stickers or a DVD with the 2006.0 release plus 
some extra goodies like stage archives and a lot of source packages could 
be purchased at the stand. Tobias Scherbaum[12] also gave a speech about 

 12. dertobi123@g.o
Figure 3.1: Left to right: booth staffers tuxus, dertobi123 and Mr. Big
4. Gentoo in the press
Linux Magazin (4/2006, in German)
The April edition of Germany's Linux Magazin dedicates its cover story and 
half a dozen in-depth articles inside the printed magazine to 
virtualization in all its forms. One article features Gentoo developer 
Benedikt Böhm[13] and the vserver project for Linux, based on the 
vserver-sources and utilities provided in Gentoo. The magazine is 
available at news stands in German-speaking countries. 

 13. hollow@g.o
Opensourcejahrbuch (March 2006)
Last week we published a reference to an interview with Bill Hilf, 
Microsoft's open-source lab director. Now the full publication is 
available, the 2006 edition of the Open-Source Jahrbuch[14] can be 
downloaded for free, or purchased in print for a moderate fee. 

5. Tips and tricks
Iproute2 instead of ifconfig/route
For many, ifconfig and route are still the preferred commands for 
configuring a network through the command line. However, in modern network 
environments, ifconfig has its drawbacks. And as you would expect from a 
Free Software community, improved packages have been developed. iproute2 
is one of them and is getting increasingly popular. 
The default command to work with iproute2 is ip. Clean, simple to remember 
and extremely powerful. But its power is well described in many documents, 
including the iproute2 document[15] and the Guide to IP Layer Network 
Administration with Linux[16]. In this short introduction, we'll stay with 
the simplest basics that most people use just to show you how easy it is 
to "migrate" from ifconfig (sys-apps/net-tools) to ip (sys-apps/iproute2). 

To configure a host to use IP address, netmask 
and default gateway, the "old" commands were: 
| Code Listing 5.1:                                                       |
| Using ifconfig and route                                                |
|                                                                         |
|# ifconfig eth0 netmask up                   |
|# route add default gw                                       |
|                                                                         |
Using iproute2, this becomes: 
| Code Listing 5.2:                                                       |
| Using iproute2's ip command                                             |
|                                                                         |
|# ip address dev eth0                                   |
|# ip route add default via                                   |
|                                                                         |
The syntax isn't all that difficult, is it? Let's take a look at our 
current routing table. With route you would run route -n: 
| Code Listing 5.3:                                                       |
| Using route                                                             |
|                                                                         |
|# route -n                                                               |
|Kernel IP routing table                                                  |
|Destination     Gateway         Genmask         Flags Metric Ref    Use  |
|   U     0      0        0  |
|       UG    0      0        0 lo|
|         UG    0      0        0  |
|                                                                         |
With ip, you ask it to show the routes: 
| Code Listing 5.4:                                                       |
| Using ip to show the routing table                                      |
|                                                                         |
|# ip route show                                                          |
| dev eth0  proto kernel  scope link  src     |
| via dev lo  scope link                             |
|default via dev eth0                                         |
|                                                                         |
You might find this output strange; however, it gives a lot of useful 
information. For instance, scope link means that the network is reachable 
while proto kernel informs us that the kernel has added this routing as 
part of bringing the interface up. 
Using ip within Gentoo isn't difficult either. The Gentoo 
sys-apps/baselayout package supports both formats (ifconfig and ip): 
| Code Listing 5.5:                                                       |
| Configuring the network through /etc/conf.d/net                         |
|                                                                         |
|(Old-style configuration)                                                |
|config_eth0=( " netmask" )                    |
|routes_eth0=( "default gw" )                                 |
|                                                                         |
|(Using iproute2 -- don't forget to emerge it first)                      |
|modules=( "iproute2" )                                                   |
|config_eth0=( "" )                                       |
|routes_eth0=( "default via" )                                |
|                                                                         |
Note:  For more /etc/conf.d/net magic, please read the commented file 
That's it for now; have fun with Gentoo ! 
6. Gentoo developer moves
The following developers recently left the Gentoo project: 
 * None this week 
The following developers recently joined the Gentoo project: 
 * Emanuele Giaquin (exg) - Gentoo/OS X and PPC  
 * Alfredo Tupone (Tupone) - Games herd  
The following developers recently changed roles within the Gentoo project:
 * None this week 
7. Gentoo Security
IMAP Proxy: Format string vulnerabilities
Format string vulnerabilities in IMAP Proxy may lead to the execution of 
arbitrary code when connected to malicious IMAP servers. 
For more information, please see the GLSA Announcement[17] 

zoo: Stack-based buffer overflow
A stack-based buffer overflow in zoo may be exploited to execute arbitrary 
code through malicious ZOO archives. 
For more information, please see the GLSA Announcement[18] 

GNU tar: Buffer overflow
A malicious tar archive could trigger a Buffer overflow in GNU tar, 
potentially resulting in the execution of arbitrary code. 
For more information, please see the GLSA Announcement[19] 

flex: Potential insecure code generation
flex might generate code with a buffer overflow, making applications using 
such scanners vulnerable to the execution of arbitrary code. 
For more information, please see the GLSA Announcement[20] 

GnuPG: Incorrect signature verification
GnuPG may erroneously report a modified or unsigned message has a valid 
digital signature. 
For more information, please see the GLSA Announcement[21] 

SquirrelMail: Cross-site scripting and IMAP command injection
SquirrelMail is vulnerable to several cross-site scripting vulnerabilities 
and IMAP command injection. 
For more information, please see the GLSA Announcement[22] 

Cube: Multiple vulnerabilities
Cube is vulnerable to a buffer overflow, invalid memory access and remote 
client crashes, possibly leading to a Denial of Service or remote code 
For more information, please see the GLSA Announcement[23] 

8. Bugzilla
The Gentoo community uses Bugzilla ([24]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 05 March 2006 and 12 March 2006, activity on the 
site has resulted in: 

 * 849 new bugs during this period 
 * 413 bugs closed or resolved during this period 
 * 25 previously closed bugs were reopened this period 
Of the 9683 currently open bugs: 62 are labeled 'blocker', 155 are labeled 
'critical', and 539 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Xavier Neys[25], with 22 closed bugs[26]  
 * Gentoo Security[27], with 20 closed bugs[28]  
 * Gentoo Games[29], with 17 closed bugs[30]  
 * NX Server Herd[31], with 16 closed bugs[32]  
 * GNU Emacs Herd[33], with 16 closed bugs[34]  
 * media-video herd[35], with 11 closed bugs[36]  
 * Portage team[37], with 10 closed bugs[38]  
 * Gentoo's Team for Core System packages[39], with 10 closed bugs[40]  
 25. neysx@g.o
 27. security@g.o
 29. games@g.o
 31. nx@g.o
 33. emacs@g.o
 35. media-video@g.o
 37. dev-portage@g.o
 39. base-system@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[41], with 34 new bugs[42]  
 * Gentoo KDE team[43], with 12 new bugs[44]  
 * Gentoo Games[45], with 12 new bugs[46]  
 * Mozilla Gentoo Team[47], with 9 new bugs[48]  
 * Gentoo Science Related Packages[49], with 8 new bugs[50]  
 * AMD64 Project[51], with 8 new bugs[52]  
 * Gentoo Toolchain Maintainers[53], with 7 new bugs[54]  
 * Python Gentoo Team[55], with 7 new bugs[56]  
 41. maintainer-wanted@g.o
 43. kde@g.o
 45. games@g.o
 47. mozilla@g.o
 49. sci@g.o
 51. amd64@g.o
 53. toolchain@g.o
 55. python@g.o

9. GWN feedback
Please send us your feedback[57] and help make the GWN better. 

 57. gwn-feedback@g.o
10. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
11. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[58]  
 * Dutch[59]  
 * English[60]  
 * German[61]  
 * French[62]  
 * Korean[63]  
 * Japanese[64]  
 * Italian[65]  
 * Polish[66]  
 * Portuguese (Brazil)[67]  
 * Portuguese (Portugal)[68]  
 * Russian[69]  
 * Spanish[70]  
 * Turkish[71]  

Ulrich Plate <plate@g.o> - Editor
Ioannis Aslanidis <deathwing00@g.o> - Author
Wernfried Haas <amne@g.o> - Author
Shyam Mani <fox2mike@g.o> - Author
Sven Vermeulen <swift@g.o> - Author

gentoo-gwn@g.o mailing list