Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 18 October 2004
Date: Sun, 17 Oct 2004 23:14:56
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 18 October 2004.
1. Gentoo News
2004.3 release coming your way: LiveCD test builds for x86 and PPC 
avalable soon
Watch out for beta versions of the upcoming 2004.3 LiveCDs this week: Both 
x86 and PPC architectures are on the brink of releasing previews, and will 
eagerly await bug reports at Gentoo's bugzilla as soon as the test builds 
hit the mirrors. Comments from testers are highly welcome before marking 
the respective architectures ready for release.
New lead translator for Japanese GWN
The GWN extends its gratitude to a long-time contributor, Japanese lead 
translator Katsuyuki Konno who is leaving the team this month, to be 
followed by Tomoyuki Sakurai[1]. The Japanese version of the GWN has been 
in existence from the fourth issue of the English language publication, 
and it hasn't skipped a single issue ever since then, making Japanese one 
of the first and most reliable of the various alternative GWN languages.
 1. cherry@××××××××××××.nu
2. Gentoo security
LessTif: Integer and stack overflows in libXpm
Multiple vulnerabilities have been discovered in libXpm, which is included 
in LessTif, that can potentially lead to remote code execution.
For more information, please see the GLSA Announcement[2]
gettext: Insecure temporary file handling
The gettext utility is vulnerable to symlink attacks, potentially allowing 
a local user to overwrite or change permissions on arbitrary files with 
the rights of the user running gettext, which could be the root user. 
For more information, please see the GLSA Announcement[3]
tiff: Buffer overflows in image decoding
Multiple heap-based overflows have been found in the tiff library image 
decoding routines, potentially allowing to execute arbitrary code with the 
rights of the user viewing a malicious image. 
For more information, please see the GLSA Announcement[4]
WordPress: HTTP response splitting and XSS vulnerabilities
WordPress contains HTTP response splitting and cross-site scripting 
For more information, please see the GLSA Announcement[5]
BNC: Input validation flaw
BNC contains an input validation flaw which might allow a remote attacker 
to issue arbitrary IRC related commands. 
For more information, please see the GLSA Announcement[6]
3. Heard in the community
Web forums
Security comes at a price: When packages supposedly collaborating with 
each other for providing GnuPG and S/MIME support in the KDE mail client 
are being updated without coordination upstream, things may occasionally 
 * KDEPIM 3.3.1 failing on gpgme[7] 
KDE and broken DNS
Several Gentooers noticed that after upgrading glibc on their systems, DNS 
sporadically quit working inside KDE. One helpful poster provided a link 
back to KDE's bugzilla that had a bug report specifically for Gentoo, but 
it had no solution. So what is the culprit? When doing large system 
upgrades such as perl, glibc, etc. you should be sure to do a 
revdep-rebuild[8] to help solve issues like the above. It's not a magic 
fix for everything, but it can certainly reduce hair-pulling for strange 
events like these.
 * kooky kde behaviour[9] 
Resuming emerge on a notebook
Many people have an issue with long running emerges on their notebooks: 
Between work and home they have to cancel and completely restart the 
compilation of some larger packages. 
 * How to restart an emerge[10] 
Filesystem automounter
Having trouble getting autofs to work on your Gentoo system? Here's a 
thread discussing alternative program recommendations for mounting 
 * autofs, supermount, submount... which is best for Gentoo?[11] 
xorg-x11-6.8.0-r1 ready to go stable on all archs
Donnie Berkholz[12] announced that xorg-x11-6.8.0-r1 is ready to go stable 
on x86 and asked all arch maintainers to follow shortly thereafter, unless 
there is a good reason not to mark it stable. Reason for this is to have 
marked it stable before the portage snapshot for the 2004.3 release will 
be taken.
 12. spyderous@g.o
 * xorg-x11-6.8.0-r1 ready to go stable on all archs[13] 
init script optimizations?
Discussions about more or less dangerous optimizations to speed up the 
boot sequence.
 * init script optimizations?[14] 
HPPA dev box is now online at OSU
Mike Frysinger[15] got his HPPA development-box set up on OSU where it is 
accessible for every Gentoo developer who need to test ebuilds on HPPA.
 15. vapier@g.o
 * HPPA dev box is now online at OSU[16] 
rsync speed and space taken
Discussions about the size of the Gentoo portage tree.
 * rsync speed and space taken[17] 
Support for UTF-8 in the console
Mike Frysinger was looking for feedback from people using UTF-8 fonts and 
keymaps in the console, and asked them to test a new patch.
 * support for UTF8 in console[18] 
GLEP23 - Updates and call for further discussion
GLEP 23 deals with Portage and how it handles the ACCEPT_LICENSE clause:
 * GLEP23 - Updates and call for further discussion[19]
4. Gentoo International
Germany: Munich Gentoo Linux User Group Event
Last Saturday, 15 October, MGLUG's Gentooistas[20] and other Linux users 
from Munich's general LUG[21] (celebrating its 10th anniversary this year) 
and neighboring Erding LUG[22] had organized a joint event with "Berkeley 
in Munich"[23], the local BSD community. Labeled "First Open-source 
Infotainment Day", the organisers had brought together speakers exploring 
the structural differences between Linux and FreeBSD, introducing TeX 
desktop publishing, and other topics. One presentation was dedicated to 
"Gentoo Linux from an ISP's viewpoint", and installations of both Gentoo 
Linux and FreeBSD were offered during the event, too. The meeting started 
early and continued over lunch at the premises of a Munich-based job 
training center[24], and a few impressions of the event can be viewed at 
the MGLUG's photo gallery[25]. 
Figure 4.1: Gentoo Linux users and friends in Munich
Italy: To Smau or not to Smau
It has a reputation for being the largest and most important IT fair in 
Italy, but some Italian Gentooists seem to be skeptical about its 
usefulness. Nevertheless, a few Gechi[26] members are openly thinking of 
attending the Smau this year[27], held at the Milano trade fair ground 
from Thursday 21 October to Monday 25 October 2004. Never mind that 
weighing the pros and cons at this thread in the Gentoo forums[28] only 
has "half-naked dancers" on the plus-side of the balance sheet - you'll 
still be able to meet one or the other Gentooist among the almost 400,000 
visitors expected at the event. 
5. Gentoo in the press
The Age (12 October 2004)
In a rather disturbingly titled article in Australia's leading newspaper 
for the Victoria district[29], "Microsoft scores well on security 
analysis", the Victorian open-source activist Con Zymaris did his best to 
convince author Rob O'Neill of the virtue of open-source security 
advisories, but wasn't entirely successful. If getting shot as a messenger 
of security flaws really is a considerable risk down under, Gentoo may 
want to stand less tall, but in reality, of course, having the highest 
number of security advisories of all open-source projects and commercial 
vendors is not bad at all. 
ZDNet (12 October 2004)
David Berlind at ZDnet props Linux against Mac OS X[30] in his quest for 
the future ruler of the desktop: "Today, even the most reputable and 
recommended distributions of desktop Linux, such as Gentoo and Xandros, 
are not the no-brainers that OS X and Windows--in that order--are." 
Interestingly enough, he seems quite confident that Linux will eventually 
be persistent enough for popular acceptance as a desktop OS: "However, 
it’s only a matter of time before desktop Linux follows precisely the same 
path as server Linux did when it worked its way from the pockets of early 
adopters and risk takers into gaining the widespread affection of server 
Central Command, Inc. (press release 13 October 2004) 
Gentoo figures as one of the supported distributions in a press release by 
Central Command, Inc.[31], a privately held company in Ohio providing 
anti-virus software that is going to be offered as a server-side 
application bundled with the services of Outblaze Ltd., a global provider 
of hosted email headquartered in Hong Kong.
6. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([32]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 10 October 2004 and 16 October 2004, activity on 
the site has resulted in: 
 * 796 new bugs during this period 
 * 310 bugs closed or resolved during this period 
 * 38 previously closed bugs were reopened this period 
Of the 7252 currently open bugs: 124 are labeled 'blocker', 245 are 
labeled 'critical', and 525 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo's Team for Core System packages[33], with 28 closed bugs[34]  
 * Gentoo X-windows packagers[35], with 17 closed bugs[36]  
 * Java team[37], with 16 closed bugs[38]  
 * Gentoo Games[39], with 14 closed bugs[40]  
 * AMD64 Porting Team[41], with 11 closed bugs[42]  
 * osx porters[43], with 10 closed bugs[44]  
 * Gentoo KDE team[45], with 10 closed bugs[46]  
 * Gentoo Linux Gnome Desktop Team[47], with 10 closed bugs[48]  
 33. base-system@g.o
 35. x11@g.o
 37. java@g.o
 39. games@g.o
 41. amd64@g.o
 43. osx@g.o
 45. kde@g.o
 47. gnome@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Gentoo Linux Gnome Desktop Team[49], with 27 new bugs[50]  
 * Java team[51], with 25 new bugs[52]  
 * Gentoo Toolchain Maintainers[53], with 24 new bugs[54]  
 * Gentoo's Team for Core System packages[55], with 23 new bugs[56]  
 * osx porters[57], with 19 new bugs[58]  
 * AMD64 Porting Team[59], with 18 new bugs[60]  
 * Gentoo X-windows packagers[61], with 17 new bugs[62]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[63], with 15 new 
 49. gnome@g.o
 51. java@g.o
 53. toolchain@g.o
 55. base-system@g.o
 57. osx@g.o
 59. amd64@g.o
 61. x11@g.o
 63. kernel@g.o
7. Tips and Tricks
Gentoo Initscripts
This week we will have a look at some nice to know things about 
initscripts that every sysadmin and user should at least have heard of 
By installing and administering your installation of Gentoo Linux you will 
have learned about how to add services to a specific runlevel, and how to 
start and stop those services.
But most users are not aware of some other nifty functions in the Gentoo 
initscripts that have the potential for making their lives easier in 
administering their Gentoo boxes.
Q: What to do if I can’t stop a service? What if the processes were killed 
but my system thinks they are still running?
A: Execute /etc/init.d/<service> zap to reset the status of the service.
Q: How do I figure out if a service is running or not?
A: /etc/init.d/<service> status will tell you the current status of the 
given service.
Q: And while we're at it, how can I see all services running?
A: rc-status lists all services that have been started and their current 
Q: How to restart a service?
A: /etc/init.d/<service> restart restarts the service.
Q: How do I find out what other services have to be started when I want to 
use <service>?
A: /etc/init.d/<service> ineed will give you a list of services that need 
to be running before this service can be started.
Q: Which services need/depend on this <service>?
A: /etc/init.d/<service> needsme lists all services that depend on the 
service given.
For further information on how runlevels work in Gentoo Linux please take 
a look at the Initscript guide[65] that is part of the Gentoo System 
8. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * None this week 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
 66. gwn-feedback@g.o
10. GWN feedback
Please send us your feedback[67] and help make the GWN better.
 67. gwn-feedback@g.o
11. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[68] 
 * Dutch[69] 
 * English[70] 
 * German[71] 
 * French[72] 
 * Japanese[73] 
 * Italian[74] 
 * Polish[75] 
 * Portuguese (Brazil)[76] 
 * Portuguese (Portugal)[77] 
 * Russian[78] 
 * Spanish[79] 
 * Turkish[80] 
Ulrich Plate <plate@g.o> - Editor
Brian Downey <bdowney@×××××××××××.net> - Author
Marc Hildebrand <zypher@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Emmet Wagle <ewagle@×××××.com> - Author

gentoo-gwn@g.o mailing list