Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@××××××××××××.org
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 17 January 2005
Date: Mon, 17 Jan 2005 00:40:49
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 17 January 2005.
1. Gentoo News
Gentoo name and logo usage guidelines
As many might have noticed from last week's front page news item, the 
Gentoo Foundation and Gentoo Technologies have drafted a document on 
Gentoo name and logo usage[1] containing legalese instructions when people 
and projects are allowed to use the Gentoo name and/or logo. To make those 
as easily understandable as possible, here's a summary of the general 
ideas behind those guidelines. 
The Gentoo trademark is described as follows: 
| Code Listing 1.1:                                                       |
|Gentoo Trademark                                                         |
|                                                                         |
|Computer software, namely operating system software that automatically   |
|configures and optimizes performance on the underlying hardware and is   |
|for a large number of usage scenarios and applications, namely, secure   |
|development workstations, professional desktops, gaming systems and      |
|solutions.                                                               |
|                                                                         |
Section 4[2] and Section 6[3] describe when people and projects are 
allowed to use the Gentoo name in content that falls under the description 
of the Gentoo trademark. These last words are very important - when you 
use Gentoo in any meaning other than the description given above, then 
this document does not apply to you. So you're free to talk about the 
Gentoo penguin[4] or start an insurance company called "Gentoo Insurance". 
So, when are you allowed to use "Gentoo" in a project or content that does 
relate to operating system software (including the Gentoo operating system 
We ask project managers not to call their project "Gentoo" or have 
"Gentoo" in its name. Otherwise users might get confused where to go for 
official information, support or feedback. We also ask that, if you use 
"Gentoo" in any other way (i.e. not within the name of a project) that 
still relates to operating system software, that you clearly mention that 
Gentoo is a registered trademark and that whatever you use "Gentoo" for is 
not part of the Gentoo project and not directed or managed by the Gentoo 
project or the Gentoo Foundation. It is common practice to add a ™ symbol 
behind "Gentoo" and mention "Gentoo is a registered trademark of Gentoo 
Technologies, Inc." at the end of your document. 
Hold it! Does that mean we can't create a site that helps Gentoo users? 
Surely not, that's not our intention. The more Gentoo community sites we 
see, the happier we are. Section 6[5] grants explicit approval to 
community sites to use the "Gentoo" name in their project name if they 
acknowledge the "Gentoo" trademark and follow the conditions stated: 
 * Each page must clearly state that the site is not officially part of 
the Gentoo project. This informs their users that they should not try to 
get feedback or support from the Gentoo project about that project - 
chances are very likely that the Gentoo developers don't know how to deal 
with their requests.  
 * The website may not look like an official Gentoo website. The layout 
used by the Gentoo website (both the current and the upcoming new layout) 
are only to be used by official Gentoo websites. Using the same (or a 
similar) layout might confuse users about the origin of the website and 
where to go with feedback or comments.  
So far about the Gentoo name. What about the "g" logo? 
When you plan on using the Gentoo logo on a software/hardware product for 
commercial purposes, we ask you not to have the Gentoo logo as the 
primary, largest logo on the product. People who then use this product 
will know that the product contains or is based on Gentoo, but that 
support and feedback should be directed to you. 
What about other products, such as merchandise? We currently deny any use 
of the Gentoo logo or artwork on such products for commercial purposes. 
The foundation will grant approval to parties on a case-by-case basis to 
sell such material, most likely to receive some funding from the sales, or 
to allow projects that help Gentoo to fund their actions (such as 
conferences) with the sales of these products. 
You are free to use the Gentoo logo for any non-commercial purpose as long 
as the logo is used to refer to the Gentoo project. For instance, you can 
use the Gentoo logo to accompany an article about Gentoo, or on Gentoo 
LiveCDs you give away on conferences. 
Brazilian Portuguese and Spanish translations, mailing list for German GWN 
The new year started with excellent news for people in some non-English 
environments who would like to read the GWN in their own language: 
Building on the success of the French, Russian and Turkish GWN who 
re-emerge in the final days of last year, two other language versions were 
softly woken from their year-long sleep, and put up with fresh material to 
the Gentoo website:
 * Marcelo Góes and Fernando Vaz have started the Brazilian Portuguese 
translation project again, the first issue (10 January 2005[6]) has been 
published just last week. They've requested additional help via a Forum 
thread[7], please join them if you can contribute!  
 * After an equally long silence, a team of Spanish translators has begun 
working on their version, with the same 10 January issue[8] as their first 
being fresh out of the blocks, too, signed by five initial collaborators 
(Demóstenes, Andrés Pereira, Víctor Argüelles, Miles Lubin and Alexander 
A warm welcome to our new translator teams! If you would like to 
contribute to a GWN version in your own language, please send a short note 
to gwn-feedback@g.o. 
Note: We have received offers to translate the GWN to Esperanto, Basque, 
Romanian and other languages. We'd love to let volunteers start working on 
those versions, but require a sufficient number of translators to be 
available in the first place. In order to provide a consistent service, at 
least three to five translators are recommended for each language.
Meanwhile, a long-standing request by readers of the German GWN has been 
answered. On top of being available at the official Gentoo website, the 
German version will be delivered to subscribers of a mailing list set up 
last week. Distribution will start from the current issue, if you would 
like to subscribe, send a message to gentoo-gwn-de-subscribe@g.o 
and follow instructions.
2. Future zone
Project goals for 2005
Continued from last week's GWN[9], this section today keeps track of more 
goals set forth for some Gentoo projects again. After Release Engineering, 
Kernel, and Gentoo/BSD defined their goals last week, here's what else is 
on the agenda for the next months: 
 * Stabilize portage-2.0 
 * Finalize a plan for (CVS-)HEAD portage features 
 * Roll out a useful API 
 * Release new versions with extensive changes 
 * Improve turn-around time on responses to security bugs 
 * Publish a Gentoo webserver handbook (in progress) 
 * Release webapp-config v2, and vhost-config v1 (in progress) 
 * Remove webapp-apache.eclass from Portage 
 * Find more maintainers for our packages 
Documentation project
 * Pull in developers/contributors: contributors for non-x86, contributors 
for Gentoo projects, maintainers for existing documentation 
 * Reintroduce status updates for all team members 
 * Improve documentation on GuideXML 
 * "Writing Style" documentation 
 * Audit the existing documentation 
 * More USE-case documentation (e.g. "Virtual Mailhosting Guide") 
 * Documentation project update 
Forensics Herd
 * Include more packages 
 * Develop a bootable CD for network and disk forensic tools 
 * Include more packages 
 * Solve bugs related to packages 
 * Catch up on bugs 
 * Recruit more people 
 * Integrate gentoo-security announcements and nessus 
Managers' meetings
 * Rotate schedules across timezones so that more developers may 
 * Discuss usefulness of these meetings and implement needed changes 
 * Assign task to get logs put up on the web 
 * Possibly recruit another GLEP editor 
 * Consider allowing plain-text GLEPs 
3. Gentoo security
Dillo: Format string vulnerability
Dillo is vulnerable to a format string bug, which may result in the 
execution of arbitrary code. 
For more information, please see the GLSA Announcement[10] 
TikiWiki: Arbitrary command execution
A bug in TikiWiki allows certain users to upload and execute malicious PHP 
For more information, please see the GLSA Announcement[11] 
pdftohtml: Vulnerabilities in included Xpdf
pdftohtml includes vulnerable Xpdf code to handle PDF files, making it 
vulnerable to execution of arbitrary code upon converting a malicious PDF 
For more information, please see the GLSA Announcement[12] 
mpg123: Buffer overflow
An attacker may be able to execute arbitrary code by way of specially 
crafted MP2 or MP3 files. 
For more information, please see the GLSA Announcement[13] 
UnRTF: Buffer overflow
A buffer overflow in UnRTF allows an attacker to execute arbitrary code by 
way of a specially crafted RTF file. 
For more information, please see the GLSA Announcement[14] 
Konqueror: Java sandbox vulnerabilities
The Java sandbox environment in Konqueror can be bypassed to access 
arbitrary packages, allowing untrusted Java applets to perform 
unrestricted actions on the host system. 
For more information, please see the GLSA Announcement[15] 
KPdf, KOffice: More vulnerabilities in included Xpdf
KPdf and KOffice both include vulnerable Xpdf code to handle PDF files, 
making them vulnerable to the execution of arbitrary code if a user is 
enticed to view a malicious PDF file. 
For more information, please see the GLSA Announcement[16] 
KDE FTP KIOslave: Command injection
The FTP KIOslave contains a bug allowing users to execute arbitrary FTP 
For more information, please see the GLSA Announcement[17] 
imlib2: Buffer overflows in image decoding
Multiple overflows have been found in the imlib2 library image decoding 
routines, potentially allowing the execution of arbitrary code. 
For more information, please see the GLSA Announcement[18] 
o3read: Buffer overflow during file conversion
A buffer overflow in o3read allows an attacker to execute arbitrary code 
by way of a specially crafted XML file. 
For more information, please see the GLSA Announcement[19] 
HylaFAX: hfaxd unauthorized login vulnerability
HylaFAX is subject to a vulnerability in its username matching code, 
potentially allowing remote users to bypass access control lists. 
For more information, please see the GLSA Announcement[20] 
poppassd_pam: Unauthorized password changing
poppassd_pam allows anyone to change any user's password without 
authenticating the user first. 
For more information, please see the GLSA Announcement[21] 
Exim: Two buffer overflows
Buffer overflow vulnerabilities, which could lead to arbitrary code 
execution, have been found in the handling of IPv6 addresses as well as in 
the SPA authentication mechanism in Exim. 
For more information, please see the GLSA Announcement[22] 
tnftp: Arbitrary file overwriting
tnftp fails to validate filenames when downloading files, making it 
vulnerable to arbitrary file overwriting. 
For more information, please see the GLSA Announcement[23] 
4. Heard in the community
Web forums
Flurry of fits over GCC update
GCC 3.3.5 was marked stable for keyword="x86" last week, but caused major 
uproar because of highly unpleasant side-effects. The symptoms include 
errors when compiling some libraries like Gtk+-2, which in turn lead to a 
few dozen duplicate bug reports in Bugzilla, and an equally frenetic 
activity in the Forums. The fix is simple enough, but people are still 
puzzled how something like this could have happened in the first place:
 * Problems after upgrade gcc to 3.3.5 (solution)[24] 
Linux and TV tuner cards
Linux supports various TV Tuner cards, but no one ever said it was 
trivial! This massive thread leads up our coverage of the gentoo-user list 
this week, and it involves a Gentoo user using a WinTV card. Read this 
thread for an important lesson learned on using and configuring with make 
 * BT848 driver.[25] 
Soliciting initial advice
Just about everyone has a few stories regarding their first installation 
of Gentoo. While Gentoo's install has undoubtedly improved by leaps and 
bounds over the past few years, Linux users migrating from other 
mainstream distributions like SuSE and Fedora are often intimidated with 
the "daunting" task of installing the operating system from source. One 
potential Gentoo recruit solicited advice fom the list this week, with a 
handful of great tips in the tow. 
 * before beginning[26] 
Encrypted root file system
Paranoid? Trying to hide something? This thread gives you lots of good 
hints on encrypting even your root filesystem to keep your data away from 
bad people 
 * Encrypted root file system[27] 
Ideas for desktop TLP goals?
Donnie Berkholz[28] asks "Where would you like to see the Gentoo desktop 
go? What's been done poorly, what's been done well?" 
 28. spyderous@g.o
 * Ideas for desktop TLP goals?[29] 
2005.0 cleanups
Mike Frysinger[30] In preparation for the 2005.0 release, Mike Frysinger 
warns that some of the older profiles (2004.0 mostly) will be removed with 
the appearance of 2005.0. Please update your profiles! 
 30. vapier@g.o
 * 2005.0 spring cleanup[31] 
5. Gentoo International
USA: Gentoo booth at the Linux World Expo in Boston, MA (14 to 17 February)
Preparations for Gentoo's presence from 14 to 17 February 2005 at the 
Linux World Expo, Boston edition[32], are well under way. Architectures on 
display will include x86 and others, with a possibility of including a few 
MacMinis. There's a Forum thread[33] for people looking for directions to 
the booth (and possibly to announce their intentions to visit the show), 
and if you need help with accommodation or other tips, Bostonian Andrew 
Fant[34] has volunteered to serve as a local coordinator and pivot for 
UK: Gentoo UK conference online registration open
Online registration for the second Gentoo UK conference on 12 March 2005 
is now possible via Stuart Herbert's web space[35] at 
According to Stuart, there are even a few slots for presentations still 
available to interested developers. 
6. Gentoo in the press
Linux Format (Issue #62, January 2005)
The UK based magazine's print version has an article on "the ultimate 
distros". Ranking Gentoo 6th among 15 distributions under scrutiny, their 
peculiar judgement of Gentoo including a not entirely satisfactory 
assessment of its usefulness has already triggered some repercussions in 
the Gentoo Forums[36]. 
7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([37]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 09 January 2005 and 16 January 2005, activity on 
the site has resulted in: 
 * 968 new bugs during this period 
 * 500 bugs closed or resolved during this period 
 * 31 previously closed bugs were reopened this period 
Of the 7959 currently open bugs: 116 are labeled 'blocker', 229 are 
labeled 'critical', and 567 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[38], with 40 closed bugs[39]  
 * Gentoo's Team for Core System packages[40], with 32 closed bugs[41]  
 * Gentoo Security[42], with 31 closed bugs[43]  
 * Gentoo KDE team[44], with 19 closed bugs[45]  
 * Jeremy Huddleston[46], with 18 closed bugs[47]  
 * Java team[48], with 16 closed bugs[49]  
 * Net-Mail Packages[50], with 13 closed bugs[51]  
 * media-video herd[52], with 12 closed bugs[53]  
 38. amd64@g.o
 40. base-system@g.o
 42. security@g.o
 44. kde@g.o
 46. eradicator@g.o
 48. java@g.o
 50. net-mail@g.o
 52. media-video@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * AMD64 Porting Team[54], with 22 new bugs[55]  
 * Gentoo Sound Team[56], with 18 new bugs[57]  
 * Gentoo X-windows packagers[58], with 15 new bugs[59]  
 * Net-Mail Packages[60], with 15 new bugs[61]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[62], with 15 new 
 * Gentoo Linux Gnome Desktop Team[64], with 14 new bugs[65]  
 * OpenOffice Team[66], with 12 new bugs[67]  
 * Gentoo KDE team[68], with 12 new bugs[69]  
 54. amd64@g.o
 56. sound@g.o
 58. x11@g.o
 60. net-mail@g.o
 62. kernel@g.o
 64. gnome@g.o
 66. openoffice@g.o
 68. kde@g.o
8. Tips and tricks
Gentoo bugzilla search plugin for Firefox
Are you using the little search input field on the upper right of your 
Firefox browser window? Most people do, and most of most people use it 
only to google for search terms. A little lesser known is the possibility 
to add plugins for limited searches at specific websites - or the Gentoo 
bug report system, for that matter. This extremely useful little add-on 
was concocted by developer Mike Frysinger[70], and hunts for your search 
terms in the overview of bug reports at Gentoo's central Bugzilla.
 70. vapier@g.o
| Code Listing 8.1:                                                       |
|Download two files from the Mozilla searchplugin                         |
|                                                                         |
|# wget{src,png}           |
|                                                                         |
Next, copy those files to the path where Firefox looks for plugins to use. 
Be root if you do this, or prepend the following command with sudo: 
| Code Listing 8.2:                                                       |
|Install searchplugin in the appropriate                                  |
|                                                                         |
|# cp Gentoo-Bugs.src Gentoo-Bugs.png                                     |
/usr/lib/MozillaFirefox/searchplugins/(or sudo if not done as root)
|                                                                         |
That's it. Kill any open Firefox windows, restart Firefox, there you go: 
Gentoo bug hunting at your fingertips. 
9. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * Kai Zimmermann (kzimmerm) - media-video 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
 71. gwn-feedback@g.o
11. GWN feedback
Please send us your feedback[72] and help make the GWN better.
 72. gwn-feedback@g.o
12. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
13. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[73] 
 * Dutch[74] 
 * English[75] 
 * German[76] 
 * French[77] 
 * Japanese[78] 
 * Italian[79] 
 * Polish[80] 
 * Portuguese (Brazil)[81] 
 * Portuguese (Portugal)[82] 
 * Russian[83] 
 * Spanish[84] 
 * Turkish[85] 
Ulrich Plate <plate@g.o> - Editor
Brian Downey <bdowney@×××××××××××.net> - Author
Christian Hartmann <ian@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Sven Vermeulen <swift@g.o> - Author

gentoo-gwn@g.o mailing list