Gentoo Archives: gentoo-gwn

From: Kurt Lieber <klieber@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter -- Volume 2, Issue 11
Date: Mon, 17 Mar 2003 01:58:12
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of March 17th, 2003.
1. Gentoo News
 * Update from the Game Developers Conference 
 * GWN looking for contributors 
 * shows signs of strain as Gentoo Linux continues to 
 * Gentoo Linux launches a "hardened Gentoo" effort 
 * New items at the Gentoo Store 
Update from the Game Developers Conference
As reported earlier[1], Gentoo Linux was present at the recent Game 
Developers Conference as an official member of the NVIDIA booth. Dean 
Bailey was Gentoo's official representative and was joined by Emmett 
Plant, CEO of[2]. Between Dean, Emmet and the compelling 
combination of Unreal Tournament 2003 and Gentoo, the conference was a 
success and introduced many game developers to the wonders of Gentoo Linux.

GWN looking for contributors
It's hard to believe that the Gentoo Weekly Newsletter is now almost four 
months old. The ride so far has been a mixture of fun, frustration and 
plenty of excitement. Each week, we get several emails commenting on how 
much people enjoy the GWN which is a great help in keeping the GWN team 
motivated. In an effort to maintain the quality and comprehensiveness that 
our readers have come to expect from the GWN, we need your help in filling 
the following positions on our team: 
 * Mailing List Coordinator -- Follow the threads on gentoo-user, 
gentoo-dev and some of the other more popular mailing lists. Work with the 
other mailing list coordinators to write up a summary of the top 3-4 
threads of each list 
 * Forums Coordinator -- Follow the forums on the Gentoo Forums[2]. Work 
with the other mailing list coordinators to write up a summary of the top 
3-4 threads on the forums for that week 
 * Feature writer -- Have an idea for an article you want to write for the 
GWN? Let us know! 
If you're interested in one of the positions above, please send us an 
email at gwn-feedback@g.o. Remember that it's folks like you that 
make the GWN possible. shows signs of strain as Gentoo Linux continues to grow
As most Gentoo Linux users know, is a very important 
domain name. What many people don't know, however, is exactly how works. Currently, resolves to one of 20 
different IP addresses through a process known as DNS round robin 
resolution. This essentially is a way of randomly distributing the load of across multiple servers globally. As Gentoo Linux 
continues to grow, we've continued to add rsync mirrors to our rotation as 
generous Gentoo users donate their servers and bandwidth to host a mirror 
of our Portage tree.
This past week, Gentoo Linux hit an unusual problem as the number of rsync 
mirrors in the rotation increased to the point where the 
total query response packet size became too large for UDP to handle, 
causing DNS to fall back on TCP to transmit the larger packet size. 
Despite the fact that this is perfectly valid behavior according to RFC 
1035[3], many firewalls are still configured to block TCP traffic on port 
53. This caused some problems[4] among the Gentoo user community as some 
folks found themselves unable to resolve, which also 
meant they were unable to successfully run emerge sync. 

As a short-term solution, the number of rsync mirrors in the rotation was reduced to allow responses to be sent over 
UDP. As Gentoo Linux continues to grow, however, this will not be a 
permanent solution. Instead, we're working on two longer-term solutions:
 * Migrating to the use of continent and country codes for rsync mirror 
rotations. Please see this week's Tips & Tricks section for examples on 
how to set up your box to use this new system. 
 * Changing our core DNS infrastructure to allow the continued expansion 
of the rotation without causing the response packet to 
become too large. Look for more information about this in a future version 
of the Gentoo Weekly Newsletter. 
Gentoo Linux launches a "hardened Gentoo" effort 
An official effort to build a hardened version of Gentoo Linux was 
launched this week. Built using many of the userland tools, as well as the 
access controls currently available in Security-Enhanced Linux[5], this 
effort should be of interest to anyone running a Gentoo server in an 
environment that demands a higher level of security.

Anyone interested in participating in this effort should sign up[6] on the 
gentoo-hardened mailing list.

 6. gentoo-hardened-subscribe@g.o
New items at the Gentoo Store
Based on requests from Gentoo Linux users, the number of items available 
at the Gentoo Linux Merchandise Online Store[7] has increased 
significantly. From posters to golf shirts to bumper stickers, now you can 
show off Gentoo Linux just about anywhere. Prices have also been reduced 
on many items as well. Remember that each item purchased from the official 
online store directly supports the continued development of Gentoo Linux. 

2. Gentoo Security

 * GLSA: ethereal 
 * GLSA: netscape-flash 
 * GLSA: file 
 * New Security Bug Reports 
GLSA: ethereal
The ethereal network monitor application contains a string overflow 
vulnerability in its SOCKS dissector and a heap overflow in its NTLMSSP 
code. These vulnerabilities could be used to crash or run arbitrary code 
under the privileges of the ethereal service by passing a carefully 
crafted network packet.
 * Severity: High - Remote DOS, code execution. 
 * Packages Affected: net-analyzer/ethereal versions prior to 
 * Rectification: Synchronize and emerge ethereal, emerge clean. 
 * GLSA Announcement[7] 
 * Advisory[7] 
GLSA: netscape-flash
A patch which cumulatively resolves several buffer overflows and sandbox 
violations in Macromedia Flash players has been released. These 
vulnerabilities could theoretically be used to gain remote access to a 
target computer. No exploits have been demonstrated.
 * Severity: High - Remote code execution. 
 * Packages Affected: net-www/netscape-flash versions prior to 
 * Rectification: Synchronize and emerge netscape-flash, emerge clean. 
 * GLSA Announcement[7] 
 * Advisory[7] 
GLSA: file
The file(1) command contains a buffer overflow vulnerability that could be 
used to execute arbitrary code under the privileges of the target user.
 * Severity: Moderate - Privilege elevation, mitigated by requirement for 
   target participation. 
 * Packages Affected: sys-apps/file versions prior to file-3.4.1 
 * Rectification: Synchronize and emerge file, emerge clean. 
 * GLSA Announcement[7] 
 * Advisory[7] 
New Security Bug Reports
The following new security bugs were posted this week:
 * dev-db/mysql[7] 
 * net-mail/qpopper[7] 
 * sys-apps/man[7] 
3. Featured Developer of the Week
Grant Goodyear
Figure 3.1: Grant Goodyear, aka g2boojum 
Grant Goodyear[8] is an old timer at Gentoo - quite possibly the only 
current developer who has been with the project longer is Daniel Robbins 
himself. Grant, who had been using OpenBSD for scientific computing at 
work found out about Gentoo through Drobbins' articles[9] at IBM's 
DeveloperWorks. At the time (about three years ago) #gentoo was a channel 
with only a dozen or so regulars, the 'ebuild' command existed but 
'emerge', with its dependency checking did not, there were only a couple 
hundred packages, the gentoo-dev@g.o mailing list was the bug 
tracker, and the only real source of information on writing ebuilds was 
'man 5 ebuild'. Like many others who eventually became developers, Grant 
fixed bugs and wrote packages until the developers (then just Achim 
Gottinger and Drobbins) got tired of committing his changes and asked him 
to become a developer. Now he's a Senior Development Manager, a trouble 
shooter and occasional source of advice to younger developers. Grant wrote 
the Desktop Configuration Guide[10] back when Gentoo upgrades meant a new 
install so that he could recreate his setup each time. He also edited the 
Install Instructions[11] which countless users have now used to set Gentoo 
up more or less from scratch on their machines. 

 8. g2boojum@g.o
Grant is an Assistant Professor of Chemistry at Clemson University in 
South Carolina who publishes all his results in freely (as in speech) 
available, open scientific journals. He's a theoretical chemist, so he 
spends a lot of his time using computers (all running Linux) to model 
chemical processes occurring in liquids. He teaches Physical Chemistry 2, 
which comprises chemical kinetics, quantum mechanics, statistical 
mechanics, and spectroscopy to undergraduates who would prefer that 
understanding the world didn't involve so much math. Grant is forced to 
run Red Hat on his 16-processor cluster, but his P4 and dual Athlon 
workstations, web/dns server, laptop, and home desktop all run Gentoo. He 
uses Fluxbox as his WM, screen with irssi for IRC, konqueror for reading 
'ebuild(5)', vim, galeon, evolution, and squirrelmail. He feels obligated 
to use sendmail because he wrote the ebuild for it, but actually prefers 
Grant likes to read science fiction with good character development and 
happy endings. In his less-than-copious spare time he calls Contra 
dances[12]. He just got married a few weeks ago, and has accumulated many 
frequent flier miles visiting his wife Sarah in Houston, Texas from his 
home in Greenville, South Carolina. 

4. Heard In The Community
Web Forums
Small Inconveniences
Success can be a burden, everybody knows that. The Forums, being 
particularly successful, have had their shares of load problems, and 
solutions will have to be found rather quickly by switching to a more 
powerful hardware platform. While efforts are under way, site admin 
rac[13] has put the brake on a few features that were responsible for 
bringing down the Forum's performance, notably the number of thread views 
that is no longer being updated, the list of people being simultaneously 
online not sorted alphabetically anymore, and a limitation to ego-searches 
that now includes only the last two weeks of an individual's post count:

 * Small inconveniences[13] 
 * Where are all my posts?[13] 
Kernel Sources - Which Do What?
Things were quite easy in the early days of Gentoo with just a handful of 
kernel source packages to choose from, but the variety of different 
patchsets, special purpose kernels and platforms at the end of a simple 
"emerge ***-sources" has grown completely out of proportion. Over the last 
week, a few descriptions have been put together to update the FAQ about 
kernel sources in Gentoo, creating a rather impressive document. Still a 
few blanks to be filled in if you care to add to the knowledge base:
 * KC6: Which sources?[13] 
 * [FAQF] KC6: Which sources?[13] 
Embarrassing DistroWatch Cheat Attempt
A particularly stupid git has managed to jeopardize Gentoo's reputation by 
rigging the page view count on DistroWatch, Ladislav Bodnar's well-known 
list of available Linux distributions. In Ladislav's words: "Now come on, 
folks! It's just a page hit ranking, it simply monitors how many times a 
distribution page gets viewed, nothing more! It's not meant to be taken 
seriously, which I've stated many times - to no avail". Some people are 
just hopeless:
 * Anyone else see this on DistroWatch? Gentoo Cheater...[13] 
 * DistroWatch[13] 


Mozilla and Java, continued...
The classic tale of Mozilla's distaste for a cup of joe on a Gentoo linux 
system has returned to the gentoo-user list this week. It seems that the 
lizard has plenty of pent up fire to warrant the use of caffeine. 
Fortunately this weeks telling contained many success stories on how 
Gentoo'ers managed to pair the two up. Examples were given for both Sun 
and Blackdown's JDK integration into Mozilla's plugins. These should 
provide any Gentoo'er the opportunity to take a crack at 
in no time. 
 * Mozilla and Java[13] 
 * Mozilla and Java (Again)[13] 
 * Blackdown JDK Solution[13] 
 * Sun JDK Solution[13] 

Portage-2.0.47-r10 Out for Testing
Small changes to the portage system have been coming along this week. 
Changes include minor corrections and alterations, but also additional 
features. All of this can be looked up in the changelog[14], of course. 
However one new option worth special mention is the change to etc-update 
that allows for automerging of the config files. So from now on when the 
occasional emerge -u world is complete and all you have left to do is the 
etc-update, just let the new automerge feature do the work for you! It 
should be ready for tests so don't hold back on the feedback[15]. 

And a little reminder, if something isn't quite as it should be after the 
etc-update. Try env-update and source /etc/profile both as root.
GLSAs and an Automatic Security Package Tool
Ideas are forming about the Portage system somehow growing to include the 
GLSAs. This week has seen a small discussion[16] about how it could come 
to life. The Gentoo Linux Security Announcements[17], as you all know, 
inform us when holes in software packages become a security hazard. And 
the general consensus is that it would be a very powerful tool if the 
portage system could not only update packages for us but also apply those 
very needed security patches. Or maybe even entirely mask them out and 
only allow for updates to packages with no known security risks. Anyway, I 
don't think it is too much to say that it would be a most welcome twist to 

5. Gentoo International
New Dutch Forum Moderators Announced
Two new moderators, one Belgian, one Dutch, have been assigned to 
supervise the Netherlands forum[18]. Long-time Forum dweller Garo[19] and 
developer Foser[20] have gracefully accepted to split the task between 

6. Portage Watch
The following stable packages were added to portage this week
 * app-emulation/stella : Stella Atari 2600 VCS Emulator 
 * app-games/codebreaker : mastermind style game 
 * app-games/lpairs : Kids card/puzzle game 
 * app-games/penguzzle : Tcl/Tk variant of the well-known 15-puzzle game 
 * app-games/raptor2 : space shoot-em-up game 
 * app-games/tuxmath : Educational arcade game where you have to solve 
   math problems 
 * dev-ml/pxp : PXP is a validating XML parser library for O'Caml 
 * dev-libs/xmlrpc-c : A lightweigt RPC library based on XML and HTTP 
 * media-libs/dumb : IT, XM, S3M and MOD player library 
 * media-sound/hydrogen : Linux Drum Machine 
 * media-sound/protux : Professional Audio Tools for 
Updates to notable packages
 * sys-apps/portage - portage-2.0.47-r10.ebuild;  
 * x11-base/xfree - xfree-4.3.0-r1.ebuild;  
 * sys-kernel/* - ac-sources-2.4.21_pre5-r3.ebuild; 
   gaming-sources-2.4.20-r1.ebuild; lolo-sources-; 
   mm-sources-2.5.64-r4.ebuild; mm-sources-2.5.64-r5.ebuild; 
   mm-sources-2.5.64-r6.ebuild; wolk-sources-4.0_rc2.ebuild; 
 * dev-db/mysql - mysql-4.0.11a-r1.ebuild;  
 * app-admin/gentoolkit - gentoolkit-0.1.19-r3.ebuild;  
New USE variables
 * lirc - Adds support for lirc (Linux's Infra-Red Remote Control) 
7. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([21]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. In the last 7 days, activity on the site has resulted in:

 * 284 new bugs this week 
 * 417 bugs closed or resolved this week 
 * 6 previously closed bugs were reopened this week. 
 * 2047 total bugs currently marked 'new' 
 * 479 total bugs currently assigned to developers 
There are currently 2586 bugs open in bugzilla. Of these: 66 are labelled 
'blocker', 87 are labelled 'critical', and 185 are labelled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs this week are:
 * Seemant Kulleen[21], with 21 closed bugs[21] 
 * The Mirror Administrators[21], with 18 closed bugs[21] 
 * The Gnome Team[21], with 18 closed bugs[21] 
 * The Games Team[21], with 15 closed bugs[21] 
 * Nicholas Jones[21], with 13 closed bugs[21] 
 * Jason Shoemaker[21], with 13 closed bugs[21] 
New Bug Rankings
The developers and teams who have been assigned the most new bugs this 
week are:
 * Martin Schlemmer[21], with 30 new bugs[21] 
 * Nick Hadaway[21], with 20 new bugs[21] 
 * The Gnome Team[21], with 19 new bugs[21] 
 * Nicholas Jones[21], with 14 new bugs[21] 
 * Seth Chandler[21], with 13 new bugs[21] 
8. Tips and Tricks
Using a localized rsync mirror rotation.
This week's tip shows you how to take advantage of the new country and 
continent-specific round robin rsync mirror rotations. 
The first step is to determine if your country has a round robin rotation 
assigned to it. 
| Code Listing 8.1:                                                       |
| Using host to determine country-specific gentoo domains                 |
|                                                                         |
|$ host                                               |
| has address                            |
|                                                                         |
 If your country doesn't have an rsync mirror rotation set up yet, you'll 
see something like the following: 
| Code Listing 8.2:                                                       |
| Not all countries have rsync mirrors yet                                |
|                                                                         |
|$ host                                               |
|Host not found: 3(NXDOMAIN)                          |
|                                                                         |

You'll need to emerge the bind-tools package in order to use host   Not 
sure what your two-letter country code is? Here[22] is the official list.  

Another option is to use the new continent-level rsync mirror rotations. 
Currently, the following continent rotations are set up: 
 * -- North America 
 * -- South America 
 * -- Europe 
 * -- Asia 
 * -- Australia (same as the country code) 
Once you have identified which rsync mirror you want to use, edit your 
/etc/make.conf file and place that value in the SYNC variable.
| Code Listing 8.1:                                                       |
| SYNC set to use the rotation                        |
|                                                                         |
|SYNC=""                                               |
|                                                                         |
9. Moves, Adds and Changes
The following developers recently left the Gentoo team: 
 * none this week 
The following developers recently joined the Gentoo Linux team:
 * Patrick Kursawe (phosphan) -- bug fixes and miscellaneous stuff 
 * Sven Vermeulen (SwifT) -- Dutch documentation 
The following developers recently changed roles within the Gentoo Linux 
 * none this week 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 23. gwn-feedback@g.o
11. GWN Feedback
Please send us your feedback[24] and help make GWN better.

 24. gwn-feedback@g.o
12. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch[24] 
 * English[24] 
 * German[24] 
 * French[24] 
 * Japanese[24] 
 * Italian[24] 
 * Portuguese (Brazil)[24] 
 * Portuguese (Portugal)[24] 
 * Spanish[24] 
Kurt Lieber <klieber@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brice Burgess <nesta@×××××××.net> - Contributor
Yuji Carlos Kosugi <carlos@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Peter Sharp <mail@××××××××××××××.net> - Contributor
Kim Tingkaer <kim@×××××××.dk> - Contributor
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation
Tom Van Laerhoven <tom.vanlaerhoven@××××××.be> - Dutch Translation
Roel Adriaans <roel@××××××××.cx> - Dutch Translation
Peter Dijkstra <phj.dijkstra@××××.nl> - Dutch Translation
Nicolas Ledez <nicolas.ledez@××××.fr> - French Translation
Guillaume Plessis <gui@×××××××××.com> - French Translation
John Berry <anfini@××××.fr> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Michael Kohl <citizen428@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Daniel Ketel <kage-chan@g.o> - Japanese Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Andy Hunne <andy@×××××××××.com> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <gustavo@××××××××××.net> - Portuguese (Portugal) 
Ricardo Jorge Louro <rjlouro@×××××××.org> - Portuguese (Portugal) 
Lanark <lanark@××××××××××.ar> - Spanish Translation
Rafael Cordones Marcos <rcm@×××××××.net> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio Gómez <s3r@××××××××××××.ar> - Spanish Translation
Pablo Pita Leira <pablo.leira@×××××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Tirant <tirant@×××××.net> - Spanish Translation
Jaime Freire <jfreire@××.com> - Spanish Translation
Lucas Sallovitz <krusty_ar@×××××.com> - Spanish Translation