Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 8 November 2004
Date: Mon, 08 Nov 2004 00:01:02
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 8 November 2004.
1. Gentoo News
Gentoo User Survey Results
Corey Shields[1] has published the preliminary results of the Gentoo User 
Survey[2]. Conducted during two weeks in September, all purely numerical 
data has now been evaluated and processed for publication on Corey's own 
developer webspace, pending interpretation of three additional text-based 
questions that respondents have answered using their own words, which 
requires more work to aggregate, to be added to the published data at a 
later date. 
 1. cshields@g.o
Figure 1.1: Portage and optimizations most important for users
The results bear little to no surprises as long as current user habits are 
concerned. Out of experience, a majority of Gentooists synchronizing and 
updating their configuration on a daily basis was to be expected. Some of 
the questions concerning future plans for Gentoo provoked answers quite 
outside expectations, though. Who would have thought that simplified, 
possibly GUI-based installation routines would figure so prominently among 
user preferences?
Figure 1.2: Caveat: Most respondents said 'None of these'
Other requests are already reflected in Gentoo's policy. The release 
schedule, estimated to be most useful at a new release every six months by 
47 percent of Gentooists asked, will effectively be changed to a 
twice-a-year rhythm starting with 2005.0. 
2. Gentoo security
ppp: No denial of service vulnerability
pppd contains a bug that allows an attacker to crash his own connection, 
but it cannot be used to deny service to other users. 
For more information, please see the GLSA Announcement[3]
Cherokee: Format string vulnerability
Cherokee contains a format string vulnerability that could lead to denial 
of service or the execution of arbitary code. 
For more information, please see the GLSA Announcement[4]
Apache 1.3: Buffer overflow vulnerability in mod_include
A buffer overflow vulnerability exists in mod_include which could possibly 
allow a local attacker to gain escalated privileges. 
For more information, please see the GLSA Announcement[5]
Speedtouch USB driver: Privilege escalation vulnerability
A vulnerability in the Speedtouch USB driver can be exploited to allow 
local users to execute arbitrary code with escalated privileges. 
For more information, please see the GLSA Announcement[6]
libxml2: Remotely exploitable buffer overflow
libxml2 contains multiple buffer overflows which could lead to the 
execution of arbitrary code. 
For more information, please see the GLSA Announcement[7]
MIME-tools: Virus detection evasion
MIME-tools doesn't handle empty MIME boundaries correctly. This may 
prevent some virus-scanning programs which use MIME-tools from detecting 
certain viruses. 
For more information, please see the GLSA Announcement[8]
Proxytunnel: Format string vulnerability
Proxytunnel is vulnerable to a format string vulnerability, potentially 
allowing a remote server to execute arbitrary code with the rights of the 
Proxytunnel process. 
For more information, please see the GLSA Announcement[9]
GD: Integer overflow
The PNG image decoding routines in the GD library contain an integer 
overflow that may allow execution of arbitrary code with the rights of the 
program decoding a malicious PNG image. 
For more information, please see the GLSA Announcement[10]
shadow: Unauthorized modification of account information
A flaw in the chfn and chsh utilities might allow modification of account 
properties by unauthorized users. 
For more information, please see the GLSA Announcement[11]
Gallery: Cross-site scripting vulnerability
Gallery is vulnerable to cross-site scripting attacks. 
For more information, please see the GLSA Announcement[12]
ImageMagick: EXIF buffer overflow
ImageMagick contains an error in boundary checks when handling EXIF 
information, which could lead to arbitrary code execution. 
For more information, please see the GLSA Announcement[13]
3. Heard in the community
Sharing /usr/portage
Supporting multiple Gentoo systems typically means maintaining separate 
copies of the portage tree. To save disk space and time, several users 
discuss how to manage a single shared copy across all systems.
 * How much of portage can be shared/deleted?[14]  
Perl modules in Portage
One user inquires about installing perl modules in portage after having 
trouble finding them. Portage offers a helpful script to search for perl 
modules and dynamically generate an ebuild to install them.
 * GPG and Perl Modules[15]  
PS2 and Gentoo Linux
As Gentoo seems to run on everything (except maybe refrigerators), this 
thread explores the feasibility of Gentoo on the PlayStation 2. Getting a 
full Gentoo install on it will not be easy, but it looks like lots of fun 
trying to. 
 *  PS2 and Gentoo Linux[16] 
Handling multiple packages providing a symlink
Ciaran McCreesh[17] explores the possibilities of handling multiple 
packages (like vi, vim, elvis) providing symlinks (in this case for vi). 
Most suggestions from others included implementing a system like Debian 
alternatives, so expect some nice and pleasant modifications soon. 
 17. ciaranm@g.o
 * Handling multiple packages providing a symlink[18] 
Official Gentoo motto?
Following a NewsForge article claiming that the official Gentoo Motto was 
"If it moves, compile it", people were wondering - since clearly this 
isn't it - what could in fact be a good motto for Gentoo. 
 *  Official Gentoo Motto?[19] 
4. Gentoo International
Italy: Gentoo Day
27 November 2004 is going to be the date for the fourth time that Italy's 
ever-growing open-source movement organizes a national Linux day[20], and 
the second time that this Italy-wide event is reason enough for the 
Italian Gentoo users to prepare for some evangelism of their own: For the 
second year in a row, "Gentoo Day" is going to be held simultaneously in 
two cities in Italy, Prato and Milano, thanks to those Gentooists active 
in the Gentoo Channel Italia (Gechi) framework, and the hospitality of two 
co-organizing local Linux User Groups, MiLUG[21] and PLUG[22]. Gentoo Day 
encompasses talks by weathered Gentoo presenters, various architectures on 
display, some paraphernalia for collectors of Gentoo gadgetry, and of 
course the opportunity to meet other Gentoo users and developers. If you 
want to join the Gechi in this endeavour in either of the two cities 
separated by about 300 kilometres, check this Forum thread[23] and the 
Gechi's own forum[24] (both links in Italian). 
UK: Gentoo User Meeting in Cambridge
Last Thursday, 4 November 2004, Gentoo users and developers flocked from 
places such as Poland, Peru, and even as far away as Cambridge, to meet up 
for a quick drink in "The Eagle" pub, Cambridge, UK. Accompanied by a few 
members of the Cambridge LUG[25], the turnout was higher than expected, at 
about 15. Overall an enjoyable evening in anticipation for future Gentoo 
UK meetings. 
5. Gentoo in the press
Notebook Review (5 November 2004)
User experiences with a recent LG Electronics notebook model is what the 
LG X-Note LM50 notebook review[26] is really all about, marking good old 
Korean Lucky Goldstar's[27] debut on the North-American notebook market. A 
plain hardware review, if it wasn't for a rather unexpected twist the 
article takes about halfway down: The author has to cut the list of 
hardware items he intended to write shorter than planned because he can't 
access the device info in Windows - with the review not even finished, his 
new LM50 is already busy installing Gentoo Linux.
6. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([28]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 31 October 2004 and 07 November 2004, activity 
on the site has resulted in: 
 * 743 new bugs during this period 
 * 428 bugs closed or resolved during this period 
 * 26 previously closed bugs were reopened this period 
Of the 7400 currently open bugs: 122 are labeled 'blocker', 251 are 
labeled 'critical', and 560 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * ppc64 architecture team[29], with 70 closed bugs[30]  
 * Gentoo's Team for Core System packages[31], with 23 closed bugs[32]  
 * Gentoo Security[33], with 18 closed bugs[34]  
 * Gentoo Linux Gnome Desktop Team[35], with 17 closed bugs[36]  
 * Jeremy Huddleston[37], with 14 closed bugs[38]  
 * Gentoo KDE team[39], with 12 closed bugs[40]  
 * Chris Gianelloni[41], with 11 closed bugs[42]  
 * Gentoo Linux bug wranglers[43], with 11 closed bugs[44]  
 29. ppc64@g.o
 31. base-system@g.o
 33. security@g.o
 35. gnome@g.o
 37. eradicator@g.o
 39. kde@g.o
 41. wolf31o2@g.o
 43. bug-wranglers@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * AMD64 Porting Team[45], with 30 new bugs[46]  
 * Gentoo's Team for Core System packages[47], with 13 new bugs[48]  
 * SpanKY[49], with 12 new bugs[50]  
 * Gentoo Games[51], with 10 new bugs[52]  
 * Gentoo X-windows packagers[53], with 8 new bugs[54]  
 * Net-Mail Packages[55], with 8 new bugs[56]  
 * Gentoo KDE team[57], with 8 new bugs[58]  
 * media-video herd[59], with 7 new bugs[60]  
 45. amd64@g.o
 47. base-system@g.o
 49. vapier@g.o
 51. games@g.o
 53. x11@g.o
 55. net-mail@g.o
 57. kde@g.o
 59. media-video@g.o
7. Tips and Tricks
Specifying only needed locales
The locales a user can choose from are built by the glibc. Usually all 
available locales starting from aa_DJ (Afar locale for Djibouti) over 
en_US (English locale for the USA) to zu_ZA.utf8 (Zulu locale for South 
Africa) will be installed. Unless you're working at the UN and administer 
a central server for all member states, it is difficult to conceive why 
you would need a system where all of these locales are installed. This 
week's tip was written with all those of you in mind who'd like to save 90 
percent of the space occupied by locales in their system, by limiting the 
number of installed locales to the bare minimum. 
Ever since sys-libs/glibc- has been in Portage, a 
USE-flag called userlocales was provided to make sure only those locales 
mentioned in /etc/ are to be built and installed. As a 
side-effect, this also leads to a much faster emerge of glibc, obviously. 
| Code Listing 7.1:                                                       |
|Activate the userlocales USE flag especially for                         |
|                                                                         |
|echo "sys-libs/glibc userlocales" >> /etc/portage/package.use            |
|                                                                         |
Now specify the locales you want to be able to use: 
| Code Listing 7.2:                                                       |
|nano -w                                                                  |
|                                                                         |
|The format of the locales is described in the file itself.               |
|en_US/ISO-8859-1                                                         |
|en_US.UTF-8/UTF-8                                                        |
|de_DE/ISO-8859-1                                                         |
|de_DE@euro/ISO-8859-15                                                   |
|de_DE.UTF-8/UTF-8                                                        |
|                                                                         |
For further information about locale-handling make sure you read our 
Gentoo Linux Localization Guide[61].
Another interesting tool is app-admin/localepurge which can clean out any 
installed man-page or info-file in languages you don't need on your 
system. You should read the man-page to localepurge in any case, and 
configure languages you intend to keep in /etc/locale.nopurge. 
By the way, if you want to prohibit the installation of all man-pages, 
info-files or documentation, for example when space on your disk is 
severely limited, you can add noman, nodoc and/or noinfo to FEATURES in 
your /etc/make.conf. 
8. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * Yi Qiang - Gnome 
The following developers recently joined the Gentoo Linux team:
 * Simone Gotti (motaboy) - KDE 
 * Roy Marples (uberlord) - Init scripting 
 * Michael Tindal (urilith) - Apache, Embedded, Hardened 
 * Alin Nastac (mrness) - Net dialup 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
 62. gwn-feedback@g.o
10. GWN feedback
Please send us your feedback[63] and help make the GWN better.
 63. gwn-feedback@g.o
11. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[64] 
 * Dutch[65] 
 * English[66] 
 * German[67] 
 * French[68] 
 * Japanese[69] 
 * Italian[70] 
 * Polish[71] 
 * Portuguese (Brazil)[72] 
 * Portuguese (Portugal)[73] 
 * Russian[74] 
 * Spanish[75] 
 * Turkish[76] 
Ulrich Plate <plate@g.o> - Editor
Brian Downey <bdowney@×××××××××××.net> - Author
Patrick Lauer <patrick@g.o> - Author
Emmet Wagle <ewagle@×××××.com> - Author
Lars Weiler <pylon@g.o> - Author

gentoo-gwn@g.o mailing list