Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 8 November 2004
Date: Mon, 08 Nov 2004 00:01:02
Message-Id: 20041108005508.4a9dbffa.plate@gentoo.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of 8 November 2004.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo News
9 ==============
10
11 Gentoo User Survey Results
12 --------------------------
13
14 Corey Shields[1] has published the preliminary results of the Gentoo User
15 Survey[2]. Conducted during two weeks in September, all purely numerical
16 data has now been evaluated and processed for publication on Corey's own
17 developer webspace, pending interpretation of three additional text-based
18 questions that respondents have answered using their own words, which
19 requires more work to aggregate, to be added to the published data at a
20 later date.
21 1. cshields@g.o
22 2. http://dev.gentoo.org/~cshields/survey/survey.html
23
24 Figure 1.1: Portage and optimizations most important for users
25 http://www.gentoo.org/images/gwn/20041108-survey1.jpg
26
27 The results bear little to no surprises as long as current user habits are
28 concerned. Out of experience, a majority of Gentooists synchronizing and
29 updating their configuration on a daily basis was to be expected. Some of
30 the questions concerning future plans for Gentoo provoked answers quite
31 outside expectations, though. Who would have thought that simplified,
32 possibly GUI-based installation routines would figure so prominently among
33 user preferences?
34
35 Figure 1.2: Caveat: Most respondents said 'None of these'
36 http://www.gentoo.org/images/gwn/20041108-survey2.jpg
37
38 Other requests are already reflected in Gentoo's policy. The release
39 schedule, estimated to be most useful at a new release every six months by
40 47 percent of Gentooists asked, will effectively be changed to a
41 twice-a-year rhythm starting with 2005.0.
42
43 ==================
44 2. Gentoo security
45 ==================
46
47 ppp: No denial of service vulnerability
48 ---------------------------------------
49
50 pppd contains a bug that allows an attacker to crash his own connection,
51 but it cannot be used to deny service to other users.
52
53 For more information, please see the GLSA Announcement[3]
54 3. http://www.gentoo.org/security/en/glsa/glsa-200411-01.xml
55
56 Cherokee: Format string vulnerability
57 -------------------------------------
58
59 Cherokee contains a format string vulnerability that could lead to denial
60 of service or the execution of arbitary code.
61
62 For more information, please see the GLSA Announcement[4]
63 4. http://www.gentoo.org/security/en/glsa/glsa-200411-02.xml
64
65 Apache 1.3: Buffer overflow vulnerability in mod_include
66 --------------------------------------------------------
67
68 A buffer overflow vulnerability exists in mod_include which could possibly
69 allow a local attacker to gain escalated privileges.
70
71 For more information, please see the GLSA Announcement[5]
72 5. http://www.gentoo.org/security/en/glsa/glsa-200411-03.xml
73
74 Speedtouch USB driver: Privilege escalation vulnerability
75 ---------------------------------------------------------
76
77 A vulnerability in the Speedtouch USB driver can be exploited to allow
78 local users to execute arbitrary code with escalated privileges.
79
80 For more information, please see the GLSA Announcement[6]
81 6. http://www.gentoo.org/security/en/glsa/glsa-200411-04.xml
82
83 libxml2: Remotely exploitable buffer overflow
84 ---------------------------------------------
85
86 libxml2 contains multiple buffer overflows which could lead to the
87 execution of arbitrary code.
88
89 For more information, please see the GLSA Announcement[7]
90 7. http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
91
92 MIME-tools: Virus detection evasion
93 -----------------------------------
94
95 MIME-tools doesn't handle empty MIME boundaries correctly. This may
96 prevent some virus-scanning programs which use MIME-tools from detecting
97 certain viruses.
98
99 For more information, please see the GLSA Announcement[8]
100 8. http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
101
102 Proxytunnel: Format string vulnerability
103 ----------------------------------------
104
105 Proxytunnel is vulnerable to a format string vulnerability, potentially
106 allowing a remote server to execute arbitrary code with the rights of the
107 Proxytunnel process.
108
109 For more information, please see the GLSA Announcement[9]
110 9. http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml
111
112 GD: Integer overflow
113 --------------------
114
115 The PNG image decoding routines in the GD library contain an integer
116 overflow that may allow execution of arbitrary code with the rights of the
117 program decoding a malicious PNG image.
118
119 For more information, please see the GLSA Announcement[10]
120 10. http://www.gentoo.org/security/en/glsa/glsa-200411-08.xml
121
122 shadow: Unauthorized modification of account information
123 --------------------------------------------------------
124
125 A flaw in the chfn and chsh utilities might allow modification of account
126 properties by unauthorized users.
127
128 For more information, please see the GLSA Announcement[11]
129 11. http://www.gentoo.org/security/en/glsa/glsa-200411-09.xml
130
131 Gallery: Cross-site scripting vulnerability
132 -------------------------------------------
133
134 Gallery is vulnerable to cross-site scripting attacks.
135
136 For more information, please see the GLSA Announcement[12]
137 12. http://www.gentoo.org/security/en/glsa/glsa-200411-10.xml
138
139 ImageMagick: EXIF buffer overflow
140 ---------------------------------
141
142 ImageMagick contains an error in boundary checks when handling EXIF
143 information, which could lead to arbitrary code execution.
144
145 For more information, please see the GLSA Announcement[13]
146 13. http://www.gentoo.org/security/en/glsa/glsa-200411-11.xml
147
148 =========================
149 3. Heard in the community
150 =========================
151
152 gentoo-user
153 -----------
154
155 Sharing /usr/portage
156
157 Supporting multiple Gentoo systems typically means maintaining separate
158 copies of the portage tree. To save disk space and time, several users
159 discuss how to manage a single shared copy across all systems.
160
161 * How much of portage can be shared/deleted?[14]
162 14. http://thread.gmane.org/gmane.linux.gentoo.user/105834
163
164 Perl modules in Portage
165
166 One user inquires about installing perl modules in portage after having
167 trouble finding them. Portage offers a helpful script to search for perl
168 modules and dynamically generate an ebuild to install them.
169
170 * GPG and Perl Modules[15]
171 15. http://thread.gmane.org/gmane.linux.gentoo.user/106090
172
173 gentoo-dev
174 ----------
175
176 PS2 and Gentoo Linux
177
178 As Gentoo seems to run on everything (except maybe refrigerators), this
179 thread explores the feasibility of Gentoo on the PlayStation 2. Getting a
180 full Gentoo install on it will not be easy, but it looks like lots of fun
181 trying to.
182
183 * PS2 and Gentoo Linux[16]
184 16. http://thread.gmane.org/gmane.linux.gentoo.devel/22674
185
186 Handling multiple packages providing a symlink
187
188 Ciaran McCreesh[17] explores the possibilities of handling multiple
189 packages (like vi, vim, elvis) providing symlinks (in this case for vi).
190 Most suggestions from others included implementing a system like Debian
191 alternatives, so expect some nice and pleasant modifications soon.
192 17. ciaranm@g.o
193
194 * Handling multiple packages providing a symlink[18]
195 18. http://thread.gmane.org/gmane.linux.gentoo.devel/22647
196
197 Official Gentoo motto?
198
199 Following a NewsForge article claiming that the official Gentoo Motto was
200 "If it moves, compile it", people were wondering - since clearly this
201 isn't it - what could in fact be a good motto for Gentoo.
202
203 * Official Gentoo Motto?[19]
204 19. http://thread.gmane.org/gmane.linux.gentoo.devel/22540
205
206 =======================
207 4. Gentoo International
208 =======================
209
210 Italy: Gentoo Day
211 -----------------
212
213 27 November 2004 is going to be the date for the fourth time that Italy's
214 ever-growing open-source movement organizes a national Linux day[20], and
215 the second time that this Italy-wide event is reason enough for the
216 Italian Gentoo users to prepare for some evangelism of their own: For the
217 second year in a row, "Gentoo Day" is going to be held simultaneously in
218 two cities in Italy, Prato and Milano, thanks to those Gentooists active
219 in the Gentoo Channel Italia (Gechi) framework, and the hospitality of two
220 co-organizing local Linux User Groups, MiLUG[21] and PLUG[22]. Gentoo Day
221 encompasses talks by weathered Gentoo presenters, various architectures on
222 display, some paraphernalia for collectors of Gentoo gadgetry, and of
223 course the opportunity to meet other Gentoo users and developers. If you
224 want to join the Gechi in this endeavour in either of the two cities
225 separated by about 300 kilometres, check this Forum thread[23] and the
226 Gechi's own forum[24] (both links in Italian).
227 20. http://www.linux.it/LinuxDay/
228 21. http://www.milug.org/
229 22. http://www.prato.linux.it/
230 23. http://forums.gentoo.org/viewtopic.php?t=242767
231 24. http://www.gechi.it/forums/viewtopic.php?t=12
232
233 UK: Gentoo User Meeting in Cambridge
234 ------------------------------------
235
236 Last Thursday, 4 November 2004, Gentoo users and developers flocked from
237 places such as Poland, Peru, and even as far away as Cambridge, to meet up
238 for a quick drink in "The Eagle" pub, Cambridge, UK. Accompanied by a few
239 members of the Cambridge LUG[25], the turnout was higher than expected, at
240 about 15. Overall an enjoyable evening in anticipation for future Gentoo
241 UK meetings.
242 25. http://www.cambridge-lug.org/
243
244 ======================
245 5. Gentoo in the press
246 ======================
247
248 Notebook Review (5 November 2004)
249 ---------------------------------
250
251 User experiences with a recent LG Electronics notebook model is what the
252 LG X-Note LM50 notebook review[26] is really all about, marking good old
253 Korean Lucky Goldstar's[27] debut on the North-American notebook market. A
254 plain hardware review, if it wasn't for a rather unexpected twist the
255 article takes about halfway down: The author has to cut the list of
256 hardware items he intended to write shorter than planned because he can't
257 access the device info in Windows - with the review not even finished, his
258 new LM50 is already busy installing Gentoo Linux.
259 26. http://www.notebookreview.com/default.aspx?newsID=2079
260 27. http://lg.ca
261
262 ===========
263 6. Bugzilla
264 ===========
265
266 Summary
267 -------
268
269 * Statistics
270 * Closed bug ranking
271 * New bug rankings
272
273 Statistics
274 ----------
275
276 The Gentoo community uses Bugzilla (bugs.gentoo.org[28]) to record and
277 track bugs, notifications, suggestions and other interactions with the
278 development team. Between 31 October 2004 and 07 November 2004, activity
279 on the site has resulted in:
280 28. http://bugs.gentoo.org
281
282 * 743 new bugs during this period
283 * 428 bugs closed or resolved during this period
284 * 26 previously closed bugs were reopened this period
285
286 Of the 7400 currently open bugs: 122 are labeled 'blocker', 251 are
287 labeled 'critical', and 560 are labeled 'major'.
288
289 Closed bug rankings
290 -------------------
291
292 The developers and teams who have closed the most bugs during this period
293 are:
294
295 * ppc64 architecture team[29], with 70 closed bugs[30]
296 * Gentoo's Team for Core System packages[31], with 23 closed bugs[32]
297 * Gentoo Security[33], with 18 closed bugs[34]
298 * Gentoo Linux Gnome Desktop Team[35], with 17 closed bugs[36]
299 * Jeremy Huddleston[37], with 14 closed bugs[38]
300 * Gentoo KDE team[39], with 12 closed bugs[40]
301 * Chris Gianelloni[41], with 11 closed bugs[42]
302 * Gentoo Linux bug wranglers[43], with 11 closed bugs[44]
303 29. ppc64@g.o
304 30.
305 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=ppc64@g.o
306 31. base-system@g.o
307 32.
308 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=base-system@g.o
309 33. security@g.o
310 34.
311 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=security@g.o
312 35. gnome@g.o
313 36.
314 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=gnome@g.o
315 37. eradicator@g.o
316 38.
317 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=eradicator@g.o
318 39. kde@g.o
319 40.
320 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=kde@g.o
321 41. wolf31o2@g.o
322 42.
323 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=wolf31o2@g.o
324 43. bug-wranglers@g.o
325 44.
326 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=bug-wranglers@g.o
327
328 New bug rankings
329 ----------------
330
331 The developers and teams who have been assigned the most new bugs during
332 this period are:
333
334 * AMD64 Porting Team[45], with 30 new bugs[46]
335 * Gentoo's Team for Core System packages[47], with 13 new bugs[48]
336 * SpanKY[49], with 12 new bugs[50]
337 * Gentoo Games[51], with 10 new bugs[52]
338 * Gentoo X-windows packagers[53], with 8 new bugs[54]
339 * Net-Mail Packages[55], with 8 new bugs[56]
340 * Gentoo KDE team[57], with 8 new bugs[58]
341 * media-video herd[59], with 7 new bugs[60]
342 45. amd64@g.o
343 46.
344 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=amd64@g.o
345 47. base-system@g.o
346 48.
347 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=base-system@g.o
348 49. vapier@g.o
349 50.
350 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=vapier@g.o
351 51. games@g.o
352 52.
353 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=games@g.o
354 53. x11@g.o
355 54.
356 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=x11@g.o
357 55. net-mail@g.o
358 56.
359 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=net-mail@g.o
360 57. kde@g.o
361 58.
362 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=kde@g.o
363 59. media-video@g.o
364 60.
365 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=media-video@g.o
366
367 ==================
368 7. Tips and Tricks
369 ==================
370
371 Specifying only needed locales
372 ------------------------------
373
374 The locales a user can choose from are built by the glibc. Usually all
375 available locales starting from aa_DJ (Afar locale for Djibouti) over
376 en_US (English locale for the USA) to zu_ZA.utf8 (Zulu locale for South
377 Africa) will be installed. Unless you're working at the UN and administer
378 a central server for all member states, it is difficult to conceive why
379 you would need a system where all of these locales are installed. This
380 week's tip was written with all those of you in mind who'd like to save 90
381 percent of the space occupied by locales in their system, by limiting the
382 number of installed locales to the bare minimum.
383
384 Ever since sys-libs/glibc-2.3.4.20040619-r2 has been in Portage, a
385 USE-flag called userlocales was provided to make sure only those locales
386 mentioned in /etc/locales.build are to be built and installed. As a
387 side-effect, this also leads to a much faster emerge of glibc, obviously.
388
389 ---------------------------------------------------------------------------
390 | Code Listing 7.1: |
391 |Activate the userlocales USE flag especially for |
392 glibc----------------------------------------------------------------------
393 ---
394 | |
395 |echo "sys-libs/glibc userlocales" >> /etc/portage/package.use |
396 | |
397 ---------------------------------------------------------------------------
398
399 Now specify the locales you want to be able to use:
400
401 ---------------------------------------------------------------------------
402 | Code Listing 7.2: |
403 |nano -w |
404 /etc/locales.build---------------------------------------------------------
405 ----------------
406 | |
407 |The format of the locales is described in the file itself. |
408 |en_US/ISO-8859-1 |
409 |en_US.UTF-8/UTF-8 |
410 |de_DE/ISO-8859-1 |
411 |de_DE@euro/ISO-8859-15 |
412 |de_DE.UTF-8/UTF-8 |
413 | |
414 ---------------------------------------------------------------------------
415
416 For further information about locale-handling make sure you read our
417 Gentoo Linux Localization Guide[61].
418 61. http://www.gentoo.org/doc/en/guide-localization.xml
419
420 Another interesting tool is app-admin/localepurge which can clean out any
421 installed man-page or info-file in languages you don't need on your
422 system. You should read the man-page to localepurge in any case, and
423 configure languages you intend to keep in /etc/locale.nopurge.
424
425 By the way, if you want to prohibit the installation of all man-pages,
426 info-files or documentation, for example when space on your disk is
427 severely limited, you can add noman, nodoc and/or noinfo to FEATURES in
428 your /etc/make.conf.
429
430 ===========================
431 8. Moves, adds, and changes
432 ===========================
433
434 Moves
435 -----
436
437 The following developers recently left the Gentoo team:
438
439 * Yi Qiang - Gnome
440
441 Adds
442 ----
443
444 The following developers recently joined the Gentoo Linux team:
445
446 * Simone Gotti (motaboy) - KDE
447 * Roy Marples (uberlord) - Init scripting
448 * Michael Tindal (urilith) - Apache, Embedded, Hardened
449 * Alin Nastac (mrness) - Net dialup
450
451 Changes
452 -------
453
454 The following developers recently changed roles within the Gentoo Linux
455 project:
456
457 * None this week
458
459 ====================
460 9. Contribute to GWN
461 ====================
462
463 Interested in contributing to the Gentoo Weekly Newsletter? Send us an
464 email[62].
465 62. gwn-feedback@g.o
466
467 ================
468 10. GWN feedback
469 ================
470
471 Please send us your feedback[63] and help make the GWN better.
472 63. gwn-feedback@g.o
473
474 ================================
475 11. GWN subscription information
476 ================================
477
478 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
479 gentoo-gwn-subscribe@g.o.
480
481 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
482 gentoo-gwn-unsubscribe@g.o from the email address you are
483 subscribed under.
484
485 ===================
486 12. Other languages
487 ===================
488
489 The Gentoo Weekly Newsletter is also available in the following languages:
490
491 * Danish[64]
492 * Dutch[65]
493 * English[66]
494 * German[67]
495 * French[68]
496 * Japanese[69]
497 * Italian[70]
498 * Polish[71]
499 * Portuguese (Brazil)[72]
500 * Portuguese (Portugal)[73]
501 * Russian[74]
502 * Spanish[75]
503 * Turkish[76]
504 64. http://www.gentoo.org/news/da/gwn/gwn.xml
505 65. http://www.gentoo.org/news/be/gwn/gwn.xml
506 66. http://www.gentoo.org/news/en/gwn/gwn.xml
507 67. http://www.gentoo.org/news/de/gwn/gwn.xml
508 68. http://www.gentoo.org/news/fr/gwn/gwn.xml
509 69. http://www.gentoo.org/news/ja/gwn/gwn.xml
510 70. http://www.gentoo.org/news/it/gwn/gwn.xml
511 71. http://www.gentoo.org/news/pl/gwn/gwn.xml
512 72. http://www.gentoo.org/news/br/gwn/gwn.xml
513 73. http://www.gentoo.org/news/pt/gwn/gwn.xml
514 74. http://www.gentoo.org/news/ru/gwn/gwn.xml
515 75. http://www.gentoo.org/news/es/gwn/gwn.xml
516 76. http://www.gentoo.org/news/tr/gwn/gwn.xml
517
518 Ulrich Plate <plate@g.o> - Editor
519 Brian Downey <bdowney@×××××××××××.net> - Author
520 Patrick Lauer <patrick@g.o> - Author
521 Emmet Wagle <ewagle@×××××.com> - Author
522 Lars Weiler <pylon@g.o> - Author
523
524
525 --
526 gentoo-gwn@g.o mailing list