Gentoo Archives: gentoo-gwn

From: Yuji Kosugi <carlos@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 27
Date: Mon, 05 Jul 2004 12:56:23
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of July 5th, 2004.
1. Gentoo News
Gentoo announces web redesign contest
The Gentoo Foundation has announced plans to redesign the various web 
sites that are part of the Gentoo community with a new, universal theme. 
Being a community-based distribution, we decided to solicit submissions 
for the new look and feel from our users. 
We are officially opening the Gentoo Foundation Web Redesign Contest[1]. 
This contest gives you, as a Gentoo user, the ability to design the new 
look and feel that will define Gentoo Linux for the imediate future. The 
winning design will be selected by the community via an open voting 
process. For full details, please see our contest guidelines[2]. 

 1. /proj/en/infrastructure/redesign-guidelines.xml
 2. /proj/en/infrastructure/redesign-guidelines.xml
Bootsplash now working on PPC
We're very pleased to announce that bootsplash is now working in PPC. 
Bootsplash[3] is a kernel patch that allows images to be displayed during 
the boot seqeunce in addition to or in lieu of traditional boot messages. 
Thanks to developer Michael Januszewski[4]'s hard work, bootsplash is now 
independent of vesa-framebuffer. The latest ebuild 
(media-gfx/bootsplash-0.6.1-r4) is now ~ppc-masked, and the 
bootsplash_patch works on development-sources (the patch will be included 
in gentoo-development-sources soon). For more information, see the bug 
report[5] and forum discussion[6]. 

 4. spock@g.o
2. Gentoo Security
mit-krb5: Multiple buffer overflows in krb5_aname_to_localname
mit-krb5 contains multiple buffer overflows in the function 
krb5_aname_to_localname(). This could potentially lead to a complete 
remote system compromise. 
For more information, please see the GLSA Announcement[7] 

Pavuk: Remote buffer overflow
Pavuk contains a bug potentially allowing an attacker to run arbitrary 
For more information, please see the GLSA Announcement[8] 

Esearch: Insecure temp file handling
The eupdatedb utility in esearch creates a file in /tmp without first 
checking for symlinks. This makes it possible for any user to create 
arbitrary files. 
For more information, please see the GLSA Announcement[9] 

Linux Kernel: Multiple vulnerabilities
Multiple vulnerabilities have been found in the Linux kernel used by 
GNU/Linux systems. Patched, or updated versions of these kernels have been 
released and details are included in this advisory. 
For more information, please see the GLSA Announcement[10] 

Apache 2: Remote denial of service attack
A bug in Apache may allow a remote attacker to perform a Denial of Service 
attack. With certain configurations this could lead to a heap based buffer 
For more information, please see the GLSA Announcement[11] 

Pure-FTPd: Potential DoS when maximum connections is reached
Pure-FTPd contains a bug potentially allowing a Denial of Service attack 
when the maximum number of connections is reached. 
For more information, please see the GLSA Announcement[12] 

3. Featured Developer of the Week
Joshua Kinard
Figure 3.1: Joshua Kinard
This week, we feature Joshua Kinard[13], who goes by kumba due to a 
fascination with the "Kumba" roller coaster at Busch Gardens, Tampa Bay. 
Joshua serves as the team leader for the MIPS project[14], although he 
describes that role as being just "another part of the MIPS teams ...we 
all work together to keep Gentoo running on what some might consider the 
strange MIPS architecture." Some readers may be more familiar with MIPS as 
a processor architecture that powers the Silicon Graphics workstation. 
Joshua has also contributed some porting work for the Sparc processor, and 
serves as a member of the embedded[15], base-system[16] and toolchain 
herds. Joshua's work for the MIPS project consists of maintaining the 
mips-sources kernel tree ebuilds, porting ebuilds, recruiting developers, 
building the netboot images and contributing to the Cobalt port. He also 
works on the Sparc toolchain, and contributed the crossdev script for 
building cross-compiler environments. 

 13. kumba@g.o
Joshua first heard about Linux six or seven years ago, although at the 
time he confesses he and his friends "thought it was some kind of Windows 
add-on." After learning more, he was intrigued and purchased a boxed 
version of Red Hat 5.2. He also had access to a remote server shell 
account, which gave him the opportunity to become familiar with the Linux 
command line. In late 2001, he acquired a Sun Blade-100 System that he 
intended to install Linux on. Red Hat's Sparc port was defunct, so he was 
shopping for a distro for the new system. He remembered "an obscure 
distribution mentioned in an IRC channel" and installed it. He's been 
using Gentoo ever since. In 2003, his interest in helping Jan Seidel[17] 
implement a MIPS port was noticed, and he was asked to join the team as a 
developer. This was not his first Open Source project - he is also the 
author of Program Killer[18], a Windows application for blocking spyware, 
P2P, IM traffic or other applications, based on administrative settings. 

 17. tuxus@g.o
Given his role as a developer, Joshua's eclectic collection of computers 
should provoke no surprise. In addition to the Sun Blade mentioned 
earlier, he has an SGI Indigo2 , an SGI Indy, a SGI O2 and a Cobalt 
Microserver - all running Linux. Two other SGI boxen and a Sun 
SPARCstation are currently not in use. His collection is rounded out by a 
dual PIII system running Windows 2000. Under Linux, he claims the tools he 
uses are fairly prosaic. He does confess to a fondness for Mozilla 
Mail[19], the StormLab[20] doppler radar information client and the art of 
Greg Martin[21]. 

Joshua recently completed a degree in Computer and Information Sciences at 
the University of Maryland University College. He also worked at a local 
College Computer lab providing user support and system administration. He 
has commenced the usual post-graduation job search, hoping for a job where 
he "can apply [his] computing/Linux knowledge." He is a "bona fide geek", 
with few non-computer related hobbies. This is reflected in his use of 
Middle Earth place names for his servers. He also confesses to the common 
geek fondness for Babylon 5, and quoted the former Centauri Emperor for a 
favorite saying: "The past tempts us, the present confuses us, the future 
frightens us. Our lives slip away, moment by moment, lost in that terrible 
in between." 
4. Heard in the Community
Web Forums
Flavour of the Week: 3D Desktops 
Reading the hardware requirements (2 GHz CPU and 512 RAM minimum) may turn 
off many veteran Linux users, but Sun's new desktop Looking Glass[22] was 
put under the GNU public license last week, reason enough to be cheered on 
by many Gentoo Forum posters. Sailing in the wake of Sun's mother ship, a 
somewhat lighter French 3D solution called Metisse[23], based on a virtual 
X server and a modified FVWM window manager , is being discussed almost as 

 * Looking Glass GPLed[24] 
 * Metisse[25] 
Mailing List Etiquette 
A plea[26] from one mailing list member started a good thread on standard 
mailing list etiquette. A good read if you are new to email lists! 

The Mail Client Thread 
Gentoo offers a wide variety of mail clients for its users. This large 
thread[27] tackled the topic of the eternal question: "Which one is best?" 

Multibooting 2.4 and 2.6 Kernels 
Check out this[28] comprehensive thread for multibooting with 2.4 and 2.6 

5. Gentoo International
USA: Linux World Expo in San Francisco 
Four more weeks to go before the Californian franchise of the Linux World 
Expo[29] opens its gates, at the Moscone Center[30] in downtown San 
Francisco, from 2 to 5 August 2004. Just like last year, Gentoo will be 
present inside the exposition hall, this year at booth number 270 (floor 
plan available as PDF[31]). Besides the exhibition, you will not want to 
miss Greg Kroah-Hartman, udev maintainer and Gentoo developer in his own 
right, battle it out with Andrew Morton, Timothy Widham from OSDL and 
three open source evangelists from Apple in an OSS trivia quiz called the 
"Golden Penguin Bowl". Corey Shields from the Gentoo infrastructure team 
is on the speaker's list, with a presentation on "High Performance Linux 
Storage Management", and he has also set up a Gentoo Community Meeting[32] 
on day two of the show (3 August 2004 from 17:30 to 19:00): a BoF (Birds 
of a Feather) gathering for all Gentoo afficionados, developers and users 
alike, which will also include a GPG keysigning party. Contact Corey[33] 
for details about the procedure. 

 33. cshields@g.o
6. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([34]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 26 June 2004 and 02 July 2004, activity on the 
site has resulted in: 

 * 641 new bugs during this period 
 * 363 bugs closed or resolved during this period 
 * 15 previously closed bugs were reopened this period 
Of the 6706 currently open bugs: 138 are labeled 'blocker', 183 are 
labeled 'critical', and 515 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[35], with 22 closed bugs[36]  
 * PPC64 Architecture Team[37], with 20 closed bugs[38]  
 * Gentoo Games[39], with 16 closed bugs[40]  
 * Net-Mail Packages[41], with 15 closed bugs[42]  
 35. amd64@g.o
 37. ppc64@g.o
 39. games@g.o
 41. net-mail@g.o

New Bug Rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * AMD64 Porting Team[43], with 22 new bugs[44]  
 * Java Team[45], with 18 new bugs[46]  
 * Mozilla Gentoo Team[47], with 12 new bugs[48]  
 * Gentoo Linux Gnome Desktop Team[49], with 12 new bugs[50]  
 * Core System Packages Team[51], with 12 new bugs[52]  
 43. amd64@g.o
 45. java@g.o
 47. mozilla@g.o
 49. gnome@g.o
 51. base-system@g.o
7. Tips and Tricks
Tips and Tricks is on hiatus this week. 
8. Moves, Adds, and Changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * Eldad Zack (eldad) - netmon 
 * Matt Jarjoura (eklipse) - PPC 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 53. gwn-feedback@g.o
10. GWN Feedback
Please send us your feedback[54] and help make the GWN better.

 54. gwn-feedback@g.o
11. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[55] 
 * Dutch[56] 
 * English[57] 
 * German[58] 
 * French[59] 
 * Japanese[60] 
 * Italian[61] 
 * Polish[62] 
 * Portuguese (Brazil)[63] 
 * Portuguese (Portugal)[64] 
 * Russian[65] 
 * Spanish[66] 
 * Turkish[67] 

Yuji Carlos Kosugi <carlos@g.o> - Editor
AJ Armstrong <aja@g.o> - Contributor
Brian Downey <bdowney@×××××××××××.net> - Contributor
Kurt Lieber <klieber@g.o> - Contributor
David Narayan <david@×××××××.net> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Sven Vermeulen <swift@g.o> - Contributor
Simon Holm Thagersen <simon@××××××.net> - Danish Translation
Jesper Brodersen <broeman@g.o> - Danish Translation
Arne Mejlholm <aaby@g.o> - Danish Translation
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
Peter ter Borg <peter@××××××.nl> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
Gerard van den Berg <gerard@××××××.net> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Xavier Neys <neysx@g.o> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Antoine Raillon <cabec2@××××××.net> - French Translation
Sebastien Cevey <seb@×××××.net> - French Translation
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Lukas Domagala <Cyrik@g.o> - German Translation
Tobias Scherbaum <dertobi123@g.o> - German Translation
Daniel Gerholdt <Sputnik1969@g.o> - German Translation
Marc Herren <dj-submerge@g.o> - German Translation
Tobias Matzat <SirSeoman@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
Katuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
Hiroyuki Takeda <hiro@××××××××××××××.jp> - Japanese Translation
Masato Hatakeyama <hatake@×××××××××××.jp> - Japanese Translation
Masayoshi Nakamura <masayang@×××××××××.com> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Tomoyuki Sakurai <web-gentoo-doc-jp@××××××××××××.nu> - Japanese Translation
Lukasz Strzygowski <lucass@××××××.pl> - Polish Translation
Karol Goralski <gooroo@××××××.pl> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
Jo??o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) 
Marcelo Gon??alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) 
Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) 
Jos?? Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
Sergey Galkin <gals_home@××××.ru> - Russian Translator
Sergey Kuleshov <svyatogor@g.o> - Russian Translator
Alex Spirin <asp13@××××.ru> - Russian Translator
Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
Lanark <lanark@××××××××××.ar> - Spanish Translation
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
Jes??s Garc??a Crespo <correo@××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio G??mez <s3r@××××××××××××.ar> - Spanish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation