Gentoo Archives: gentoo-gwn

From: Kurt Lieber <klieber@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter -- Volume 3, Issue 34
Date: Tue, 24 Aug 2004 09:05:57
for the confusion]

Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of August 23rd, 2004.
1. Gentoo News
Gentoo 2004 UK Meeting
The first Gentoo UK Meeting will be held at Salford University, 
Manchester, on Saturday 4th September 2004. The day's events will be a 
mixture of presentations from invited speakers and break-out sessions 
where you get the chance to discuss the aspects of Gentoo that matter to 
you with the developers who will be attending on the day. 

Confirmed Gentoo Linux developers attending include Stuart Herbert from 
the PHP and web-app teams, Rob Holland from the tenshi project, and 
Ciaranm McCreesh from the Sparc team. 

We're also delighted that Harry Moyes from Manchester Wireless 
( will be speaking at the event. 

Full details can be found here: 

Our thanks to Reuben Finch from Freenode[1] for organizing the event, and 
to Ricky Clarkson and Andrew Young of Salford University for their 
generous help and support. 

Successful 2004.2 Release via BitTorrent Distribution
With only limited publicity for its debut, the latest release of Gentoo 
Linux was the first to try an additional method of distribution besides 
the usual HTTP or FTP downloads: BitTorrent filesharing. Looking at the 
data volume that has been piped through in the two weeks since the 
release, the introduction of such a P2P service for downloading Gentoo 
Linux was immediately very popular with users. The BitTorrent service 
provided by the German NPO Gentoo e.V.[2] reports that already more than 
two terabytes worth of data have been processed by the tracker, with 
roughly one TB for the x86 and Athlon/P4 LiveCD images alone. Unlike other 
filesharing services, the MIT-licensed BitTorrent builds peer networks 
flexibly for each individual file, so that clients desiring information 
about download locations may get different partners for every downloadable 
item, and eventually provide chunks of data they've already got to others 
in the process.

Gentoo Forums receive a hardware upgrade
The Gentoo web forums recently received a much needed hardware upgrade. 
Many users have been commenting on the recent poor performance of the 
forums, which was caused by the site's continued growth and popularity. 
The new hardware, graciously provided by the OSU Open Source Lab[3], is 
nearly twice as powerful as the old system and should hopefully provide 
some breathing room for further growth. The Gentoo Foundation wishes to 
thank the OSU OSL for their continued support of the Gentoo Linux project. 

2. Projects Update
The Release Engineering team has named a new Operations Lead: Chris 
Gianelloni[4] (wolf31o2). The group is starting to get back into the swing 
of things after a well-deserved hiatus following the 2004.2 release. John 
Davis (zhen) has put together and released catalyst-1.0.9, which 
incorporates complete support for cascading profiles and preliminary 
X/GameCD support, which should completed by 2004.3's release. 

 4. wolf31o2@g.o
3. Gentoo Security
rsync: Potential information leakage
rsync fails to properly sanitize paths. This vulnerability could allow the 
listing of arbitrary files and allow file overwriting outside module's 
path on rsync server configurations that allow uploading.
For more information, please see the GLSA Announcement[5]

xine-lib: VCD MRL buffer overflow
xine-lib contains an exploitable buffer overflow in the VCD handling code
For more information, please see the GLSA Announcement[6]

courier-imap: Remote Format String Vulnerability
There is a format string vulnerability in non-standard configurations of 
courier-imapd which may be exploited remotely. An attacker may be able to 
execute arbitrary code as the user running courier-imapd (oftentimes root).
For more information, please see the GLSA Announcement[7]

Qt: Image loader overflows
There are several bugs in Qt's image-handling code which could lead to 
crashes or arbitrary code execution.
For more information, please see the GLSA Announcement[8]

Cacti: SQL injection vulnerability
With special configurations of Cacti it is possible to change passwords 
via a SQL injection attack.
For more information, please see the GLSA Announcement[9]

Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities
New releases of Mozilla, Mozilla Thunderbird, and Mozilla Firefox fix 
several vulnerabilities, including remote DoS and buffer overflows.
For more information, please see the GLSA Announcement[10]

4. Featured Developer of the Week
Christian Andreetta
Figure 4.1: Christian Andreetta
This week, we are featuring Christian Andreetta[11] (satya), one of 
several developers supporting samba[12] under Gentoo. In addition to the 
traditional developer activities of creating and supporting ebuilds, 
Christian focuses on providing support for antivirus integration, 
printing, and authorization tools like kerberos and ldap. He has also 
contributed to a number of other FOSS projects, like the python-based 
skunkweb[13] and postgresql[14]. He is also looking forward to becoming 
active working with the clusters and app-sci herds in Gentoo. When pressed 
for an example of work he was particularly proud of, he confessed to being 
pleased about the resolution to Bug #48871[15], a new Samba ebuild that 
resolved a number of other bugs. 

 11. satya@g.o
Christian completed a Bachelor's degree in Information Engineering, 
specializing in biomedical and control systems. He is currently employed 
as a Technology Officer for the University of Padova in Italy, but hinted 
that he would be interested in working in Applied Research in other 
European countries. Christian began using Unix in the early 90s, with 
Solaris and HP-UX. In 1997, he was looking for a Unix-like operating 
system for his home computers and experimented with Red Hat and Slackware 
before settling on Mandrake. A magazine article in 2002 led hem to Gentoo, 
and he "converted all of [his] systems as soon as possible." He became a 
Gentoo developer by being active on bugzilla as a user, contributing 
patches and ebuilds. When a call went out for samba maintainers, he 
volunteered and was accepted based on his earlier work. 
Christian usually develops using the Scintilla[16] text editor, with the 
amaroK[17] radio streamer running. kgpg[18], kworldclock[19] and 
distcc-gnome[20] are launched automatically when his system starts. He 
works on an Asus L3C laptop that is abundantly supplied with RAM, and uses 
KDE for his desktop environment. When away from his computers, Christian 
practices shiatsu massage. He prefers having people around him, which 
extends to a development philosophy that he describes as preferring "group 
work over lone", adding his pleasure at working with the other members of 
the Samba team. He closed with the observation that Gentoo provides 
"simple tools and is very well documented. Every user is easily a 

5. Heard in the Community
Web Forums
Don't Drink and Sing - Gentoo Song Revisited 
Forum userKen{NoBeeb}[21] aka Kristoffer Ericson from Sweden checked back 
on a thread he created in January, and was pleasantly surprised that 
apparently thousands of people had listened to the Gentoo song he recorded 
(while inebriated, or so he claims), and evidently liked it! So he 
re-mastered his old tune and put a new version up for download, this time 
in almost acceptable sound quality: 

 * Gentoo Song[22] 

Booting from Floppies 
For users with historic hardware, the standard installation method of 
booting from a Gentoo LiveCD can be challenging at times. Many alternative 
procedures including netbooting via PXE, rescue floppies borrowed from 
minimal Linux distributions exist, but for those who actually have a 
CD-ROM drive that's just refusing to boot from the media, the GPL'ed Smart 
Boot Manager may provide an easy solution:
 * Installing from floppy [Solved][23] 
 * Smart Boot Manager Website[24] 

6. Gentoo International
UK: Gentoo Meet-Up Car Sharing Exchange 
Since the venue for the planned UK meet-up in September has been decided, 
users have begun making travel arrangements to get to Manchester. 
Sheffield-based Gentoo developer Tomk[25] has set up a tool on his website 
at that helps tackling the UK Gentoo community's geographic 
challenges. If you plan on coming to Manchester by car, or seek 
opportunities to hitch a ride to take you there, check the UK Meet-Up Car 
Pool[26] page provided by Tom. 

 25. tomk@g.o
7. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([27]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 14 August 2004 and 20 August 2004, activity on 
the site has resulted in: 

 * 689 new bugs during this period 
 * 534 bugs closed or resolved during this period 
 * 26 previously closed bugs were reopened this period 
Of the 6889 currently open bugs: 135 are labeled 'blocker', 194 are 
labeled 'critical', and 554 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period 
 * PPC Porters[28], with 62 closed bugs[29]  
 * Portage Team[30], with 43 closed bugs[31]  
 * Gentoo Gnome Team[32], with 31 closed bugs[33]  
 * Gentoo Games[34], with 28 closed bugs[35]  
 * Gentoo KDE Team[36], with 24 closed bugs[37]  
 28. ppc@g.o
 30. dev-portage@g.o
 32. gnome@g.o
 34. games@g.o
 36. kde@g.o

New Bug Rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[38], with 19 new 
 * Gentoo Sound Team[40], with 14 new bugs[41]  
 * Gentoo Science Related Packages[42], with 11 new bugs[43]  
 * OSX Porters[44], with 11 new bugs[45]  
 * Gentoo Core System Packages Team[46], with 11 new bugs[47]  
 38. kernel@g.o
 40. sound@g.o
 42. sci@g.o
 44. osx@g.o
 46. base-system@g.o

8. Tips and Tricks
Comparing Files
Often people compare the differences between two files using diff. But if 
you needed to do a comparison of similarities between files, comm is the 
command to use. 
| Code Listing 8.1:                                                       |
| comm usage syntax                                                       |
|                                                                         |
|comm [option]  file1  file2                                              |
|                                                                         |
Note: both file1 and file2 need to be sorted before using comm as it does 
a line by line comparison.
comm outputs three columns: lines that are unique to file1, lines that are 
unique to file2, and lines that are common to both files. The options 
'-1', '-2', '-3' will suppress the corresponding columns. 
Running comm -2 file1 file2 with the following files, would output five. 
| Code Listing 8.2:                                                       |
| comm output                                                             |
|                                                                         |
|File1:                                                                   |
|one                                                                      |
|two                                                                      |
|three                                                                    |
|                                                                         |
|File2:                                                                   |
|one                                                                      |
|five                                                                     |
|three                                                                    |
|                                                                         |
9. Moves, Adds, and Changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * None this week 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 48. gwn-feedback@g.o
11. GWN Feedback
Please send us your feedback[49] and help make the GWN better.

 49. gwn-feedback@g.o
12. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
13. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[50] 
 * Dutch[51] 
 * English[52] 
 * German[53] 
 * French[54] 
 * Japanese[55] 
 * Italian[56] 
 * Polish[57] 
 * Portuguese (Brazil)[58] 
 * Portuguese (Portugal)[59] 
 * Russian[60] 
 * Spanish[61] 
 * Turkish[62] 

Yuji Carlos Kosugi <carlos@g.o> - Editor
AJ Armstrong <aja@g.o> - Contributor
Brian Downey <bdowney@×××××××××××.net> - Contributor
Kurt Lieber <klieber@g.o> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Sven Vermeulen <swift@g.o> - Contributor
Simon Holm Thagersen <simon@××××××.net> - Danish Translation
Jesper Brodersen <broeman@g.o> - Danish Translation
Arne Mejlholm <aaby@g.o> - Danish Translation
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
Peter ter Borg <peter@××××××.nl> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
Gerard van den Berg <gerard@××××××.net> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Xavier Neys <neysx@g.o> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Antoine Raillon <cabec2@××××××.net> - French Translation
Sebastien Cevey <seb@×××××.net> - French Translation
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Lukas Domagala <Cyrik@g.o> - German Translation
Tobias Scherbaum <dertobi123@g.o> - German Translation
Daniel Gerholdt <Sputnik1969@g.o> - German Translation
Marc Herren <dj-submerge@g.o> - German Translation
Tobias Matzat <SirSeoman@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
Katuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
Hiroyuki Takeda <hiro@××××××××××××××.jp> - Japanese Translation
Masato Hatakeyama <hatake@×××××××××××.jp> - Japanese Translation
Shigehiro Idani <datam@×××××××.jp> - Japanese Translation
Masayoshi Nakamura <masayang@×××××××××.com> - Japanese Translation
Tomoyuki Sakurai <web-gentoo-doc-jp@××××××××××××.nu> - Japanese Translation
Lukasz Strzygowski <lucass@××××××.pl> - Polish Translation
Karol Goralski <gooroo@××××××.pl> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
João Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) 
Marcelo Gonçalves de Azambuja <mgazambuja@×××××××××.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) 
Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) 
José Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
Sergey Galkin <gals_home@××××.ru> - Russian Translator
Sergey Kuleshov <svyatogor@g.o> - Russian Translator
Alex Spirin <asp13@××××.ru> - Russian Translator
Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
Guillermo Juarez <guillermo.juarez@××××××××××.es> - Spanish Translation
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
Juan Diego Gutiérrez Gallardo <andy@××××××.com> - Spanish Translation
Nicolas Silva <nsilva@××××××.edu> - Spanish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation