Gentoo Archives: gentoo-gwn

From: Yuji Kosugi <carlos@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 28
Date: Tue, 13 Jul 2004 14:01:32
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of July 12th, 2004.
1. Gentoo News
Portage update.
Portage 2.0.51 continues to be in internal testing. Now in version 
2.0.51_pre13 and masked, it's nearing readiness for ~arch. We'd like to 
cover some changes to Portage that users will notice if they pick up the 
currently masked 2.0.51_pre13, or a later ~arch masked or stable version. 
First of all, due to changes in the Portage cache, users will notice 
corruption messages when performing rsync updates, which will go away when 
the cache is altered in a few weeks. At this point however, versions of 
Portage prior to 2.0.50-r7 will start having problems because they won't 
be able to handle the new cache. As always, users are recommended to read 
the messages from emerge rsync and update Portage whenever a new stable 
version is available. 
Also, in the new version /var/cache/edb/virtuals is going to become 
obsolete: Portage will calculate the virtuals based on packages installed 
in the database. Once users upgrade to 2.0.51 the file will be obsolete 
and there will be no need to save it. Also, /var/cache/edb/world will be 
moving to the FHS-compliant state directory, /var/lib/portage. 
For more information, read Nicholas Jones[1]'s announcement[2] on 

 1. carpaski@g.o
2. Gentoo Security
XFree86, XDM ignores requestPort setting
XDM will open TCP sockets for its chooser, even if the 
DisplayManager.requestPort setting is set to 0. This may allow authorized 
users to access a machine remotely via X, even if the administrator has 
configured XDM to refuse such connections. 
For more information, please see the GLSA Announcement[3] 

libpng: Buffer overflow on row buffers
libpng contains a buffer overflow vulnerability potentially allowing an 
attacker to perform a Denial of Service attack or even execute arbitrary 
For more information, please see the GLSA Announcement[4] 

Shorewall : Insecure temp file handling
Shorewall contains a bug in the code handling the creation of temporary 
files and directories. This can allow a non-root user to overwrite 
arbitrary system files. 
For more information, please see the GLSA Announcement[5] 

Ethereal: Multiple security problems
Multiple vulnerabilities including one buffer overflow exist in Ethereal, 
which may allow an attacker to run arbitrary code or crash the program. 
For more information, please see the GLSA Announcement[6] 

MoinMoin: Group ACL bypass
MoinMoin contains a bug allowing a user to bypass group ACLs (Access 
Control Lists). 
For more information, please see the GLSA Announcement[7] 

3. Featured Developer of the Week
Featured Developer is on hiatus this week. 
4. Heard in the Community
Web Forums
New nvidia Drivers With Support for 2.6 Kernel 
Both the Kernel & Hardware and the Gamers & Players forums have threads 
about the new nvidia drivers that have been issued little over a week ago. 
The 4k stacksize problem with 2.6 kernels appears to have been solved, and 
the new drivers feature a configuration utility people seem to be quite 
pleased with: 
 * New nVIDIA driver Version: 1.0-6106[8](Kernel & Hardware) 
 * nVidia Drivers 6106[9](Gamers & Players) 

Useful Install Tips
Not to be left behind the forums, the some folks started their own Useful 
Install Tips[10] thread on gentoo-user this week. 

Migrating to 2.6
Still haven't made the switch? The  Changing to 2.6[11] thread may be a 
good place to start! 

5. Gentoo International
Gentoo International is on hiatus this week. 
6. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([12]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 03 July 2004 and 09 July 2004, activity on the 
site has resulted in: 

 * 576 new bugs during this period 
 * 356 bugs closed or resolved during this period 
 * 26 previously closed bugs were reopened this period 
Of the 6736 currently open bugs: 138 are labeled 'blocker', 179 are 
labeled 'critical', and 528 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[13], with 44 closed bugs[14]  
 * Desktop Miscellaneous Team[15], with 17 closed bugs[16]  
 * Jeremy Huddleston[17], with 13 closed bugs[18]  
 * Netmon Herd[19], with 12 closed bugs[20]  
 * Net-Mail Packages[21], with 12 closed bugs[22]  
 * Gentoo KDE team[23], with 12 closed bugs[24]  
 13. amd64@g.o
 15. desktop-misc@g.o
 17. eradicator@g.o
 19. netmon@g.o
 21. net-mail@g.o
 23. kde@g.o

New Bug Rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Gentoo Linux Gnome Desktop Team[25], with 21 new bugs[26]  
 * Media-Video Herd[27], with 13 new bugs[28]  
 * AMD64 Porting Team[29], with 12 new bugs[30]  
 * Mozilla Gentoo Team[31], with 11 new bugs[32]  
 * Gentoo X-windows Packagers[33], with 10 new bugs[34]  
 * Gentoo's Team for Core System Packages[35], with 10 new bugs[36]  
 25. gnome@g.o
 27. media-video@g.o
 29. amd64@g.o
 31. mozilla@g.o
 33. xfree@g.o
 35. base-system@g.o

7. Tips and Tricks
Using 'make' for backups
Thanks to Lars Weiler[37] for providing this week's tip.

 37. pylon@g.o
Usualy make from sys-devel/make is known as a tool for compiling 
applications. But it could also be used to provide often used commands so 
that they can be accessed easily.
Quite everybody wants to do backups. This could be done by packing them 
with tar. For instance, we want to pack the ~/Mail folder and name the 
file with a date:
| Code Listing 7.1:                                                       |
| tar ~/Mail with date included                                           |
|                                                                         |
|$ tar cvjf ~/Backups/Mail-`date +%F`.tar.bz2 ~/Mail                      |
|                                                                         |
After that we copy that file (and possibly more) to another computer by 
using rsync and delete all the files in ~/Backups afterwards:
| Code Listing 7.2:                                                       |
| Copy backup-file to another computer with rsync                         |
|                                                                         |
|$ rsync -avute ssh ~/Backups/ user@othermachine:~/Backups/               |
|% rm ~/Backups/*                                                         |
|                                                                         |
And now comes the clue with make. After a week you already forgot the 
commands. Why not store them in a Makefile located in the home-directory, 
so that you only have to call make backup?
Inside the Makefile (beware of the uppercased 'M') we provide two targets 
for the commands, so that we can call them separately, e.g. if you only 
want to copy the files. The first target backup will only call the other 
targets in the given order:
| Code Listing 7.3:                                                       |
| Sample Makefile for backups                                             |
|                                                                         |
|backup: compress \                                                       |
|	copy                                                                  |
|                                                                         |
|compress:                                                                |
|	tar cvjf ~/Backups/Mail-`date +%F`.tar.bz2 ~/Mail                     |
|                                                                         |
|copy:                                                                    |
|	rsync -avute ssh ~/Backups/ user@othermachine:~/Backups/              |
|	rm ~/Backups/*                                                        |
|                                                                         |
Now we can call make backup in the home directory and the ~/Mail-folder 
will be compressed and copied to the other computer. The 
restore-command-set will be your homework ;-)
Of course, there is a wide use for batched processes with Makefiles. Think 
about all the things you ever wanted to have scripted with easy usability. 
You can find more instructions in the info make pages.
8. Moves, Adds, and Changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * None this week 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 38. gwn-feedback@g.o
10. GWN Feedback
Please send us your feedback[39] and help make the GWN better.

 39. gwn-feedback@g.o
11. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[40] 
 * Dutch[41] 
 * English[42] 
 * German[43] 
 * French[44] 
 * Japanese[45] 
 * Italian[46] 
 * Polish[47] 
 * Portuguese (Brazil)[48] 
 * Portuguese (Portugal)[49] 
 * Russian[50] 
 * Spanish[51] 
 * Turkish[52] 

Yuji Carlos Kosugi <carlos@g.o> - Editor
AJ Armstrong <aja@g.o> - Contributor
Brian Downey <bdowney@×××××××××××.net> - Contributor
Kurt Lieber <klieber@g.o> - Contributor
David Narayan <david@×××××××.net> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Sven Vermeulen <swift@g.o> - Contributor
Simon Holm Thagersen <simon@××××××.net> - Danish Translation
Jesper Brodersen <broeman@g.o> - Danish Translation
Arne Mejlholm <aaby@g.o> - Danish Translation
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
Peter ter Borg <peter@××××××.nl> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
Gerard van den Berg <gerard@××××××.net> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Xavier Neys <neysx@g.o> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Antoine Raillon <cabec2@××××××.net> - French Translation
Sebastien Cevey <seb@×××××.net> - French Translation
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Lukas Domagala <Cyrik@g.o> - German Translation
Tobias Scherbaum <dertobi123@g.o> - German Translation
Daniel Gerholdt <Sputnik1969@g.o> - German Translation
Marc Herren <dj-submerge@g.o> - German Translation
Tobias Matzat <SirSeoman@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
Katuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
Hiroyuki Takeda <hiro@××××××××××××××.jp> - Japanese Translation
Masato Hatakeyama <hatake@×××××××××××.jp> - Japanese Translation
Shigehiro Idani <datam@×××××××.jp> - Japanese Translation
Masayoshi Nakamura <masayang@×××××××××.com> - Japanese Translation
Tomoyuki Sakurai <web-gentoo-doc-jp@××××××××××××.nu> - Japanese Translation
Lukasz Strzygowski <lucass@××××××.pl> - Polish Translation
Karol Goralski <gooroo@××××××.pl> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
Jo??o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) 
Marcelo Gon??alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) 
Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) 
Jos?? Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
Sergey Galkin <gals_home@××××.ru> - Russian Translator
Sergey Kuleshov <svyatogor@g.o> - Russian Translator
Alex Spirin <asp13@××××.ru> - Russian Translator
Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
Guillermo Juarez <guillermo.juarez@××××××××××.es> - Spanish Translation
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
Juan Diego Guti??rrez Gallardo <andy@××××××.com> - Spanish Translation
Nicolas Silva <nsilva@××××××.edu> - Spanish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation