Gentoo Archives: gentoo-gwn

From: Kurt Lieber <klieber@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter -- Volume 2, Issue 18
Date: Mon, 05 May 2003 01:02:18
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of May 5th, 2003.
1. Gentoo News
 * Feature list for next release of Gentoo Linux 1.4 
 * Rsync etiquette guidelines 
 * New mailing lists available 
 * Policy discussion regarding accessing users' boxes 
Feature list for next release of Gentoo Linux 1.4
Daniel Robbins recently posted a list of features that will be completed 
before the next release of Gentoo LInux 1.4. Features include: 
 * baselayout being migrated away from any dependencies on tmpfs 
 * A CFLAGS guide incorporated into install docs, including reasonable 
   examples for typical use cases, such as servers, desktops, etc.  
 * An optional script that users could run to automatically set CFLAGS and 
   CHOST based on CPU. (for at least x86 and ppc) 
 * Creation and testing of various packages for the Gentoo Reference 
 * A new kernel script, tentatively called "genkernel", that will assist 
   users with creating their own kernels 
Rsync etiquette guidelines
The continued growth of Gentoo Linux has placed more and more demands on 
our mirror system. Both source mirrors as well as rsync mirrors continue 
to show dramatic increases in usage. As we continue to grow, the 
importance of using our mirroring system responsibly becomes more 
critical. As such, here are some rsync etiquette guidelines to keep in 
mind as you emerge sync: 
 * Sync 1-2 times per day, maximum. There's being on the bleeding edge, 
   and there is being just plain silly. Analysis of rsync logs show that a few
   discourteous users syncing 10, 15 or even 25 times per day are using a
   disproportionate amount of rsync mirror resources. Rsync mirror maintainers
   have been encouraged to use iptables rules to limit people who are abusing
   the system. 
 * Use the rotations, not individual servers Please do not single out 
   specific rsync mirrors and hard-code them in your configuration files.
   Doing so places undue stress on particular mirrors. By using country- or
   continent-specific rotations, you are able to select servers that are
   geographically close to you, yet still distribute the load over a number of
 * Report bad mirrors on[1] If you notice a server in the 
   rotation that is not responding or is showing signs of other problems,
   please report it on immediately. Many users simply assume
   that someone else will file the bug report, which results in nobody ever
   finding a bug report until a Gentoo developer happens to notice the
   problem. By filing bug reports sooner, we can catch and remove problematic
   mirrors from our rotation much faster.  1.
Remember that all of our rsync mirrors rely entirely upon donated 
resources. Thus, being respectful of these donated resources is not only a 
common courtesy, but essential if we are to support the continued growth 
of Gentoo Linux. 
New mailing lists available
Over the past few weeks, a number of new Gentoo Linux mailing lists have 
been created for our users. Among them include:
 * gentoo-performance -- highly technical discussions regarding resolving 
   performance issues in Gentoo 
 * gentoo-mips -- Discussions about running Gentoo on the MIPS 
Policy discussion regarding accessing users' boxes
Recently, the Gentoo Linux development team discussed whether or not it was
acceptable to remotely access users' boxes (with the consent of the user) to
assist with debugging and troubleshooting a specific problem.  Some developers
voiced concerns about unwarranted finger pointing that might arise if
something went wrong during the process. Others raised concerns about setting
unreasonable expectations among the Gentoo Linux user base. After a lengthy
discussion, the majority of developers seemed to agree that, while accessing
users' boxes should not be a regular occurance, it may be acceptable in
certain circumstances, such as trying to track down a particularly troublesome
2. Gentoo Security
 * GLSA: openssh 
 * GLSA: monkeyd 
 * GLSA: pptpd 
 * GLSA: mgetty 
 * GLSA: balsa 
 * New Security Bug Reports 
GLSA: openssh
OpenSSH has a vulnerability which permits a timing attack that can reveal 
the identities of valid users on the target system. This information 
greatly enhances the system's vulnerability to brute-force attacks and 
weak passwords. 
 * Severity: Critical - Security information compromise. 
 * Packages Affected: net-misc/openssh versions prior to openssh-3.6.1_p2 
 * Rectification: Synchronize and emerge openssh, emerge clean. 
 * GLSA Announcement[2] 
 * Advisory[3] 
GLSA: monkeyd
The monkeyd web server contains a buffer overflow vulnerability in its 
handling of POST requests. This could theoretically be used to implement a 
DoS attack, or to execute arbitrary code under the privileges of the 
monkey server. 
 * Severity: High - Remote code execution. 
 * Packages Affected: net-www/monkeyd versions prior to monkeyd-0.6.3 
 * Rectification: Synchronize and emerge monkeyd, emerge clean. 
 * GLSA Announcement[4] 
 * Advisory[5] 
GLSA: pptpd
The PPTP daemon contains a buffer overflow in its handling of PPTP packet 
headers. This could be used to remotely load executable code into the 
server's stack. 
 * Severity: High - Remote code execution. 
 * Packages Affected: net-dialup/pptpd versions prior to 
 * Rectification: Synchronize and emerge pptpd, emerge clean. 
 * GLSA Announcement[6] 
 * Advisory[7] 
GLSA: mgetty
The fax spool in mgetty is world-writable, which permits unprivileged 
users to modify transmission privileges. In addition, there is a buffer 
overflow vulnerability in mgetty that could be used for a DoS attack or to 
execute arbitrary code. 
 * Severity: High - Remote code execution, privilege escalation. 
 * Packages Affected: net-dialup/mgetty versions prior to mgetty-1.1.30 
 * Rectification: Synchronize and emerge mgetty, emerge clean. 
 * GLSA Announcement[8] 

GLSA: balsa
The balsa email client shares a buffer overflow vulnerability with mutt. 
This vulnerability could be used to remotely crash balsa or to execute 
arbitrary code with the user's privileges. 
 * Severity: High - Remote code execution. 
 * Packages Affected: net-mail/balsa versions prior to balsa-2.0.10 
 * Rectification: Synchronize and emerge balsa, emerge clean. 
 * GLSA Announcement[9] 
 * Advisory[10] 
New Security Bug Reports
The following new security bugs were posted this week: 
 * net-mail/qpopper[11] 

3. Featured Developer of the Week
Alastair Tse
This week we feature Alastair Tse[12], who is involved with the Gentoo 
GNOME team, Python modules and programs and general bug fixing. A Python 
fanatic and KDE-basher/GNOME-user, Alastair takes care of various 
Gtk/GNOME packages, especially troublesome ones like Evolution, and 
unofficially looks after dev-python. He has also recently released 
etcat[13], a tool that allows power users to get more information from 
Portage more quickly, and which is now part of the gentoolkit. Like Larry 
the Cow, Alastair began using Gentoo after being frustrated by the other 
distros, fell in love with the ability to tweak the way packages were 
built (until then he had been maintaining his own .spec files), started 
contributing patches and ebuilds and eventually got noticed and invited to 
join the team. 

Alastair's favorite apps include Epiphany, Xchat2, Gaim, Straw, Evolution, 
Gnome-Terminal, feh, zsh, and python-bash, and he runs them on a slim Sony 
Vaio N505-VE (Celeron 333Mhz, 128MB RAM; to those of you who are surprised 
that Alastair runs those apps on such a machine, he says it's because he's 
a very patient person). Alastair, now 23, grew up between Melbourne, 
Australia, and Hong Kong, moved to Sydney, Australia to study after an 
incident involving a banana and some pajamas, and got a Computer 
Engineering degree there at the University of New South Wales[14]. After 
working there for a year as a sysadmin, he left the beaches and kangaroos 
of Australia for mad cow England, where he is studying for a PhD at the 
University of Cambridge's Laboratory of Communication Engineering[15]. 
Along with the exotic animals he left in Australia his hobbies, which 
included watching and playing basketball and soccer, watching F1 races, 
driving, and playing Nintendo GameCube. He also has a personal website at 

4. Heard In The Community
Web Forums
GCC 3.3
Highly acclaimed, much anticipated, finally here: GCC 3.3 has been 
available as an ebuild since Thursday, and folks in the forums are giving 
it a try:
 * GCC 3.3[16] 
News from the Zetagrid GLUE Team
"We are Michael Imhof, resistance is futile" is the powerful mantra of 
Gentoo Linux Users Everywhere (GLUE) participating in the Zetagrid 
competition, the famous grid computing hunt for proof or rejection of 
Riemann's Hypothesis. If you want to participate, make sure you use 
Tantive's user ID and mail address - only individual users can win the 
10,000 USD prize, and dozens of Gentoo workstations all over the planet 
are using Tantive's ID to advance even higher than the current 4th rank. 
If Michael Imhof wins, all the money goes to Gentoo.
 * Zetagrid GLUE-team --> We are in the TOP 5 (5 Apr 2003)[17] 
 * Zetagrid GLUE Team FAQ[18] 
 * Zetagrid Homepage[19] 
 * Riemann Hypothesis[20] 

X responsiveness
Does the jerkiness of X under a heavy load got you down? Apparently it was 
for a number of Gentoo'ers in the -user community. Checkout this 
thread[21] to readup on the methods used to speedup a sometimes sluggish 
X. As usual, there's a plethora of system enhancing solutions to choose 
from, some applicable, some not. In short make sure your harddrive 
settings are properly tweaked[22] and if you're not using the caffeinated 
-ck sources, to run your X server with higher priority[23]. 


5. Gentoo International
Regional German Gentoo User Meeting in Bonn
After many weeks of indecision about the agenda and - even more 
importantly - the ultimate choice of a venue, the Greater Cologne/Bonn 
Area Gentooists have decided on what will just have to be the perfect spot 
for their initial get-together: On Wednesday, 14 May 2003, from 18:00 with 
undoubtedly open end, everybody who's anybody in West-German Gentooism 
will be at Hellers Brauhaus[24], located on Roonstrasse in Bonn. As for 
many other regional Gentoo user meetings, this one has a coordination 
thread[25] in the Forums, for you to announce your participation. 

Gentoo Weekly Newsletter now available in Russian, as well
For our growing Russian community of Gentoo Linux users, we are pleased to 
announce that you can now enjoy the Gentoo Weekly Newsletter in Russian 
each week
6. Portage Watch

Portage Watch is on hiatus this week and will return next week   

7. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([26]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. In the last 7 days, activity on the site has resulted 

 * 265 new bugs this week 
 * 360 bugs closed or resolved this week 
 * 6 previously closed bugs were reopened this week. 
 * 2522 total bugs currently marked 'new' 
 * 386 total bugs currently assigned to developers 
There are currently 2964 bugs open in bugzilla. Of these: 48 are labeled 
'blocker', 107 are labeled 'critical', and 237 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs this week are: 
 * Nicholas Jones[27], with 33 closed bugs[28] 
 * The KDE Team[29], with 22 closed bugs[30] 
 * Martin Schlemmer[31], with 20 closed bugs[32] 
 * Martin Holzer[33], with 15 closed bugs[34] 
 * The X86 Kernel Team[35], with 14 closed bugs[36] 
 27. carpaski@g.o
 29. kde@g.o
 31. azarah@g.o
 33. mholzer@g.o
 35. x86-kernel@g.o
New Bug Rankings
The developers and teams who have been assigned the most new bugs this 
week are: 
 * Martin Schlemmer[37], with 14 new bugs[38] 
 * The Games Team[39], with 13 new bugs[40] 
 * Nicholas Jones[41], with 13 new bugs[42] 
 * The X-Free Team[43], with 12 new bugs[44] 
 * Martin Holzer[45], with 11 new bugs[46] 
 37. azarah@g.o
 39. games@g.o
 41. carpaski@g.o
 43. xfree@g.o
 45. mholzer@g.o

8. Tips and Tricks
Adding Users with Superadduser
Adding users to a system can be tedious. It involves creating an account, 
setting a password, and creating a home directory. This week's tip shows 
how to make adding users easier with the use of superadduser. 
| Code Listing 8.1:                                                       |
| Install superadduser from Portage                                       |
|                                                                         |
|#  emerge app-admin/superadduser                                         |
|                                                                         |
Using superadduser is very easy. Just run the command and follow the 
| Code Listing 8.2:                                                       |
| Using superadduser                                                      |
|                                                                         |
|Replace the examples with your own information                           |
|# superadduser                                                           |
|                                                                         |
|Login name for new user []: johndoe                                      |
|                                                                         |
|User id for johndoe [ defaults to next available]:                       |
|                                                                         |
|Initial group for johndoe [users]:                                       |
|                                                                         |
|Additional groups for johndoe (seperated                                 |
|with commas, no spaces) []:                                              |
|                                                                         |
|johndoe's home directory [/home/johndoe]:                                |
|                                                                         |
|johndoe's shell [/bin/bash]:                                             |
|                                                                         |
|johndoe's account expiry date (YYYY-MM-DD) []:                           |
|                                                                         |
|OK, I'm about to make a new account. Here's what you entered so far:     |
|                                                                         |
|New login name: johndoe                                                  |
|New UID: [Next available]                                                |
|Initial group: users                                                     |
|Additional groups:                                                       |
|Home directory: /home/johndoe                                            |
|Shell: /bin/bash                                                         |
|Expiry date: [no expiration]                                             |
|                                                                         |
|This is it... if you want to bail out, hit Control-C.  Otherwise, press  |
|ENTER to go ahead and make the account.                                  |
|                                                                         |
|ENTER                                                                    |
|                                                                         |
|Making new account...                                                    |
|                                                                         |
|Changing the user information for johndoe                                |
|Enter the new value, or press ENTER for the default                      |
|        Full Name []: John Doe                                           |
|        Room Number []:                                                  |
|        Work Phone []:                                                   |
|        Home Phone []:                                                   |
|        Other []:                                                        |
|                                                                         |
|New UNIX password: user_password                                         |
|Retype new UNIX password: user_password                                  |
|Done...                                                                  |
|                                                                         |
9. Moves, Adds and Changes
The following developers recently left the Gentoo team: 
 * Seth Chandler (sethbc) 
 * Michael Fitzpatrick (leahcim) 
The following developers recently joined the Gentoo Linux team:
 * none this week 
The following developers recently changed roles within the Gentoo Linux 
 * none this week 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 47. gwn-feedback@g.o
11. GWN Feedback
Please send us your feedback[48] and help make GWN better.

 48. gwn-feedback@g.o
12. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
13. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch[49] 
 * English[50] 
 * German[51] 
 * French[52] 
 * Japanese[53] 
 * Italian[54] 
 * Portuguese (Brazil)[55] 
 * Portuguese (Portugal)[56] 
 * Russian[57] 
 * Spanish[58] 
 * Turkish[59] 
Kurt Lieber <klieber@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brice Burgess <nesta@×××××××.net> - Contributor
Yuji Carlos Kosugi <carlos@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Peter Sharp <mail@××××××××××××××.net> - Contributor
Kim Tingkaer <kim@×××××××.dk> - Contributor
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation
Tom Van Laerhoven <tom.vanlaerhoven@××××××.be> - Dutch Translation
Peter Dijkstra <phj.dijkstra@××××.nl> - Dutch Translation
Bernard Bernieke <bernieke@××××××××.com> - Dutch Translation
Vincent Verleye <zu@×××××××.be> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Ben De Groot <yngwin@××××××.nl> - Dutch Translation
Jelmer Jaarsma <j.jaarsma@××××××××××××××××××.nl> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Michael Kohl <citizen428@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Klaus-J. Wolf <yanestra@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Christian Apolloni <bsolar@×××××××.ch> - Italian Translation
Daniel Ketel <kage-chan@g.o> - Japanese Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Andy Hunne <andy@×××××××××.com> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Takashi Ota <088@××××××××××.jp> - Japanese Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <gustavo@××××××××××.net> - Portuguese (Portugal) 
Ricardo Jorge Louro <rjlouro@×××××××.org> - Portuguese (Portugal) 
Ricardo Nogueira <R.Nogueira@××××××××××××××××.au> - Portuguese (Brazil) 
Sergey Kuleshov <infapx@××××××.ru> - Russian Translation
Dmitry Suzdalev <dimsuz@××××.ru> - Russian Translation
Lanark <lanark@××××××××××.ar> - Spanish Translation
Rafael Cordones Marcos <rcm@×××××××.net> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio Gómez <s3r@××××××××××××.ar> - Spanish Translation
Pablo Pita Leira <pablo.leira@×××××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Tirant <tirant@×××××.net> - Spanish Translation
Jaime Freire <jfreire@××.com> - Spanish Translation
Lucas Sallovitz <krusty_ar@×××××.com> - Spanish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@×××××××.com> - Turkish Translation
Bugra Cakir <19913500@××××××××××××××××.tr> - Turkish Translation