Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@××××××××××××.org
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 20 December 2004
Date: Mon, 20 Dec 2004 00:00:44
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 20 December 2004.
1. Gentoo News
Gentoo UK conference call for speakers
Stuart Herbert[1] has renewed his call for papers to be presented at next 
year's  Gentoo conference for developers and users in the UK[2]. The topic 
for the conference to be held on Saturday 12 March 2005 at the University 
of Salford will be "Success with Gentoo". Please submit proposals to his 
contact address before 31 December 2004.
 1. stuart@g.o
New Catalyst mailing list
Everything you always wanted to know about catalyst, the Gentoo release 
engineering's meta-tool[3] for creating LiveCDs, Gentoo Reference Platform 
(GRP) packages and the installation stages 1 to 3, can now be discussed on 
a mailing list of its own. Joining the new list will be particularly 
useful for all those who wish to create their own customized versions of 
Gentoo Linux. gentoo-catalyst@g.o has been spun off the main 
release engineering mailing list where these matters were usually 
discussed before. Subscription help and other information can be found on 
the mailing list page[4].
GWN needs additional translators
The newsletter is currently translated into Japanese, German, Italian, 
Polish, Dutch and Turkish. Since our last call for help quite a number of 
volunteers have been found to give new life to some of the other formerly 
translated versions of the GWN, namely Spanish, Russian and French, and 
even an entirely new one: Romanian! If you would like to join the new 
teams that are in the process of being created, please contact 
gwn-feedback@g.o. The team leaders would like to emphasize that 
it's not just a question of "the more, the merrier" - translating is hard 
work, and if you're unable to split it among a group of people, it's 
almost impossible to sustain for a longer period of time.
2. Future zone
Pre-Christmas vacation
Future zone takes a short rest before coming back with more stories from 
bleeding edge development, fascinating technology insights and lesser 
known projects that deserve more attention. If you would like to see 
something you work on covered in this section, please send a short 
description to  our feedback address[5], and we'll get right back to you.
 5. gwn-feedback@g.o
3. Gentoo security
file: Arbitrary code execution
The code for parsing ELF headers in file contains a flaw which may allow 
an attacker to execute arbitrary code. 
For more information, please see the GLSA Announcement[6] 
nfs-utils: Multiple remote vulnerabilities
Multiple vulnerabilities have been discovered in nfs-utils that could lead 
to a Denial of Service, or the execution of arbitrary code. 
For more information, please see the GLSA Announcement[7] 
ncpfs: Buffer overflow in ncplogin and ncpmap
ncpfs is vulnerable to a buffer overflow that could lead to local 
execution of arbitrary code with elevated privileges. 
For more information, please see the GLSA Announcement[8] 
Vim, gVim: Vulnerable options in modelines
Several vulnerabilities related to the use of options in modelines have 
been found and fixed in Vim. They could potentially result in a local user 
escalating privileges. 
For more information, please see the GLSA Announcement[9] 
Cscope: Insecure creation of temporary files
Cscope is vulnerable to symlink attacks, potentially allowing a local user 
to overwrite arbitrary files. 
For more information, please see the GLSA Announcement[10] 
Adobe Acrobat Reader: Buffer overflow vulnerability
Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to 
remote execution of arbitrary code. 
For more information, please see the GLSA Announcement[11] 
Samba: Integer overflow
Samba contains a bug that could lead to remote execution of arbitrary 
For more information, please see the GLSA Announcement[12] 
PHP: Multiple vulnerabilities
Several vulnerabilities were found and fixed in PHP, ranging from an 
information leak and a safe_mode restriction bypass to a potential remote 
execution of arbitrary code. 
For more information, please see the GLSA Announcement[13] 
Ethereal: Multiple vulnerabilities
Multiple vulnerabilities exist in Ethereal, which may allow an attacker to 
run arbitrary code, crash the program or perform DoS by CPU and disk 
For more information, please see the GLSA Announcement[14] 
kdelibs, kdebase: Multiple vulnerabilities
kdelibs and kdebase contain a flaw allowing password disclosure when 
creating a link to a remote file. Furthermore Konqueror is vulnerable to 
window injection. 
For more information, please see the GLSA Announcement[15] 
4. Heard in the community
Web forums
At the strike of the falling log it's - 0 postcounts
Bit of a nasty surprise for some of the regulars frequenting the notorious 
"Off the Wall" section at the Gentoo Forums last week: In a coup that is 
aimed at restoring some of the credibility to the poster rankings 
displayed below each user ID at the forums, nothing posted in the openly 
off-topic OTW forum is counted towards the user ranking any longer, and 
previous posts have been subtracted as well. The measure implemented by 
the forum administrators has yielded some painful results for numerous 
posters who had collected hundreds or even thousands of posts over their 
subscription period, but ended up having lost their "veteran" status now 
because all those posts had been in OTW. Moderators and admins are hoping 
this will help shift some of the emphasis of the Forums back to its prime 
objective, support for Gentoo Linux users.
 * [forums-announce] OTW posts no longer count towards total[16] 
 * OTW will be deleted soon[17] (not really...) 
Cool console tip thread of the week
It all started with a simple question: How to stop emerge's output from 
scrolling off the screen when there are many packages to merge. That 
question got answered quickly, but then came the other tips: How to scroll 
up and down in virtual terminals, increase your VT buffer history size, 
bash history searching, and more!
 * Visualize Packages List on Console[18] 
File system discussions
The many virtues of running Linux include having a variety of file system 
formats to choose from. There are the old reliables: ext2 and ext3 that 
most seasoned Linux geeks know about. But in Linux's recent history, many 
more file systems have come about. XFS, JFS, and ReiserFS to name a few. 
This informative thread shares some of the experiences of Gentoo users on 
all these file systems, and discusses the pros and cons of running a "less 
popular" file system format. 
 * JFS and XFS[19] 
X11 mice and udev
It's enevitiable, udev is the next stop for Linux's /dev filesystem. udev 
brings along a slew of great features that are easy to use, but be on the 
lookout for this common problem when switching from devfs. 
 * Problems with X11 and udev[20] 
Makefile variables inside ebuilds
Robin H. Johnson[21] asks: "I've seen a lot of ebuilds lately where the 
author has tried to get a variable set inside the Makefile, but their code 
actually doesn't work, and it hasn't been noticed." Read on to learn what 
works and what doesn't, and get a lecture in advanced bash-magic as you 
read along. 
 21. robbat2@g.o
 * Makefile variables inside ebuilds[22] 
libtool help
Mike Frysinger[23] offers some information on a libtool-related series of 
bugs. As of libtool-1.5.10, some ebuilds fail with:
 23. vapier@g.o
| Code Listing 4.1:                                                       |
|                                                                         |
|*** Gentoo sanity check failed! ***                                      |
|*** libtool.m4 and have a version mismatch! ***                |
|*** (libtool.m4 = 1.5.10, = 1.5.2) ***                         |
|                                                                         |
This is an ebuild error, so if you hit this error, check on if it is known and open a bug if there isn't one yet. The 
fixes are relatively simple, a howto can be found in the mail thread. 
 * libtool help[24] 
5. Gentoo in the press
Hardware Upgrade (9 December 2004)
In an extensive, eleven-page-long test titled "Gaming con Linux"[25], the 
Italian magazine Hardware Upgrade puts Linux against Windows in a whole 
series of performance tests for games like Unreal Tournament and Doom 3, 
on graphics from both ATI and Nvidia. Author Raffaele Fanizzi chose Gentoo 
Linux as his platform for the Linux side of benchmarking, and concludes 
that using Nvidia NV40 in Linux offers better performance in Gentoo than 
Windows XP, despite manufacturer optimizations for the hardware being 
biased towards the Windows platform, with ATi Radeon cards being even more 
heavily predisposed for optimal performance in Windows. 
O'Reilly (15 December 2004)
Nick Kew, author of various XML applications and this recent article on 
"XML Namespace Processing in Apache"[26], mentions Gentoo alongside 
FreeBSD and Debian as an example for incorporation of his "unexpectedly 
most popular" mod_proxy_html, "which rewrites URLs into a proxy's address 
space and is an essential component of a reverse proxy."
 26. (15 December 2004)
Gentoo has been voted "Favourite distribution"[27] in a poll conducted by (owned by, interestingly enough, Linare Corporation), 
leading the pack with almost a quarter of all 2500+ votes.
Linux Journal (17 December 2004)
In an interview with Linux Journal[28], Bill McCarty who recently 
published a new book on "Security Enhanced Linux"[29] draws encouraging 
signs of more widespread availability of SELinux in the future from the 
fact that it's "now an integral component of several Linux distributions, 
such as Fedora Core, Gentoo and the beta release of Red Hat Enterprise 
Linux 4."
6. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([30]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 12 December 2004 and 19 December 2004, activity 
on the site has resulted in: 
 * 738 new bugs during this period 
 * 368 bugs closed or resolved during this period 
 * 30 previously closed bugs were reopened this period 
Of the 7750 currently open bugs: 126 are labeled 'blocker', 233 are 
labeled 'critical', and 551 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[31], with 26 closed bugs[32]  
 * Gentoo Games[33], with 24 closed bugs[34]  
 * Gentoo Security[35], with 16 closed bugs[36]  
 * ppc64 architecture team[37], with 15 closed bugs[38]  
 * Gentoo's Team for Core System packages[39], with 15 closed bugs[40]  
 * Java team[41], with 14 closed bugs[42]  
 * SpanKY[43], with 11 closed bugs[44]  
 * Gentoo Linux Gnome Desktop Team[45], with 11 closed bugs[46]  
 31. amd64@g.o
 33. games@g.o
 35. security@g.o
 37. ppc64@g.o
 39. base-system@g.o
 41. java@g.o
 43. vapier@g.o
 45. gnome@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * media-video herd[47], with 16 new bugs[48]  
 * AMD64 Porting Team[49], with 14 new bugs[50]  
 * Gentoo's Team for Core System packages[51], with 13 new bugs[52]  
 * Gentoo Sound Team[53], with 10 new bugs[54]  
 * Gentoo Science Related Packages[55], with 10 new bugs[56]  
 * Java team[57], with 9 new bugs[58]  
 * Gentoo Linux Gnome Desktop Team[59], with 9 new bugs[60]  
 * Embedded Gentoo Team[61], with 9 new bugs[62]  
 47. media-video@g.o
 49. amd64@g.o
 51. base-system@g.o
 53. sound@g.o
 55. sci@g.o
 57. java@g.o
 59. gnome@g.o
 61. embedded@g.o
7. Tips and Tricks
Devtodo: Nifty tool for developers and others
This small program provides a per-directory todo list. Items can be added, 
deleted, edited and changed in priority. The list is always sorted with 
the most important items on top, equal priority items sorted by time, 
oldest first.
| Code Listing 7.1:                                                       |
|To                                                                       |
|                                                                         |
|emerge app-misc/devtodo                                                  |
|                                                                         |
Let's see a small demonstration:
| Code Listing 7.2:                                                       |
|Adding                                                                   |
|                                                                         |
|$ tda                                                                    |
|Enter text for the item you are adding.                                  |
|text> Write some stuff for the GWN                                       |
|1. veryhigh   2. high   3. medium   4. low   5. verylow                  |
|Enter a priority from those listed above.                                |
|priority> medium                                                         |
|Index of new item is 1                                                   |
|                                                                         |
|$ tda                                                                    |
|Enter text for the item you are adding.                                  |
|text> Install a speelchecker                                             |
|1. veryhigh   2. high   3. medium   4. low   5. verylow                  |
|Enter a priority from those listed above.                                |
|priority> low                                                            |
|Index of new item is 2                                                   |
|                                                                         |
Now lets check the output:
| Code Listing 7.3:                                                       |
|Sample                                                                   |
|                                                                         |
|$ devtodo                                                                |
|  1.Write some stuff for the GWN                                         |
|  2.Install a speelchecker                                               |
|                                                                         |
Ok, let's edit the priorities, a spellchecker would be quite useful before 
finishing other things:
| Code Listing 7.4:                                                       |
|                                                                         |
|$ tde 2                                                                  |
|Modify the text of the item you are editing.                             |
|text> Install a speelchecker                                             |
|1. veryhigh   2. high   3. medium   4. low   5. verylow                  |
|Enter a priority from those listed above.                                |
|priority> veryhigh                                                       |
|                                                                         |
This moves the item above lower priority items and changes the output 
colour to red. Available (colour-coded!) priorities are: 1. veryhigh 2. 
high 3. medium 4. low 5. verylow 
| Code Listing 7.5:                                                       |
|Output with changed                                                      |
|                                                                         |
|$ devtodo                                                                |
|  1.Install a speelchecker                                               |
|  2.Write some stuff for the GWN                                         |
|                                                                         |
Once you have completed an item, you can either mark it as done with "tdd" 
or remove it with "tdr". So from now on you don't have an excuse for 
forgetting assignments and other things. Enjoy!
8. Moves, adds, and changes
The following developers recently left the Gentoo team:
 * None this week 
The following developers recently joined the Gentoo Linux team:
 * Gregorio Guidi (greg_g) - KDE 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
9. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
 63. gwn-feedback@g.o
10. GWN feedback
Please send us your feedback[64] and help make the GWN better.
 64. gwn-feedback@g.o
11. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
12. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[65] 
 * Dutch[66] 
 * English[67] 
 * German[68] 
 * French[69] 
 * Japanese[70] 
 * Italian[71] 
 * Polish[72] 
 * Portuguese (Brazil)[73] 
 * Portuguese (Portugal)[74] 
 * Russian[75] 
 * Spanish[76] 
 * Turkish[77] 
Ulrich Plate <plate@g.o> - Editor
Brian Downey <bdowney@×××××××××××.net> - Author
Patrick Lauer <patrick@g.o> - Author

gentoo-gwn@g.o mailing list