Gentoo Archives: gentoo-gwn

From: Kurt Lieber <klieber@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter -- Volume 2, Issue 6
Date: Mon, 10 Feb 2003 02:06:32
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of February 10th, 2003.
1. Gentoo News

 * Gentoo Linux at FOSDEM 
 * New Release Manager for 1.4 
 * Icons for Gentoo Linux 
Gentoo Linux at FOSDEM
Gentoo Linux was present at this weekend's FOSDEM[1], a meeting of 
developers of Open Source software. Taking place in Brussels, Belgium, 
this year's FOSDEM drew developers from many of the largest Open Source 
projects, including KDE, GNOME, PostgreSQL, iptables and others. Daniel 
Robbins was also present representing the Gentoo Linux project. 

New Release Manager for 1.4
Brad Cowan (bcowan) was recently appointed as the Gentoo Release 
Coordinator and tasked with getting Gentoo Linux 1.4, as well as future 
versions of Gentoo Linux, out the door. So far, Brad has been busy 
finalizing the list of packages for the 1.4 Gentoo Reference Platform, as 
well as coordinating efforts among the various development managers to 
determine what needs to be finished before 1.4 can be officially released. 
Icons for Gentoo Linux
Originally reported in last week's Heard In The Community[2] section, the 
Gentoo Icon Set[3] has continued to grow and improve to the point where 
the full set is now featured[4] on the main web site. 
Currently, with over 160 icons available and more being added each week, 
this icon set offers users a comprehensive way to customize their Gentoo 
Linux systems. 

2. Gentoo Security

 * GLSA: bladeenc 
 * GLSA: qt-dcgui 
 * GLSA: slocate 
 * GLSA: Mail-SpamAssassin 
 * New Security Bug Reports 
GLSA: bladeenc
The bladeenc MPR encoder contains a signed integer offset that may be 
spoofed by a carefully crafted wave file to execute arbitrary code. An 
exploit has been demonstrated. 
 * Severity: Moderate - arbitrary code execution mitigated by requirement 
   for user participation. 
 * Packages Affected: media-sound/bladeenc prior to bladeenc-0.94.2-r1 
 * Rectification: Synchronize and emerge -u bladeenc, emerge clean 
 * GLSA Announcement[5] 
 * Advisory[6] 

GLSA: qt-dcgui
The qt-dcgui DirectConnect client has a major vulnerability in the way it 
parses directory names. Remote attackers could use this flaw to download 
files that are not explicitly shared. 
 * Severity: High - Remote read access to files. 
 * Packages Affected: net-p2p/qt-dcgui prior to qt-dcgui-0.2.4 
 * Rectification: Synchronize and emerge -u qt-dcgui, emerge clean 
 * GLSA Announcement[7] 
 * Advisory[8] 

GLSA: slocate
The slocate file search utility contains a buffer overflow vulnerability 
that could permit users to gain higher access privileges on the system. An 
exploit has been demonstrated. 

 * Severity: High - Privilege elevataion. 
 * Packages Affected: sys-apps/slocate prior to slocate-2.7 
 * Rectification: Synchronize and emerge -u slocate, emerge clean 
 * GLSA Announcement[9] 
 * Advisory[10] 

GLSA: Mail-SpamAssassin
The popular SpamAssassin utility is subject to an exploit using escaped 
'.' characters to provoke a modification of the stack pointer. This could 
permit a carefully crafted email to execute arbitrary code on the system. 

 * Severity: Critical - Remote execution of arbitrary code. 
 * Packages Affected: dev-perl/Mail-SpamAssassin prior to 
 * Rectification: Synchronize and emerge -u Mail-SpamAssassin, emerge 
 * GLSA Announcement[11] 
 * Advisory[12] 

New Security Bug Reports
The following new bug report have been submitted to the bugzilla database 
this week: 

 * net-mail/mailman[13] 

3. Featured Developer of the Week
Brandon Low
This week we're featuring Brandon Low[14], maintainer of the 
gentoo-sources kernel and the kernel eclass system used to create kernel 
source ebuilds. As many of you know, the gentoo-sources are made by 
applying various patches to vanilla sources (like the ones you find at; Brandon's job is to take the various fixes, 
performance enhancements, and hardware support patches recommended by 
Michael J. Cohen[15], Gentoo's resident kernel colonel, requested by 
users, or found by himself to be suitable, and to 'patch-monkey' them all 
together, making adjustments to ensure that the various patches work 
together in order to get a working kernel. Before being put in 
gentoo-sources, changes are often tested in lolo-sources, which is first 
patched with a bunch of updates then slowly culled until it's released as 
gentoo-sources. Brandon's kernels always contain documentation in a 
patches.txt.gz file that is put in the documentation directory of the 
kernel sources, but since the information often isn't as complete with 
lolo-sources, he says that the best way to learn about a kernel patchset 
is to watch as the patches are applied during the merge process. The 
current lolo-sources are based on the Con Kolivas patchset, with the 
addition of Gentoo-specific stuff as well as the iptables base and 
optimization pachsets. Like Nicholas Jones[16](who actually started using 
Gentoo and helping out with it on his suggestion), Brandon got his start 
as a Gentoo developer hanging out in IRC and on Bugzilla making ebuilds 
and assisting with bugs. His cool head and tendency to know when a patch 
would be too much trouble was what gave him the final word on 
gentoo-sources. A keen ebuilder, Brandon continues to make ebuilds for 
applications that he needs or wants that aren't in the Portage tree. 

 14. lostlogic@g.o
 15. mjc@g.o
 16. carpaski@g.o
A student of computer engineering at the Illinois Institute of Technology, 
Brandon also works as the general technology specialist at CopyTec[17] - 
it's no wonder he has trouble balancing the remaining time between Gentoo 
and his girlfriend. Brandon has two machines, lost and found: lost is an 
Athlon XP workstation, while found is a headless Athlon T-Bird 
WWW/mail/DNS server. Here's a long litany of the apps he likes to run on 
his workstation: Gaim, Enlightenment, Eterm, Xchat, XMMS, giFT, Midnight 
Commander, Mozilla, gkrellm2, lm_sensors, mutt, screen, pork, and bash. In 
Real Life, Brandon likes to swim, play GameCube, and rollerblade. 

4. Heard In The Community
Web Forums
What's In A Framebuffer?
Let's call it the Framebuffer Awareness Week. An extraordinary interest in 
the possibilities (and limitations) of framebuffer consoles, using it in X 
or in its stead, for TV-out to the big screen, and other tidbits of 
information has emerged in an unusual density: 
 * What exactally can i do with the framebuffer[18] 
 * Framebuffer resolution[19] 
 * Framebuffer console on the Intel 810[20] 
 * How to get xdirectfb working[21] 

Fund Raising Ideas
The forums are notorious for posters throwing tantrums at the installation 
process or application oddities, but the general mood has always been 
extremely supportive of Gentoo Linux, its concept and further development. 
Not astonishing, in this light, that initiatives emerge at regular 
intervals that try to back up the idealistic support with something more 
tangible, by raising money for the project as a whole. People are offering 
money for e-mail-addresses that display their affection for Gentoo, club 
memberships (Mandrake style) are being discussed, even paying for an 
overnight ebuild service, in a nutshell: anything that could help to put 
Gentoo on the next evolutionary stage: 
 * funds via Gentoo email?[22] 
 * yourname@××××××××××.net ?[23] 
 * Gentoo Club[24] 
 * A Gentoo Members Club?[25] 
Using phpBB
A few threads have dealt with the shortcomings of the software that drives 
the Forums, phpBB. Its structure sometimes prevents things from being just 
as powerful as some of the users would like it, but advances are clearly 
being made. The search function has been modified, searching for all 
search terms is now the default for both the Search page and the Quick 
Search text input box, and sometimes things just fall into place with an 
upgrade to phpBB itself: Posting in Japanese miraculously started to work 
last week. 
 * Gentoo forum search sucks[26] 
 * Japanese Gentoo user[27] 
What Are Those ._cfg* Files Anyway?
One of the most frequently overlooked features of portage, the etc-update 
command, has equally frequently been dealt with at the forums. It is a 
better known fact that critical config files are protected from being 
automatically overwritten during emerge, but before you struggle with 
manually editing all those files with names starting on ._cfg that keep 
appearing below the /etc threshold and elsewhere, you may want to have a 
look at this thread from last week: 
 * Graphical etc-update[28] 
 * "29 config files in /etc need updating" & etc-[29] 


Installing non ebuild software
Contrary to what we'd like to believe, software is still being written on 
non Gentoo systems and not packaged as an ebuild. Robert Shar asked if 
there is a standard method to installing programs lacking an ebuild. As 
the responses rolled in, it became clear that there isn't a 'standard' 
method of handling non ebuild software, but many clever ways to do it. 
Collins Richey suggested modifying the configure script[30] to install the 
software under /opt and Pat Double thought it would be just as painless to 
create an ebuild[31]. Cal Evans even proposed[32] that a utility to 
convert an RPM (currently the most popular packaging system) to an ebuild 
should be written. 

A popular thread emerged (pardon the pun) on gentoo-user sharing the 
classic tales of administrator horror stories. From deleting weeks worth 
of work[33] to nearly getting fired[34] from the job, the stories within 
are sure to bring back the nostalgic memories of wishing time was 
reversible... if only for just one command. There is also a related 
thread[35] in the forums. Time heals, and posting does too. 

Disk Full?!? Quick resolutions
To Jorge Almeida's astonishment, his fresh Gentoo system was reporting the 
disk was full after a KDE 3.1 upgrade. Developer Nick Jones 
recommended[36] removing all files under /var/tmp/portage, 
/usr/portage/distfiles, and /usr/portage/packages -- noting that distfiles 
and packages may contain wanted files that portage would have to download 
again if they were removed. It was also noted that cleaning out /var/log 
is another quick way to free space, especially if a log rotator has not 
been installed. Volker Hemmann let us know that his 
/var/log/.xsession-errors once grew to a size of 3.7GB!

Gentoo XML Database. 

Yannick Koehler started[37] a very interesting thread with "For the fun of
it, I created a little tool very custom and untested that will read the the
cache files of gentoo and generate on the stdout a valid xml file. [...]
What's interesting is that the database is generated from a gentoo system
pretty easily because of the presence of the cache.  One could easily think
about creating a direct ebuilds -> xml db software instead of passing
through the cache." Vano D proposed[38] its application "for making a
"portage server" serving portage ebuilds and recording the cache
information (as in what is installed with what USE flags) for every single
client machine having an "account" on the db." 

Todo/project list for Gentoo. 

Kashif Shaikh asked[39]: "I've been using Gentoo now for a couple of
months, wrote some ebuilds, loved gentoo's simplicity(configuration
system), etc. BUT, I would like to get involved more with Gentoo though I
don't know where to start or what to improve." John Nilsson briefly
answered[40] with "Your todo list is called[41] =)" and
continued with "Seriously what you could do that I would like is a
gentoo-user-wiki. For Swedish users take a look at[42] and you'll know what I'm talking about. Is there
an English equivalent?" 

Follow-up: Portage Database Management. 

Ingo Krabbe started[43] quite a busy thread with his question of wether
there were any plans to have Portage use a database in order to improve
speed! Some ideas for its application were tossed in, such as John
Nilsson's: "This db would have more indepth information of every package,
HOWTOS, bugs, discussions all that kind of information you would wan't
(mostly just a gentoo specific info text and link to a homepage I suspect,
but you COULD add more)." 

5. Gentoo International
Impromptu Gentoo Dev & User Meeting in Barcelona, 12 February 2003
BaSS, one of the Spanish Gentoo developers, is leaving his home town 
Sevilla for a few days in Barcelona. Perfect occasion to meet him and 
everybody else who's going to show up at the Sagrada Familia on 12 
February, 18:00. In case you don't know who to look out for, he'll wear a 
black bag with the Gnome and Guadec logos on it... 
Snapshot from Japan: Gentoo in User Mode Linux on RedHat 8.0
Masanori "Smiley" Omote isn't really what you call a hardened Gentoo user. 
He's been running RedHat for ages, and doesn't have any immediate plans to 
give it up. But his friends at the Tokyo Linux User Group had been 
pestering him so much about the most elegant of penguins, something was 
bound to happen. As it turned out, something equally elegant: Smiley, 
looking for a way to run both gcc 2.9x and 3.x on the same machine at the 
same time, went and installed Gentoo Linux in a virtual machine in User 
Mode Linux (UML) on his tiny Sony Vaio C1, a subnotebook sporting a 
Transmeta CPU, 256 MB and - RedHat 8.0. Now, whether this was the right 
way to go about it, or even the right order in which to put one on top of 
the other is a matter of debate, but for someone with a RedHat background, 
his perfectly documented installation manuscript has a reassuringly 
familiar look... 
 * Gentoo 1.4_rc2 in RedHat 8.0 using UML[44] 
6. Portage Watch
The following stable packages were added to portage this week
Because of the pending release of 1.4_final, the Portage tree is currently 
frozen. As such, no new stable packages were introduced to Portage this 
Updates to notable packages
 * sys-apps/portage - portage-2.0.46-r12.ebuild;  
 * sys-devel/gcc - gcc-3.2.2.ebuild;  
 * x11-base/xfree - xfree-;  
 * gnome-base/gnome - gnome-2.2.ebuild; gnome-2.2_rc2-r99.ebuild; 
 * sys-kernel/* - aa-sources-2.4.21_pre4-r1.ebuild; 
   ac-sources-2.4.21_pre3-r5.ebuild; ac-sources-2.4.21_pre4-r1.ebuild; 
   ac-sources-2.4.21_pre4-r2.ebuild; development-sources-2.5.59-r7.ebuild; 
   development-sources-2.5.59-r8.ebuild; linux-headers-2.4.20.ebuild; 
   ppc-sources-benh-2.4.20-r5.ebuild; ppc-sources-crypto-2.4.20.ebuild; 
   sparc-sources-2.4.20-r3.ebuild; usermode-sources-2.4.19-r48.ebuild; 
New USE variables
 * none this week 
7. Bugzilla

 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([45]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. In the last 7 days, activity on the site has resulted 
 * 251 new bugs this week 
 * 1601 total bugs currently marked 'new' 
 * 577 total bugs curently assigned to developers 
 * 52 bugs that were previously closed have been reopened. 
 There are currently 2230 bugs open in bugzilla. Of these: 44 are labelled 
'blocker', 77 are labelled 'critical', and 151 are labelled 'major'. 

Closed Bug Rankings
The developers and teams who have closed the most bugs this week are: 
 * Nicholas Jones[46], with 27 closed bugs[47] 
 * Nick Hadaway[48], with 26 closed bugs[49] 
 * The KDE Team[50], with 24 closed bugs[51] 
 * Matthew Turk[52], with 19 closed bugs[53] 
 * Martin Schlemmer[54], with 17 closed bugs[55] 
 46. carpaski@g.o
 48. raker@g.o
 50. kde@g.o
 52. satai@g.o
 54. azarah@g.o
New Bug Rankings
The developers and teams who have been assigned the most new bugs this 
week are: 
 * Martin Schlemmer[56], with 24 new bugs[57] 
 * The KDE Team[58], with 16 new bugs[59] 
 * Nick Hadaway[60], with 16 new bugs[61] 
 * Ryan Phillips[62], with 16 new bugs[63] 

 56. azarah@g.o
 58. kde@g.o
 60. raker@g.o
 62. rphillips@g.o
8. Tips and Tricks
See which USE variables affect a package during an emerge
One of the most-often requested features in Portage is the ability to 
quickly and easily see what effect USE variables have during the emerge 
process. The release Portage 2.0.46-r12 makes this feature available. 
To display USE variable effects, use the -v option: 
| Code Listing 8.1:                                                       |
| Display USE variable effects with the -v option                         |
|                                                                         |
|#emerge -vp exim                                                         |
|                                                                         |
|These are the packages that I would merge, in order:                     |
|                                                                         |
|Calculating dependencies ...done!                                        |
|[ebuild    U ] net-mail/exim-4.12 [4.10] -tcpd +ssl -postgres +mysql     |
|                                                                         |
9. Moves, Adds and Changes
The following developers recently left the Gentoo team: 
 * Ric Messier (kilroy) 
 * Maarten Thibaut (murphy) 
The following developers recently joined the Gentoo team: 
 * Zach Welch (zwelch) -- Gentoo/ARM, distcc 
The following developers recently changed roles within the Gentoo project. 
 * Brad Cowan (bcowan) -- Gentoo Linux Release Coordinator 
 * Jack Morgan (jmorgan) -- Gentoo Events Coordinator 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 64. gwn-feedback@g.o
11. GWN Feedback
Please send us your feedback[65] and help make GWN better.

 65. gwn-feedback@g.o
12. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch 
 * English 
 * German 
 * French 
 * Japanese 
 * Italian 
 * Portuguese (Brazil) 
 * Portuguese (Portugal) 
 * Spanish 
Kurt Lieber <klieber@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brice Burgess <nesta@×××××××.net> - Contributor
Yuji Carlos Kosugi <carlos@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Peter Sharp <mail@××××××××××××××.net> - Contributor
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation
Tom Van Laerhoven <tom.vanlaerhoven@××××××.be> - Dutch Translation
Roel Adriaans <roel@××××××××.cx> - Dutch Translation
Peter Dijkstra <phj.dijkstra@××××.nl> - Dutch Translation
Nicolas Ledez <nicolas.ledez@××××.fr> - French Translation
Guillaume Plessis <gui@×××××××××.com> - French Translation
Eric St-Georges <thevedge@××××××××.net> - French Translation
John Berry <anfini@××××.fr> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Michael Kohl <citizen428@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Daniel Ketel <kage-chan@g.o> - Japanese Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Andy Hunne <andy@×××××××××.com> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <gustavo@××××××××××.net> - Portuguese (Portugal) 
Ricardo Jorge Louro <rjlouro@×××××××.org> - Portuguese (Portugal) 
Lanark <lanark@××××××××××.ar> - Spanish Translation
Rafael Cordones Marcos <rcm@×××××××.net> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio Gómez <s3r@××××××××××××.ar> - Spanish Translation
Pablo Pita Leira <pablo.leira@×××××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Tirant <tirant@×××××.net> - Spanish Translation
Jaime Freire <jfreire@××.com> - Spanish Translation
Lucas Sallovitz <krusty_ar@×××××.com> - Spanish Translation