Gentoo Archives: gentoo-gwn

From: Yuji Carlos Kosugi <carlos@g.o>
To: gentoo-gwn@g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 2, Issue 47
Date: Mon, 24 Nov 2003 17:25:57
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of November 24th, 2003.
1. Gentoo News
 * Gentoo Managers' Meeting Summary - 17 November 2003 
 * Gentoo Desktop update 
Gentoo Managers' Meeting Summary - 17 November 2003
A log[1] and summary[2] of last week's Managers' Meeting have been posted 
on the Gentoo Managers' Meetings[3] page. During the meeting, three issues 
were discussed before the floor was opened. First, Daniel Robbins[4] spoke 
about Catalyst, a new system for building LiveCDs and stage tarballs. 
Catalyst, a rewrite of the original "stager" code used to build the 
stage1, stage2, and stage3 tarballs, will be a single modular program able 
to reliably and repeatably build stages, livecds, and package sets for all 
architectures. Next, Sven Vermeulen[5] announced that the installation 
section of the Gentoo Handbook[6] was ready for mass consumption. Finally, 
infrastructure lead Kurt Lieber[7] asked what was being done to facilitate 
QA for Gentoo, and was answered by Seemant Kulleen[8], who said that 
releng was handling QA by developing catalyst and similar tools, and that 
ideas were being tossed around in #gentoo-qa and in conversations with 

 4. drobbins@g.o
 5. swift@g.o
 7. klieber@g.o
 8. seemant@g.o
Gentoo Desktop update
Status Report
There has been quite a bit of work done in the Gentoo Desktop world during 
the last several weeks. A number of developers from the Gentoo Desktop 
team have banded together to ensure that every package pertaining to 
running Gentoo on the desktop is sufficiently maintained. This team has 
begun forming new herds (collections of related ebuilds maintained by a 
group of interested developers), updating forgotten packages to newer 
versions, testing said packages, marking some of them stable, and closing 
bugs. The current target categories are x11-misc, x11-wm, and x11-plugins.
Who wants to be a Gentoo Developer?
We are looking for at least two intelligent, dedicated people to join in 
this effort. First, the KDE team is short of help, and would appreciate an 
able volunteer. Second, the gnustep herd, which comprises gnustep, 
afterstep, windowmaker, and some related apps, is fairly inactive, so we 
would like one more person to fill this position. Other positions may be 
available, so don't hesitate to contact tseng on IRC at #gentoo-desktop, 
or send an email to Brandon Hale[9]. 

 9. tseng@g.o
Qualified applicants will preferably be long-time users of Linux as a 
desktop OS. Strong troubleshooting skills are required, as the selected 
applicants will be working to resolve bug reports from other users. 
Familiarity with Bugzilla and cvs are also a plus, and fluency in the 
English language is greatly preferred. 
2. Featured Developer of the Week
Featured Developer is on hiatus this week. 
3. Gentoo Security
GLSA: apache
Quote from
This version of Apache is principally a bug and security fix release. A 
partial summary of the bug fixes is given at the end of this document. A 
full listing of changes can be found in the CHANGES file. Of particular 
note is that 1.3.29 addresses and fixes 1 potential security issue:
 * CAN-2003-0542 ( Fix buffer overflows in mod_alias and 
mod_rewrite which occurred if one configured a regular expression with 
more than 9 captures.
We consider Apache 1.3.29 to be the best version of Apache 1.3 available 
and we strongly recommend that users of older versions, especially of the 
1.1.x and 1.2.x family, upgrade as soon as possible. No further releases 
will be made in the 1.2.x family.
 * Packages Affected: <apache-1.3.29 
 * Rectification: emerge sync; emerge -pv apache; emerge 
'>=net-www/apache-1.3.29'; emerge clean; /etc/init.d/apache restart 
 * GLSA Announcement[10] 
GLSA: kdebase
Firstly, versions of KDM <= 3.1.3 are vulnerable to a privilege escalation 
bug with a specific configuration of PAM modules. Users who do not use PAM 
with KDM and users who use PAM with regular Unix crypt/MD5 based 
authentication methods are not affected.
Secondly, KDM uses a weak cookie generation algorithm. It is advised that 
users upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable 
source of entropy to improve security.
Please look at 
for the KDE Security Advisory and source patch locations for older 
versions of KDE.
 * Packages Affected: <=3.1.3 
 * Rectification: emerge --sync; emerge '>=kde-base/kde-3.1.4'; emerge 
 * GLSA Announcement[11] 
GLSA: opera
The Opera browser can cause a buffer allocated on the heap to overflow 
under certain HREFs when rendering HTML. The mail system is also deemed 
vulnerable and an attacker can send an email containing a malformed HREF, 
or plant the malicious HREF on a web site.
Please see 
for further details.
 * Severity: High - buffer overflows rendering certain HREFs 
 * Packages Affected: 7.11, 7.20 
 * Rectification: emerge --sync; emerge '>=net-www/opera-7.22'; emerge 
 * GLSA Announcement[12] 
GLSA: hylafax
During a code review of the hfaxd server, the SuSE Security Team 
discovered a format bug condition that allows a remote attacker to execute 
arbitrary code as the root user. However, the bug cannot be triggered in 
the default hylafax configuration.
SuSE-SA:2003:045 outlines the problem, and is available at
 * Severity: Normal - Remote code exploit untriggerable in default 
 * Packages Affected: <=4.1.7 
 * Rectification: emerge --sync; emerge '>=net-misc/hylafax-4.1.8'; emerge 
 * GLSA Announcement[13] 
New Security Bug Reports
The following new security bugs were posted this week: 
 * sys-libs/pam[14] 
 * net-www/jboss[15] 
 * sys-libs/pam[16] 
4. Heard in the Community
Beyond X
"Can I use this without blowing a hole in my PC?" was the spontaneous 
first reaction to port001[17]'s announcement of ebuilds for Keith 
Packard's alternative Xserver[18] (formerly known as kdrive), including 
the Render extension and a 32 bits X Visual for presenting alpha-blended 
content to the screen. The forum thread started last Sunday, is quite 
lively and an absolute must for anyone who wants to have a go at 
translucent windows... The ebuild's actual author spyderous[19] and thread 
initiator port001 are still around answering questions:

 * XServer ebuilds[20] 
 * Spyderous' repository and instructions[21] 

Power Profiles for Laptops
Well rooted in the tradition of donating excellent documentation to the 
Forum section of the same name, optilude[22] has deposited a collection of 
scripts for power management on laptop and notebooks, addressing CPU 
frequency throttles and backlight adjustments, but potentially including 
other funtions, too.:

 * [SCRIPTS] Power profiles for laptops[23] 
Dangers of unmerging?
Quoting the Portage Manual: 'Unmerging packages can be dangerous...removal 
of various libraries may cause software to fail". User list member Jason 
presented that this is a fundamental shortcoming in Portage. Check out how 
others felt about this topic  here[24]. 

5. Gentoo International
Vienna Gentoo Linux Users Group (VGLUG) Meeting in December
The Vienna crowd continues to pick the strangest of places for their 
venues. This time (Tuesday 2 December, 19:00 hours) it's going to be at 
the Cafe Oskar[25], a peculiar joint where - judging from the pictures on 
their website - part of the crowd consistently seems to enjoy dancing on 
tables while being inappropriately clad for temperatures outside. Stow 
those notebooks away, Gentoomen... Questions, remarks, RSVPs to the Forum 
coordination thread[26].

6. Portage Watch
Portage Watch is on hiatus this week.
7. Bugzilla
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
The Gentoo community uses Bugzilla ([27]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 14 November 2003 and 20 November 2003, activity 
on the site has resulted in: 

 * 457 new bugs during this period 
 * 296 bugs closed or resolved during this period 
 * 11 previously closed bugs were reopened this period 
Of the 4145 currently open bugs: 106 are labeled 'blocker', 189 are 
labeled 'critical', and 319 are labeled 'major'. 
Closed Bug Rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[28], with 39 closed bugs[29]  
 * Markus Nigbur[30], with 15 closed bugs[31]  
 * Mozilla Gentoo Team[32], with 12 closed bugs[33]  
 * Gentoo Games[34], with 12 closed bugs[35]  
 * Gentoo KDE Team[36], with 11 closed bugs[37]  
 * Portage Team[38], with 11 closed bugs[39]  
 28. amd64@g.o
 30. pYrania@g.o
 32. mozilla@g.o
 34. games@g.o
 36. kde@g.o
 38. dev-portage@g.o
New Bug Rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Net-Dialup Team[40], with 15 new bugs[41]  
 * Net-Mail Packages[42], with 13 new bugs[43]  
 * Martin Schlemmer[44], with 13 new bugs[45]  
 * Portage team[46], with 8 new bugs[47]  
 40. net-dialup@g.o
 42. net-mail@g.o
 44. azarah@g.o
 46. dev-portage@g.o
8. Tips and Tricks
Killing a Hung Virtual Console
This week's tip shows you how to restore a hung virtual console (without 
rebooting). To do this, you need sys-apps/lsof from portage.
Using lsof, find the login processes of the hung console.
| Code Listing 8.1:                                                       |
| Example: (hung console is /dev/vc/3)                                    |
|                                                                         |
|# lsof /dev/vc/3                                                         |
|login    7114  root    0u   CHR    4,3        17 /dev/vc/3               |
|login    7114  root    1u   CHR    4,3        17 /dev/vc/3               |
|login    7114  root    2u   CHR    4,3        17 /dev/vc/3               |
|zsh     30630 david    0u   CHR    4,3        17 /dev/vc/3               |
|zsh     30630 david    1u   CHR    4,3        17 /dev/vc/3               |
|zsh     30630 david    2u   CHR    4,3        17 /dev/vc/3               |
|zsh     30630 david   10u   CHR    4,3        17 /dev/vc/3               |
|                                                                         |
Kill the processes associated with this login and the console should 
| Code Listing 8.2:                                                       |
| Killing the virtual console processes                                   |
|                                                                         |
| # kill -9 7114 30630                                                    |
|                                                                         |
9. Moves, Adds and Changes
The following developers recently left the Gentoo team: 

 * none this week 
The following developers recently joined the Gentoo Linux team:
 * none this week 
The following developers recently changed roles within the Gentoo Linux 
 * none this week 
10. Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 

 48. gwn-feedback@g.o
11. GWN Feedback
Please send us your feedback[49] and help make the GWN better.

 49. gwn-feedback@g.o
12. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under.
13. Other Languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Dutch[50] 
 * English[51] 
 * German[52] 
 * French[53] 
 * Japanese[54] 
 * Italian[55] 
 * Polish[56] 
 * Portuguese (Brazil)[57] 
 * Portuguese (Portugal)[58] 
 * Russian[59] 
 * Spanish[60] 
 * Turkish[61] 

Yuji Carlos Kosugi <carlos@g.o> - Editor
AJ Armstrong <aja@×××××××××××××.com> - Contributor
Brian Downey <bdowney@×××××××××××.net> - Contributor
Luke Giuliani <cold_flame@×××××.com> - Contributor
Shawn Jonnet <shawn.jonnet@×××××××.net> - Contributor
Michael Kohl <citizen428@g.o> - Contributor
Kurt Lieber <klieber@g.o> - Contributor
Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
David Narayan <david@×××××××.net> - Contributor
Gerald J Normandin Jr. <gerrynjr@g.o> - Contributor
Ulrich Plate <plate@g.o> - Contributor
Mathy Vanvoorden <matje@×××××××.be> - Dutch Translation
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
Peter ter Borg <peter@××××××.nl> - Dutch Translation
Jochen Maes <linux@××××.be> - Dutch Translation
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
Gerard van den Berg <gerard@××××××.net> - Dutch Translation
Matthieu Montaudouin <mat@××××××××.com> - French Translation
Xavier Neys <neysx@g.o> - French Translation
Martin Prieto <riverdale@×××××××××.org> - French Translation
Antoine Raillon <cabec2@××××××.net> - French Translation
Sebastien Cevey <seb@×××××.net> - French Translation
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
Thomas Raschbacher <lordvan@g.o> - German Translation
Steffen Lassahn <madeagle@g.o> - German Translation
Matthias F. Brandstetter <haim@g.o> - German Translation
Lukas Domagala <Cyrik@g.o> - German Translation
Tobias Scherbaum <dertobi123@g.o> - German Translation
Daniel Gerholdt <Sputnik1969@g.o> - German Translation
Marc Herren <dj-submerge@g.o> - German Translation
Tobias Matzat <SirSeoman@g.o> - German Translation
Marco Mascherpa <mush@××××××.net> - Italian Translation
Claudio Merloni <paper@×××××××.it> - Italian Translation
Christian Apolloni <bsolar@×××××××.ch> - Italian Translation
Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
Yoshiaki Hagihara <hagi@×××.com> - Japanese Translation
Katsuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
Yuji Carlos Kosugi <carlos@g.o> - Japanese Translation
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
Takashi Ota <088@××××××××××.jp> - Japanese Translation
Radoslaw Janeczko <sototh@×××.pl> - Polish Translation
Lukasz Strzygowski <lucass.home@××.pl> - Polish Translation
Michal Drobek <veng@××.pl> - Polish Translation
Adam Lyjak <apo@××××××××××××××××××××.pl> - Polish Translation
Krzysztof Klimonda <cthulhu@×××××××××.net> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
Jo達o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) 
Marcelo Gon巽alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) 
Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) 
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) 
Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) 
Jos辿 Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
Sergey Galkin <gals_home@××××.ru> - Russian Translator
Sergey Kuleshov <svyatogor@g.o> - Russian Translator
Alex Spirin <asp13@××××.ru> - Russian Translator
Dmitry Suzdalev <dimsuz@××××.ru> - Russian Translator
Anton Vorovatov <mazurous@××××.ru> - Russian Translator
Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
Lanark <lanark@××××××××××.ar> - Spanish Translation
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
Jes炭s Garc鱈a Crespo <correo@××××××.com> - Spanish Translation
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
Sergio G坦mez <s3r@××××××××××××.ar> - Spanish Translation
Aycan Irican <aycan@××××××××.tr> - Turkish Translation
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation