Gentoo Weekly Newsletter 18 October 2004

Posted by dave on Oct 18, 2004 3:37 AM EDT
Mailing list; By Ulrich Plate
Mail this story
Print this story

Gentoo's next release is being prepared, with previews to be expected this week, writes the Gentoo Weekly Newsletter. Other things in motion reported this week are the translation lead role for the Japanese GWN that is being transfered, a particularly rich community and press coverage, international news from Germany and Italy, and a little Q & A game about Gentoo's initscripts and how to deal with them properly.

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 18 October 2004.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
2004.3 release coming your way: LiveCD test builds for x86 and PPC 
avalable soon
-------------
  
Watch out for beta versions of the upcoming 2004.3 LiveCDs this week: Both 
x86 and PPC architectures are on the brink of releasing previews, and will 
eagerly await bug reports at Gentoo's bugzilla as soon as the test builds 
hit the mirrors. Comments from testers are highly welcome before marking 
the respective architectures ready for release.
    
New lead translator for Japanese GWN
------------------------------------
  
The GWN extends its gratitude to a long-time contributor, Japanese lead 
translator Katsuyuki Konno who is leaving the team this month, to be 
followed by Tomoyuki Sakurai[1]. The Japanese version of the GWN has been 
in existence from the fourth issue of the English language publication, 
and it hasn't skipped a single issue ever since then, making Japanese one 
of the first and most reliable of the various alternative GWN languages.
 1. [e-mail:cherry@trombik.mine.nu]
    
==================
2. Gentoo security
==================
  
LessTif: Integer and stack overflows in libXpm
----------------------------------------------
  
Multiple vulnerabilities have been discovered in libXpm, which is included 
in LessTif, that can potentially lead to remote code execution.
 
For more information, please see the GLSA Announcement[2]
 2. http://www.gentoo.org/security/en/glsa/glsa-200410-09.xml
    
gettext: Insecure temporary file handling
-----------------------------------------
  
The gettext utility is vulnerable to symlink attacks, potentially allowing 
a local user to overwrite or change permissions on arbitrary files with 
the rights of the user running gettext, which could be the root user. 
 
For more information, please see the GLSA Announcement[3]
 3. http://www.gentoo.org/security/en/glsa/glsa-200410-10.xml
    
tiff: Buffer overflows in image decoding
----------------------------------------
  
Multiple heap-based overflows have been found in the tiff library image 
decoding routines, potentially allowing to execute arbitrary code with the 
rights of the user viewing a malicious image. 
 
For more information, please see the GLSA Announcement[4]
 4. http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
    
WordPress: HTTP response splitting and XSS vulnerabilities
----------------------------------------------------------
  
WordPress contains HTTP response splitting and cross-site scripting 
vulnerabilities. 
 
For more information, please see the GLSA Announcement[5]
 5. http://www.gentoo.org/security/en/glsa/glsa-200410-12.xml
    
BNC: Input validation flaw
--------------------------
  
BNC contains an input validation flaw which might allow a remote attacker 
to issue arbitrary IRC related commands. 
 
For more information, please see the GLSA Announcement[6]
 6. http://www.gentoo.org/security/en/glsa/glsa-200410-13.xml
    
=========================
3. Heard in the community
=========================
  
Web forums
----------
  
KDE and GPG
 
Security comes at a price: When packages supposedly collaborating with 
each other for providing GnuPG and S/MIME support in the KDE mail client 
are being updated without coordination upstream, things may occasionally 
break:
 
 * KDEPIM 3.3.1 failing on gpgme[7] 
 7. http://forums.gentoo.org/viewtopic.php?t=236628
    
gentoo-user
-----------
  
KDE and broken DNS
 
Several Gentooers noticed that after upgrading glibc on their systems, DNS 
sporadically quit working inside KDE. One helpful poster provided a link 
back to KDE's bugzilla that had a bug report specifically for Gentoo, but 
it had no solution. So what is the culprit? When doing large system 
upgrades such as perl, glibc, etc. you should be sure to do a 
revdep-rebuild[8] to help solve issues like the above. It's not a magic 
fix for everything, but it can certainly reduce hair-pulling for strange 
events like these.
 8. http://www.gentoo.org/doc/en/gentoolkit.xml#doc_chap5
 
 * kooky kde behaviour[9] 
 9. http://thread.gmane.org/gmane.linux.gentoo.user/102980
 
Resuming emerge on a notebook
 
Many people have an issue with long running emerges on their notebooks: 
Between work and home they have to cancel and completely restart the 
compilation of some larger packages. 
 
 * How to restart an emerge[10] 
 10. http://thread.gmane.org/gmane.linux.gentoo.user/103221
 
Filesystem automounter
 
Having trouble getting autofs to work on your Gentoo system? Here's a 
thread discussing alternative program recommendations for mounting 
filesystems. 
 
 * autofs, supermount, submount... which is best for Gentoo?[11] 
 11. http://article.gmane.org/gmane.linux.gentoo.user/103026
    
gentoo-dev
----------
  
xorg-x11-6.8.0-r1 ready to go stable on all archs
 
Donnie Berkholz[12] announced that xorg-x11-6.8.0-r1 is ready to go stable 
on x86 and asked all arch maintainers to follow shortly thereafter, unless 
there is a good reason not to mark it stable. Reason for this is to have 
marked it stable before the portage snapshot for the 2004.3 release will 
be taken.
 12. [e-mail:spyderous@gentoo.org]
 
 * xorg-x11-6.8.0-r1 ready to go stable on all archs[13] 
 13. http://thread.gmane.org/gmane.linux.gentoo.devel/22006
 
init script optimizations?
 
Discussions about more or less dangerous optimizations to speed up the 
boot sequence.
 
 * init script optimizations?[14] 
 14. http://thread.gmane.org/gmane.linux.gentoo.devel/22100
 
HPPA dev box is now online at OSU
 
Mike Frysinger[15] got his HPPA development-box set up on OSU where it is 
accessible for every Gentoo developer who need to test ebuilds on HPPA.
 15. [e-mail:vapier@gentoo.org]
 
 * HPPA dev box is now online at OSU[16] 
 16. http://thread.gmane.org/gmane.linux.gentoo.devel/22107
 
rsync speed and space taken
 
Discussions about the size of the Gentoo portage tree.
 
 * rsync speed and space taken[17] 
 17. http://thread.gmane.org/gmane.linux.gentoo.devel/21962
 
Support for UTF-8 in the console
 
Mike Frysinger was looking for feedback from people using UTF-8 fonts and 
keymaps in the console, and asked them to test a new patch.
 
 * support for UTF8 in console[18] 
 18. http://thread.gmane.org/gmane.linux.gentoo.devel/22173
 
GLEP23 - Updates and call for further discussion
 
GLEP 23 deals with Portage and how it handles the ACCEPT_LICENSE clause:
 
 * GLEP23 - Updates and call for further discussion[19]
 19. http://thread.gmane.org/gmane.linux.gentoo.devel/22173
    
=======================
4. Gentoo International
=======================
  
Germany: Munich Gentoo Linux User Group Event
---------------------------------------------
  
Last Saturday, 15 October, MGLUG's Gentooistas[20] and other Linux users 
from Munich's general LUG[21] (celebrating its 10th anniversary this year) 
and neighboring Erding LUG[22] had organized a joint event with "Berkeley 
in Munich"[23], the local BSD community. Labeled "First Open-source 
Infotainment Day", the organisers had brought together speakers exploring 
the structural differences between Linux and FreeBSD, introducing TeX 
desktop publishing, and other topics. One presentation was dedicated to 
"Gentoo Linux from an ISP's viewpoint", and installations of both Gentoo 
Linux and FreeBSD were offered during the event, too. The meeting started 
early and continued over lunch at the premises of a Munich-based job 
training center[24], and a few impressions of the event can be viewed at 
the MGLUG's photo gallery[25]. 
 20. http://www.mglug.de
 21. http://www.muc-lug.de
 22. http://www.lug-erding.de
 23. http://www.berklix.org/bim
 24. http://www.bfipeters.de/
 25. http://www.mglug.de/gallery/aktivitaeten
 
Figure 4.1: Gentoo Linux users and friends in Munich
http://www.gentoo.org/images/gwn/20041018-mglug.jpg
    
Italy: To Smau or not to Smau
-----------------------------
  
It has a reputation for being the largest and most important IT fair in 
Italy, but some Italian Gentooists seem to be skeptical about its 
usefulness. Nevertheless, a few Gechi[26] members are openly thinking of 
attending the Smau this year[27], held at the Milano trade fair ground 
from Thursday 21 October to Monday 25 October 2004. Never mind that 
weighing the pros and cons at this thread in the Gentoo forums[28] only 
has "half-naked dancers" on the plus-side of the balance sheet - you'll 
still be able to meet one or the other Gentooist among the almost 400,000 
visitors expected at the event. 
 26. http://www.gechi.it
 27. http://www.smau.it/smau2004/english/docs/exhibition_what.php
 28. http://forums.gentoo.org/viewtopic.php?t=233447
   
======================
5. Gentoo in the press
======================
  
The Age (12 October 2004)
-------------------------
  
In a rather disturbingly titled article in Australia's leading newspaper 
for the Victoria district[29], "Microsoft scores well on security 
analysis", the Victorian open-source activist Con Zymaris did his best to 
convince author Rob O'Neill of the virtue of open-source security 
advisories, but wasn't entirely successful. If getting shot as a messenger 
of security flaws really is a considerable risk down under, Gentoo may 
want to stand less tall, but in reality, of course, having the highest 
number of security advisories of all open-source projects and commercial 
vendors is not bad at all. 
 29. 
http://www.theage.com.au/articles/2004/10/11/1097406487760.html?oneclick=true
    
ZDNet (12 October 2004)
-----------------------
  
David Berlind at ZDnet props Linux against Mac OS X[30] in his quest for 
the future ruler of the desktop: "Today, even the most reputable and 
recommended distributions of desktop Linux, such as Gentoo and Xandros, 
are not the no-brainers that OS X and Windows--in that order--are." 
Interestingly enough, he seems quite confident that Linux will eventually 
be persistent enough for popular acceptance as a desktop OS: "However, 
it’s only a matter of time before desktop Linux follows precisely the same 
path as server Linux did when it worked its way from the pockets of early 
adopters and risk takers into gaining the widespread affection of server 
administrators."
 30. http://news.zdnet.com/2100-9590_22-5406365.html
    
Central Command, Inc. (press release 13 October 2004) 
------------------------------------------------------
  
Gentoo figures as one of the supported distributions in a press release by 
Central Command, Inc.[31], a privately held company in Ohio providing 
anti-virus software that is going to be offered as a server-side 
application bundled with the services of Outblaze Ltd., a global provider 
of hosted email headquartered in Hong Kong.
 31. http://www.centralcommand.com/13102004.html
    
===========
6. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[32]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 10 October 2004 and 16 October 2004, activity on 
the site has resulted in: 
 32. http://bugs.gentoo.org
 
 * 796 new bugs during this period 
 * 310 bugs closed or resolved during this period 
 * 38 previously closed bugs were reopened this period 
 
Of the 7252 currently open bugs: 124 are labeled 'blocker', 245 are 
labeled 'critical', and 525 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * Gentoo's Team for Core System packages[33], with 28 closed bugs[34]  
 * Gentoo X-windows packagers[35], with 17 closed bugs[36]  
 * Java team[37], with 16 closed bugs[38]  
 * Gentoo Games[39], with 14 closed bugs[40]  
 * AMD64 Porting Team[41], with 11 closed bugs[42]  
 * osx porters[43], with 10 closed bugs[44]  
 * Gentoo KDE team[45], with 10 closed bugs[46]  
 * Gentoo Linux Gnome Desktop Team[47], with 10 closed bugs[48]  
 33. [e-mail:base-system@gentoo.org]
 34. 
[e-mail:/buglist.cgi]
 35. [e-mail:x11@gentoo.org]
 36. 
[e-mail:/buglist.cgi]
 37. [e-mail:java@gentoo.org]
 38. 
[e-mail:/buglist.cgi]
 39. [e-mail:games@gentoo.org]
 40. 
[e-mail:/buglist.cgi]
 41. [e-mail:amd64@gentoo.org]
 42. 
[e-mail:/buglist.cgi]
 43. [e-mail:osx@gentoo.org]
 44. 
[e-mail:/buglist.cgi]
 45. [e-mail:kde@gentoo.org]
 46. 
[e-mail:/buglist.cgi]
 47. [e-mail:gnome@gentoo.org]
 48. 
[e-mail:/buglist.cgi]
    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * Gentoo Linux Gnome Desktop Team[49], with 27 new bugs[50]  
 * Java team[51], with 25 new bugs[52]  
 * Gentoo Toolchain Maintainers[53], with 24 new bugs[54]  
 * Gentoo's Team for Core System packages[55], with 23 new bugs[56]  
 * osx porters[57], with 19 new bugs[58]  
 * AMD64 Porting Team[59], with 18 new bugs[60]  
 * Gentoo X-windows packagers[61], with 17 new bugs[62]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[63], with 15 new 
bugs[64]  
 49. [e-mail:gnome@gentoo.org]
 50. 
[e-mail:/buglist.cgi]
 51. [e-mail:java@gentoo.org]
 52. 
[e-mail:/buglist.cgi]
 53. [e-mail:toolchain@gentoo.org]
 54. 
[e-mail:/buglist.cgi]
 55. [e-mail:base-system@gentoo.org]
 56. 
[e-mail:/buglist.cgi]
 57. [e-mail:osx@gentoo.org]
 58. 
[e-mail:/buglist.cgi]
 59. [e-mail:amd64@gentoo.org]
 60. 
[e-mail:/buglist.cgi]
 61. [e-mail:x11@gentoo.org]
 62. 
[e-mail:/buglist.cgi]
 63. [e-mail:kernel@gentoo.org]
 64. 
[e-mail:/buglist.cgi]
    
==================
7. Tips and Tricks
==================
  
Gentoo Initscripts
------------------
  
This week we will have a look at some nice to know things about 
initscripts that every sysadmin and user should at least have heard of 
once.
 
By installing and administering your installation of Gentoo Linux you will 
have learned about how to add services to a specific runlevel, and how to 
start and stop those services.
 
But most users are not aware of some other nifty functions in the Gentoo 
initscripts that have the potential for making their lives easier in 
administering their Gentoo boxes.
 
Q: What to do if I can’t stop a service? What if the processes were killed 
but my system thinks they are still running?
 
A: Execute /etc/init.d/ zap to reset the status of the service.
 
 
Q: How do I figure out if a service is running or not?
 
A: /etc/init.d/ status will tell you the current status of the 
given service.
 
 
Q: And while we're at it, how can I see all services running?
 
A: rc-status lists all services that have been started and their current 
status.
 
 
Q: How to restart a service?
 
A: /etc/init.d/ restart restarts the service.
 
 
Q: How do I find out what other services have to be started when I want to 
use ?
 
A: /etc/init.d/ ineed will give you a list of services that need 
to be running before this service can be started.
 
 
Q: Which services need/depend on this ?
 
A: /etc/init.d/ needsme lists all services that depend on the 
service given.
 
For further information on how runlevels work in Gentoo Linux please take 
a look at the Initscript guide[65] that is part of the Gentoo System 
Documentation.
 65. http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=5
    
===========================
8. Moves, adds, and changes
===========================
  
Moves
-----
  
The following developers recently left the Gentoo team:
 
 * None this week 
    
Adds
----
  
The following developers recently joined the Gentoo Linux team:
 
 * None this week 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project:
 
 * None this week 
    
====================
9. Contribute to GWN
====================
   
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
email[66].
 66. [e-mail:gwn-feedback@gentoo.org]
    
================
10. GWN feedback
================
   
Please send us your feedback[67] and help make the GWN better.
 67. [e-mail:gwn-feedback@gentoo.org]
    
================================
11. GWN subscription information
================================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
[e-mail:gentoo-gwn-subscribe@gentoo.org].
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
[e-mail:gentoo-gwn-unsubscribe@gentoo.org] from the email address you are 
subscribed under.
    
===================
12. Other languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[68] 
 * Dutch[69] 
 * English[70] 
 * German[71] 
 * French[72] 
 * Japanese[73] 
 * Italian[74] 
 * Polish[75] 
 * Portuguese (Brazil)[76] 
 * Portuguese (Portugal)[77] 
 * Russian[78] 
 * Spanish[79] 
 * Turkish[80] 
 68. http://www.gentoo.org/news/da/gwn/gwn.xml
 69. http://www.gentoo.org/news/be/gwn/gwn.xml
 70. http://www.gentoo.org/news/en/gwn/gwn.xml
 71. http://www.gentoo.org/news/de/gwn/gwn.xml
 72. http://www.gentoo.org/news/fr/gwn/gwn.xml
 73. http://www.gentoo.org/news/ja/gwn/gwn.xml
 74. http://www.gentoo.org/news/it/gwn/gwn.xml
 75. http://www.gentoo.org/news/pl/gwn/gwn.xml
 76. http://www.gentoo.org/news/br/gwn/gwn.xml
 77. http://www.gentoo.org/news/pt/gwn/gwn.xml
 78. http://www.gentoo.org/news/ru/gwn/gwn.xml
 79. http://www.gentoo.org/news/es/gwn/gwn.xml
 80. http://www.gentoo.org/news/tr/gwn/gwn.xml
   
Ulrich Plate  - Editor
Brian Downey  - Author
Marc Hildebrand  - Author
Patrick Lauer  - Author
Emmet Wagle  - Author

-- [e-mail:gentoo-gwn@gentoo.org] mailing list

  Nav
» Read more about: Story Type: Newsletter; Groups: Gentoo

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.