---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 27 September 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo documentation revisited
------------------------------
The first thing many visitors to the Gentoo website will notice when
opening the Gentoo Handbook[1] or any other piece of documentation these
days is a little "Print" link sitting on the top of the right column:
Bowing to long-standing popular requests, Xavier Neys[2] implemented a
simple way of viewing a printer-friendly version of Gentoo documentation.
1. http://www.gentoo.org/doc/en/handbook/index.xml
2. neysx@gentoo.org
Other changes to the Handbook include info about Gentoo's SLOT handling
for packages, an explanation of the reasons for package masking (and how
to circumvent it, if need be) and a reinstatement of the manual GRUB
installation guide requested by many users. Other documentation has been
added last month, too: Dennis Niehüser[3] contributed a very nice
document on power management[4] for laptops, with tips on setting up CPU
frequency scaling, a walkthrough of display, disk, and battery power
management features, and last but not least, a section on sleep states
that answers questions many people are too polite to ask. For Gentoo users
who want to set up their own Internet radio stations, Streaming Radio with
SHOUTcast[5] is an excellent new guide by Chris White[6] that leads
through each step of configuring the server and the network, together with
loads of information on optimizing the service for different uses, get
transcoding for locally stored MP3s to work and much more. Benny Chuang[7]
has corrected the language directories for documentation to reflect
variants of languages (e.g. Chinese, Portuguese), and Steven McCoy[8] has
added a chapter on PAM authentication to the OpenAFS guide.
3. fragfred@gmx.net
4. http://www.gentoo.org/doc/en/power-management-guide.xml
5. http://www.gentoo.org/doc/en/shoutcast-config.xml
6. cwhite@gentoo.org
7. bennyc@gentoo.org
8. fnjordy@gmail.com
The Gentoo Documentation Project has put up a roadmap document[9],
featuring all items on the agenda that need immediate fixing. If you want
to help, get involved by subscribing to the documentation project mailing
list[10].
9. http://www.gentoo.org/proj/en/gdp/roadmap.xml
10. http://www.gentoo.org/proj/en/gdp/#doc_chap6
New GWN section: Gentoo in the press
------------------------------------
Starting this week, the GWN carries a new section referencing publications
that have written about Gentoo. It is likely to have an irregular
schedule, since we don't expect to find something to point you to each
week, but will gladly accept any hints from our readers: If you happen to
know of an article in a magazine, or even TV or radio coverage of Gentoo
Linux, please tell us! The original language of the publication is
unimportant. Just write a short description of the article's content and
send it to gwn-feedback@gentoo.org, together with a link to the
publisher's website, and possibly a scan of the article (if it isn't
available online). Thanks a lot, and enjoy reading the first installment
of Gentoo in the Press, just below our International News section.
==================
2. Gentoo security
==================
Foomatic: Arbitrary command exec foomatic
-----------------------------------------
The foomatic-rip filter in foomatic-filters contains a vulnerability which
may allow arbitrary command execution on the print server.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200409-24.xml
CUPS: Denial of service vulnerability
-------------------------------------
A vulnerability in CUPS allows remote attackers to cause a denial of
service when sending a carefully-crafted UDP packet to the IPP port.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200409-25.xml
Mozilla, Firefox, Thunderbird, Epiphany vulnerability fixes
-----------------------------------------------------------
New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla
Firefox fix several vulnerabilities, including the remote execution of
arbitrary code.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200409-26.xml
glFTPd: Local buffer overflow vulnerability
-------------------------------------------
glFTPd is vulnerable to a local buffer overflow which may allow arbitrary
code execution.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200409-27.xml
GTK+ 2, gdk-pixbuf: multiple vulnerabilities
--------------------------------------------
The GdkPixbuf library, which is also included in GTK+ 2, contains several
vulnerabilities that could lead to a Denial of Service or the execution of
arbitrary code.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200409-28.xml
FreeRADIUS: Multiple Denial of Service vulnerabilities
------------------------------------------------------
Multiple Denial of Service vulnerabilities were found and fixed in
FreeRADIUS.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200409-29.xml
xine-lib: Multiple vulnerabilities
----------------------------------
xine-lib contains several vulnerabilities potentially allowing the
execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml
jabberd 1.x: Denial of Service vulnerability
--------------------------------------------
The jabberd server was found to be vulnerable to a remote Denial of
Service attack.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml
getmail: Filesystem overwrite vulnerability
-------------------------------------------
getmail contains a vulnerability that could potentially allow any local
user to create or overwrite files in any directory on the system. This
flaw can be escalated further and possibly lead to a complete system
compromise.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200409-32.xml
Apache: Exposure of protected directories
-----------------------------------------
A bug in the way Apache handles the Satisfy directive can lead to the
exposure of protected directories to unauthorized users.
For more information, please see the GLSA Announcement[20]
20. http://www.gentoo.org/security/en/glsa/glsa-200409-33.xml
=========================
3. Heard in the community
=========================
Web forums
----------
Portage 2.0.51_rc1 trials and tribulations
The new Portage version is rippling the surface of more than one forum
these days. Check for new features, bugs, and bugs that really are
features at one of the threads below:
* portage_2.0.51_rc1 and virtuals[21]
* Portage 2.0.51 Question[22]
* Neue Funktionen und Optionen in Portage 2.0.51[23](German)
* Nuove funzioni e opzioni di Portage 2.0.51[24](Italian)
21. http://forums.gentoo.org/viewtopic.php?t=227479
22. http://forums.gentoo.org/viewtopic.php?t=224088
23. http://forums.gentoo.org/viewtopic.php?t=224063
24. http://forums.gentoo.org/viewtopic.php?t=228706
gentoo-dev
----------
Xorg takes the place of xfree as default for the x11 virtual
* Xorg as Default X11 Virtual[25]
25. http://thread.gmane.org/gmane.linux.gentoo.devel/21460
Hardened toolchain reorganization
Solar had previously announced that the hardened toolchain might be
dropped, but reconsidered when many developers and users gave very
positive feedback. As it stands now, the Gentoo Hardened subproject does
not have the manpower to do everything at once, so every bit of support,
especially with bug hunting and fixing is wanted.
* Hardened Toolchain[26]
26. http://thread.gmane.org/gmane.linux.gentoo.devel/21440
Stack-smash protection by default?
This long and controversial thread was started upon someone asking a
rather innocent question: Shouldn't Gentoo offer stack-smash protection
("-fstack-protector" CFLAG) by default, since most vulnerabilities are
still buffer overflows? Stack-smash protection can adversely affect
performance, it offers protection against a class of exploits, enabling it
may protect users, at little extra cost.
* Stack Smash Protection[27]
27. http://thread.gmane.org/gmane.linux.gentoo.devel/21468
USE="acl" likely to be removed from profiles
All profiles and stage2 / stage3 set USE="acl", but most users will not
need it, and some complications may happen during install. Therefore this
flag has been removed from the 2004.3 x86 profile; most likely the other
profiles will do the same.
* USE="acl" Dropped[28]
28. http://thread.gmane.org/gmane.linux.gentoo.devel/21398
Moving /usr/qt and /usr/kde for better FHS compliance?
The FHS (File Hierarchy Standard) defines default locations for most files
in a linux system. Is the Gentoo strategy of using /usr/qt/x.y and
/usr/kde/x.y to allow different KDE and QT versions to coexist a violation
of the FHS?
* Qt/KDE and FHS[29]
29. http://thread.gmane.org/gmane.linux.gentoo.devel/21350
=======================
4. Gentoo International
=======================
Italy: Impressions from Linux World Expò - The Gechi LWE movie
The Gechi (Gentoo Channel Italia) activists have veni to the Linux World
Expo (Milano edition), and have both vidi and vici... To provide a virtual
experience of their introductory Gentoo presentation they've set up four
movie versions of the speech given by Forum user .:deadhead:.[30]. Kindly
refrain from clicking any of the links listed below if your bandwidth
doesn't allow for large downloads, or you don't have 54 minutes to watch
their endeavours:
30. http://forums.gentoo.org/profile.php?mode=viewprofile&u=36380
* Gechi Presentation at LWE Milano 2004 (different formats, 20 to 330
MB)[31]
31. http://www.freesmug.org/video/gechi
Germany: Gentoo PPC developer meeting update
Both Belgians on the Gentoo PPC team, Pieter van den Abeele (pvdabeel) and
Jochen Maes (SeJo), have announced their presence at the GentooPPC
developer meeting[32] scheduled for Thursday this week, 30 September,
bringing the number of participants to double digits (from almost as many
different countries). You can still register for this event at Kransberg
Castle (near Frankfurt am Main) with Ulrich Plate[33].
32. http://www.gentoo.org/news/en/gwn/20040920-newsletter.xml#doc_chap5
33. plate@gentoo.org
======================
5. Gentoo in the press
======================
Linux Gazette: September 2004 (issue no. 106)
---------------------------------------------
Mike Orr (aka Sluggo) wrote an article about Installing Gentoo[34] -
"still my favourite distro" - for this month's Linux Gazette. He describes
the installation process of a desktop system on two different PCs, both
dual-booting Windows, one Pentium III with 1 GHz and a brandnew 2.6 GHz
Pentium4 with two monitors.
34. http://www.tldp.org/LDP/LGNET/106/orr.html
Linux+ 02/2004 (September 2004)
--------------------------------
This month the Polish magazine Linux+[35] (also distributed in German and
Czech versions) comes bundled with two DVDs, one of which has Gentoo Linux
2004.1 for x86 (stages 1 and 3 included) on it, with an updated Portage
and an extra-check of software dependencies. The printed edition includes
an article describing the installation from DVD, the official handbook and
additional installation guides can always be found at the Gentoo
website[36].
35. http://www.lpmagazine.org
36. http://www.gentoo.org
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed Bug Ranking
* New Bug Rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[37]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 19 September 2004 and 25 September 2004,
activity on the site has resulted in:
37. http://bugs.gentoo.org
* 680 new bugs during this period
* 505 bugs closed or resolved during this period
* 15 previously closed bugs were reopened this period
Of the 7133 currently open bugs: 135 are labeled 'blocker', 220 are
labeled 'critical', and 562 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo KDE team[38], with 31 closed bugs[39]
* PPC Porters[40], with 25 closed bugs[41]
* ppc64 architecture team[42], with 21 closed bugs[43]
* Greg Kroah-Hartman[44], with 21 closed bugs[45]
* Gentoo Games[46], with 18 closed bugs[47]
* Gentoo Security[48], with 17 closed bugs[49]
* Java team[50], with 17 closed bugs[51]
* Perl Devs @ Gentoo[52], with 16 closed bugs[53]
38. kde@gentoo.org
39.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=kde@gentoo.org
40. ppc@gentoo.org
41.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=ppc@gentoo.org
42. ppc64@gentoo.org
43.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=ppc64@gentoo.org
44. gregkh@gentoo.org
45.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=gregkh@gentoo.org
46. games@gentoo.org
47.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=games@gentoo.org
48. security@gentoo.org
49.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=security@gentoo.org
50. java@gentoo.org
51.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=java@gentoo.org
52. perl@gentoo.org
53.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=perl@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Mozilla Gentoo Team[54], with 19 new bugs[55]
* Gentoo Linux Gnome Desktop Team[56], with 18 new bugs[57]
* Gentoo X-windows packagers[58], with 16 new bugs[59]
* Gentoo KDE team[60], with 14 new bugs[61]
* AMD64 Porting Team[62], with 14 new bugs[63]
* media-video herd[64], with 10 new bugs[65]
* Gentoo's Team for Core System packages[66], with 10 new bugs[67]
* PHP Bugs[68], with 7 new bugs[69]
54. mozilla@gentoo.org
55.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=mozilla@gentoo.org
56. gnome@gentoo.org
57.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=gnome@gentoo.org
58. x11@gentoo.org
59.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=x11@gentoo.org
60. kde@gentoo.org
61.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=kde@gentoo.org
62. amd64@gentoo.org
63.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=amd64@gentoo.org
64. media-video@gentoo.org
65.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=media-video@gentoo.org
66. base-system@gentoo.org
67.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=base-system@gentoo.org
68. php-bugs@gentoo.org
69.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=php-bugs@gentoo.org
==================
7. Tips and tricks
==================
Roaming network profiles for laptops with Quickswitch
-----------------------------------------------------
Every Laptop user knows what I am talking about by saying that switching
network profiles is a real problem and hard to keep track of when doing it
manually. This is where Quickswitch[70] comes in. Quickswitch is a utility
that not only makes laptop users' everyday life easier by letting them
create and use roaming network profiles, but it also has built-in support
for multiple network cards, wireless LAN configurations, different kernel
parameters, support for X configurations, Netscape preferences, Samba
shares and so on and so forth.
70. http://muthanna.com/quickswitch
Sounds good? Want to learn how to use it? Read on:
---------------------------------------------------------------------------
| Code Listing 7.1: |
|Installing |
Quickswitch----------------------------------------------------------------
---------
|# emerge quickswitch |
---------------------------------------------------------------------------
Now we need to tell quickswitch about all the network settings we want to
be able to switch to. Quickswitch can be configured using it configuration
file in /etc/quickswitch/switchto.conf. There is also a sample
configuration in /etc/quickswitch/switchto.conf.sample.
---------------------------------------------------------------------------
| Code Listing 7.2: |
|Setting up the quickswitch configuration in |
/etc/quickswitch/switchto.conf---------------------------------------------
----------------------------
|# This is the default configuration: |
|[config] |
|device=eth0 |
|# Path to save last known good configuration... |
|servicefilename=/etc/quickswitch/switchto.last |
| |
|# This is our profile called "home": |
|[home] |
|description=home |
|address=192.168.0.25 |
|netmask=255.255.255.0 |
|gateway=192.168.0.1 |
|dns1=195.62.99.42 |
|dns2=195.62.97.177 |
| |
|# This is our profile called "work": |
|[work] |
|description=work |
|address=10.16.3.114 |
|netmask=255.255.255.0 |
|gateway=10.16.3.249 |
|dns1=195.62.99.42 |
| |
| |
---------------------------------------------------------------------------
We are finished with the configuration now. Let's test if it works.
---------------------------------------------------------------------------
| Code Listing 7.3: |
|Using switchto to switch to another |
profile--------------------------------------------------------------------
-----
|Switch to "work" profile: |
|# switchto work |
|Switch to "home" profile: |
|# switchto home |
---------------------------------------------------------------------------
Use ifconfig and route to make sure that switchto correctly applied the
settings the first time. Everythings ok? Well done!
Quickswitch offers two more ways of how to switch your profile.
* switcher is a simple curses based GUI to switch between your profiles.
* TraySwitcher[70] is a more sophisticated Gnome tray applet.
To learn how Quickswitch easily lets you create profiles that also switch
Samba, X configurations and even more. Take a look at the well documented
/etc/quickswitch/switchto.conf.sample sample configuration file and visit
the Quickswitch project homepage[71].
71. http://quickswitch.sourceforge.net/
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[72].
72. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[73] and help make the GWN better.
73. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[74]
* Dutch[75]
* English[76]
* German[77]
* French[78]
* Japanese[79]
* Italian[80]
* Polish[81]
* Portuguese (Brazil)[82]
* Portuguese (Portugal)[83]
* Russian[84]
* Spanish[85]
* Turkish[86]
74. http://www.gentoo.org/news/da/gwn/gwn.xml
75. http://www.gentoo.org/news/be/gwn/gwn.xml
76. http://www.gentoo.org/news/en/gwn/gwn.xml
77. http://www.gentoo.org/news/de/gwn/gwn.xml
78. http://www.gentoo.org/news/fr/gwn/gwn.xml
79. http://www.gentoo.org/news/ja/gwn/gwn.xml
80. http://www.gentoo.org/news/it/gwn/gwn.xml
81. http://www.gentoo.org/news/pl/gwn/gwn.xml
82. http://www.gentoo.org/news/br/gwn/gwn.xml
83. http://www.gentoo.org/news/pt/gwn/gwn.xml
84. http://www.gentoo.org/news/ru/gwn/gwn.xml
85. http://www.gentoo.org/news/es/gwn/gwn.xml
86. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Christian Hartmann <ian@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 27 September 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo documentation revisited
------------------------------
The first thing many visitors to the Gentoo website will notice when
opening the Gentoo Handbook[1] or any other piece of documentation these
days is a little "Print" link sitting on the top of the right column:
Bowing to long-standing popular requests, Xavier Neys[2] implemented a
simple way of viewing a printer-friendly version of Gentoo documentation.
1. http://www.gentoo.org/doc/en/handbook/index.xml
2. neysx@gentoo.org
Other changes to the Handbook include info about Gentoo's SLOT handling
for packages, an explanation of the reasons for package masking (and how
to circumvent it, if need be) and a reinstatement of the manual GRUB
installation guide requested by many users. Other documentation has been
added last month, too: Dennis Niehüser[3] contributed a very nice
document on power management[4] for laptops, with tips on setting up CPU
frequency scaling, a walkthrough of display, disk, and battery power
management features, and last but not least, a section on sleep states
that answers questions many people are too polite to ask. For Gentoo users
who want to set up their own Internet radio stations, Streaming Radio with
SHOUTcast[5] is an excellent new guide by Chris White[6] that leads
through each step of configuring the server and the network, together with
loads of information on optimizing the service for different uses, get
transcoding for locally stored MP3s to work and much more. Benny Chuang[7]
has corrected the language directories for documentation to reflect
variants of languages (e.g. Chinese, Portuguese), and Steven McCoy[8] has
added a chapter on PAM authentication to the OpenAFS guide.
3. fragfred@gmx.net
4. http://www.gentoo.org/doc/en/power-management-guide.xml
5. http://www.gentoo.org/doc/en/shoutcast-config.xml
6. cwhite@gentoo.org
7. bennyc@gentoo.org
8. fnjordy@gmail.com
The Gentoo Documentation Project has put up a roadmap document[9],
featuring all items on the agenda that need immediate fixing. If you want
to help, get involved by subscribing to the documentation project mailing
list[10].
9. http://www.gentoo.org/proj/en/gdp/roadmap.xml
10. http://www.gentoo.org/proj/en/gdp/#doc_chap6
New GWN section: Gentoo in the press
------------------------------------
Starting this week, the GWN carries a new section referencing publications
that have written about Gentoo. It is likely to have an irregular
schedule, since we don't expect to find something to point you to each
week, but will gladly accept any hints from our readers: If you happen to
know of an article in a magazine, or even TV or radio coverage of Gentoo
Linux, please tell us! The original language of the publication is
unimportant. Just write a short description of the article's content and
send it to gwn-feedback@gentoo.org, together with a link to the
publisher's website, and possibly a scan of the article (if it isn't
available online). Thanks a lot, and enjoy reading the first installment
of Gentoo in the Press, just below our International News section.
==================
2. Gentoo security
==================
Foomatic: Arbitrary command exec foomatic
-----------------------------------------
The foomatic-rip filter in foomatic-filters contains a vulnerability which
may allow arbitrary command execution on the print server.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200409-24.xml
CUPS: Denial of service vulnerability
-------------------------------------
A vulnerability in CUPS allows remote attackers to cause a denial of
service when sending a carefully-crafted UDP packet to the IPP port.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200409-25.xml
Mozilla, Firefox, Thunderbird, Epiphany vulnerability fixes
-----------------------------------------------------------
New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla
Firefox fix several vulnerabilities, including the remote execution of
arbitrary code.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200409-26.xml
glFTPd: Local buffer overflow vulnerability
-------------------------------------------
glFTPd is vulnerable to a local buffer overflow which may allow arbitrary
code execution.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200409-27.xml
GTK+ 2, gdk-pixbuf: multiple vulnerabilities
--------------------------------------------
The GdkPixbuf library, which is also included in GTK+ 2, contains several
vulnerabilities that could lead to a Denial of Service or the execution of
arbitrary code.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200409-28.xml
FreeRADIUS: Multiple Denial of Service vulnerabilities
------------------------------------------------------
Multiple Denial of Service vulnerabilities were found and fixed in
FreeRADIUS.
For more information, please see the GLSA Announcement[16]
16. http://www.gentoo.org/security/en/glsa/glsa-200409-29.xml
xine-lib: Multiple vulnerabilities
----------------------------------
xine-lib contains several vulnerabilities potentially allowing the
execution of arbitrary code.
For more information, please see the GLSA Announcement[17]
17. http://www.gentoo.org/security/en/glsa/glsa-200409-30.xml
jabberd 1.x: Denial of Service vulnerability
--------------------------------------------
The jabberd server was found to be vulnerable to a remote Denial of
Service attack.
For more information, please see the GLSA Announcement[18]
18. http://www.gentoo.org/security/en/glsa/glsa-200409-31.xml
getmail: Filesystem overwrite vulnerability
-------------------------------------------
getmail contains a vulnerability that could potentially allow any local
user to create or overwrite files in any directory on the system. This
flaw can be escalated further and possibly lead to a complete system
compromise.
For more information, please see the GLSA Announcement[19]
19. http://www.gentoo.org/security/en/glsa/glsa-200409-32.xml
Apache: Exposure of protected directories
-----------------------------------------
A bug in the way Apache handles the Satisfy directive can lead to the
exposure of protected directories to unauthorized users.
For more information, please see the GLSA Announcement[20]
20. http://www.gentoo.org/security/en/glsa/glsa-200409-33.xml
=========================
3. Heard in the community
=========================
Web forums
----------
Portage 2.0.51_rc1 trials and tribulations
The new Portage version is rippling the surface of more than one forum
these days. Check for new features, bugs, and bugs that really are
features at one of the threads below:
* portage_2.0.51_rc1 and virtuals[21]
* Portage 2.0.51 Question[22]
* Neue Funktionen und Optionen in Portage 2.0.51[23](German)
* Nuove funzioni e opzioni di Portage 2.0.51[24](Italian)
21. http://forums.gentoo.org/viewtopic.php?t=227479
22. http://forums.gentoo.org/viewtopic.php?t=224088
23. http://forums.gentoo.org/viewtopic.php?t=224063
24. http://forums.gentoo.org/viewtopic.php?t=228706
gentoo-dev
----------
Xorg takes the place of xfree as default for the x11 virtual
* Xorg as Default X11 Virtual[25]
25. http://thread.gmane.org/gmane.linux.gentoo.devel/21460
Hardened toolchain reorganization
Solar had previously announced that the hardened toolchain might be
dropped, but reconsidered when many developers and users gave very
positive feedback. As it stands now, the Gentoo Hardened subproject does
not have the manpower to do everything at once, so every bit of support,
especially with bug hunting and fixing is wanted.
* Hardened Toolchain[26]
26. http://thread.gmane.org/gmane.linux.gentoo.devel/21440
Stack-smash protection by default?
This long and controversial thread was started upon someone asking a
rather innocent question: Shouldn't Gentoo offer stack-smash protection
("-fstack-protector" CFLAG) by default, since most vulnerabilities are
still buffer overflows? Stack-smash protection can adversely affect
performance, it offers protection against a class of exploits, enabling it
may protect users, at little extra cost.
* Stack Smash Protection[27]
27. http://thread.gmane.org/gmane.linux.gentoo.devel/21468
USE="acl" likely to be removed from profiles
All profiles and stage2 / stage3 set USE="acl", but most users will not
need it, and some complications may happen during install. Therefore this
flag has been removed from the 2004.3 x86 profile; most likely the other
profiles will do the same.
* USE="acl" Dropped[28]
28. http://thread.gmane.org/gmane.linux.gentoo.devel/21398
Moving /usr/qt and /usr/kde for better FHS compliance?
The FHS (File Hierarchy Standard) defines default locations for most files
in a linux system. Is the Gentoo strategy of using /usr/qt/x.y and
/usr/kde/x.y to allow different KDE and QT versions to coexist a violation
of the FHS?
* Qt/KDE and FHS[29]
29. http://thread.gmane.org/gmane.linux.gentoo.devel/21350
=======================
4. Gentoo International
=======================
Italy: Impressions from Linux World Expò - The Gechi LWE movie
The Gechi (Gentoo Channel Italia) activists have veni to the Linux World
Expo (Milano edition), and have both vidi and vici... To provide a virtual
experience of their introductory Gentoo presentation they've set up four
movie versions of the speech given by Forum user .:deadhead:.[30]. Kindly
refrain from clicking any of the links listed below if your bandwidth
doesn't allow for large downloads, or you don't have 54 minutes to watch
their endeavours:
30. http://forums.gentoo.org/profile.php?mode=viewprofile&u=36380
* Gechi Presentation at LWE Milano 2004 (different formats, 20 to 330
MB)[31]
31. http://www.freesmug.org/video/gechi
Germany: Gentoo PPC developer meeting update
Both Belgians on the Gentoo PPC team, Pieter van den Abeele (pvdabeel) and
Jochen Maes (SeJo), have announced their presence at the GentooPPC
developer meeting[32] scheduled for Thursday this week, 30 September,
bringing the number of participants to double digits (from almost as many
different countries). You can still register for this event at Kransberg
Castle (near Frankfurt am Main) with Ulrich Plate[33].
32. http://www.gentoo.org/news/en/gwn/20040920-newsletter.xml#doc_chap5
33. plate@gentoo.org
======================
5. Gentoo in the press
======================
Linux Gazette: September 2004 (issue no. 106)
---------------------------------------------
Mike Orr (aka Sluggo) wrote an article about Installing Gentoo[34] -
"still my favourite distro" - for this month's Linux Gazette. He describes
the installation process of a desktop system on two different PCs, both
dual-booting Windows, one Pentium III with 1 GHz and a brandnew 2.6 GHz
Pentium4 with two monitors.
34. http://www.tldp.org/LDP/LGNET/106/orr.html
Linux+ 02/2004 (September 2004)
--------------------------------
This month the Polish magazine Linux+[35] (also distributed in German and
Czech versions) comes bundled with two DVDs, one of which has Gentoo Linux
2004.1 for x86 (stages 1 and 3 included) on it, with an updated Portage
and an extra-check of software dependencies. The printed edition includes
an article describing the installation from DVD, the official handbook and
additional installation guides can always be found at the Gentoo
website[36].
35. http://www.lpmagazine.org
36. http://www.gentoo.org
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed Bug Ranking
* New Bug Rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[37]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 19 September 2004 and 25 September 2004,
activity on the site has resulted in:
37. http://bugs.gentoo.org
* 680 new bugs during this period
* 505 bugs closed or resolved during this period
* 15 previously closed bugs were reopened this period
Of the 7133 currently open bugs: 135 are labeled 'blocker', 220 are
labeled 'critical', and 562 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* Gentoo KDE team[38], with 31 closed bugs[39]
* PPC Porters[40], with 25 closed bugs[41]
* ppc64 architecture team[42], with 21 closed bugs[43]
* Greg Kroah-Hartman[44], with 21 closed bugs[45]
* Gentoo Games[46], with 18 closed bugs[47]
* Gentoo Security[48], with 17 closed bugs[49]
* Java team[50], with 17 closed bugs[51]
* Perl Devs @ Gentoo[52], with 16 closed bugs[53]
38. kde@gentoo.org
39.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=kde@gentoo.org
40. ppc@gentoo.org
41.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=ppc@gentoo.org
42. ppc64@gentoo.org
43.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=ppc64@gentoo.org
44. gregkh@gentoo.org
45.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=gregkh@gentoo.org
46. games@gentoo.org
47.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=games@gentoo.org
48. security@gentoo.org
49.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=security@gentoo.org
50. java@gentoo.org
51.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=java@gentoo.org
52. perl@gentoo.org
53.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-09-19&chfieldto=2004-09-25&resolution=FIX
ED&assigned_to=perl@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* Mozilla Gentoo Team[54], with 19 new bugs[55]
* Gentoo Linux Gnome Desktop Team[56], with 18 new bugs[57]
* Gentoo X-windows packagers[58], with 16 new bugs[59]
* Gentoo KDE team[60], with 14 new bugs[61]
* AMD64 Porting Team[62], with 14 new bugs[63]
* media-video herd[64], with 10 new bugs[65]
* Gentoo's Team for Core System packages[66], with 10 new bugs[67]
* PHP Bugs[68], with 7 new bugs[69]
54. mozilla@gentoo.org
55.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=mozilla@gentoo.org
56. gnome@gentoo.org
57.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=gnome@gentoo.org
58. x11@gentoo.org
59.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=x11@gentoo.org
60. kde@gentoo.org
61.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=kde@gentoo.org
62. amd64@gentoo.org
63.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=amd64@gentoo.org
64. media-video@gentoo.org
65.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=media-video@gentoo.org
66. base-system@gentoo.org
67.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=base-system@gentoo.org
68. php-bugs@gentoo.org
69.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-09-19&chfieldto=2004-09
-25&assigned_to=php-bugs@gentoo.org
==================
7. Tips and tricks
==================
Roaming network profiles for laptops with Quickswitch
-----------------------------------------------------
Every Laptop user knows what I am talking about by saying that switching
network profiles is a real problem and hard to keep track of when doing it
manually. This is where Quickswitch[70] comes in. Quickswitch is a utility
that not only makes laptop users' everyday life easier by letting them
create and use roaming network profiles, but it also has built-in support
for multiple network cards, wireless LAN configurations, different kernel
parameters, support for X configurations, Netscape preferences, Samba
shares and so on and so forth.
70. http://muthanna.com/quickswitch
Sounds good? Want to learn how to use it? Read on:
---------------------------------------------------------------------------
| Code Listing 7.1: |
|Installing |
Quickswitch----------------------------------------------------------------
---------
|# emerge quickswitch |
---------------------------------------------------------------------------
Now we need to tell quickswitch about all the network settings we want to
be able to switch to. Quickswitch can be configured using it configuration
file in /etc/quickswitch/switchto.conf. There is also a sample
configuration in /etc/quickswitch/switchto.conf.sample.
---------------------------------------------------------------------------
| Code Listing 7.2: |
|Setting up the quickswitch configuration in |
/etc/quickswitch/switchto.conf---------------------------------------------
----------------------------
|# This is the default configuration: |
|[config] |
|device=eth0 |
|# Path to save last known good configuration... |
|servicefilename=/etc/quickswitch/switchto.last |
| |
|# This is our profile called "home": |
|[home] |
|description=home |
|address=192.168.0.25 |
|netmask=255.255.255.0 |
|gateway=192.168.0.1 |
|dns1=195.62.99.42 |
|dns2=195.62.97.177 |
| |
|# This is our profile called "work": |
|[work] |
|description=work |
|address=10.16.3.114 |
|netmask=255.255.255.0 |
|gateway=10.16.3.249 |
|dns1=195.62.99.42 |
| |
| |
---------------------------------------------------------------------------
We are finished with the configuration now. Let's test if it works.
---------------------------------------------------------------------------
| Code Listing 7.3: |
|Using switchto to switch to another |
profile--------------------------------------------------------------------
-----
|Switch to "work" profile: |
|# switchto work |
|Switch to "home" profile: |
|# switchto home |
---------------------------------------------------------------------------
Use ifconfig and route to make sure that switchto correctly applied the
settings the first time. Everythings ok? Well done!
Quickswitch offers two more ways of how to switch your profile.
* switcher is a simple curses based GUI to switch between your profiles.
* TraySwitcher[70] is a more sophisticated Gnome tray applet.
To learn how Quickswitch easily lets you create profiles that also switch
Samba, X configurations and even more. Take a look at the well documented
/etc/quickswitch/switchto.conf.sample sample configuration file and visit
the Quickswitch project homepage[71].
71. http://quickswitch.sourceforge.net/
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[72].
72. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[73] and help make the GWN better.
73. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[74]
* Dutch[75]
* English[76]
* German[77]
* French[78]
* Japanese[79]
* Italian[80]
* Polish[81]
* Portuguese (Brazil)[82]
* Portuguese (Portugal)[83]
* Russian[84]
* Spanish[85]
* Turkish[86]
74. http://www.gentoo.org/news/da/gwn/gwn.xml
75. http://www.gentoo.org/news/be/gwn/gwn.xml
76. http://www.gentoo.org/news/en/gwn/gwn.xml
77. http://www.gentoo.org/news/de/gwn/gwn.xml
78. http://www.gentoo.org/news/fr/gwn/gwn.xml
79. http://www.gentoo.org/news/ja/gwn/gwn.xml
80. http://www.gentoo.org/news/it/gwn/gwn.xml
81. http://www.gentoo.org/news/pl/gwn/gwn.xml
82. http://www.gentoo.org/news/br/gwn/gwn.xml
83. http://www.gentoo.org/news/pt/gwn/gwn.xml
84. http://www.gentoo.org/news/ru/gwn/gwn.xml
85. http://www.gentoo.org/news/es/gwn/gwn.xml
86. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Christian Hartmann <ian@gentoo.org> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
--
gentoo-gwn@gentoo.org mailing list