---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 8 November 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo User Survey Results
--------------------------
Corey Shields[1] has published the preliminary results of the Gentoo User
Survey[2]. Conducted during two weeks in September, all purely numerical
data has now been evaluated and processed for publication on Corey's own
developer webspace, pending interpretation of three additional text-based
questions that respondents have answered using their own words, which
requires more work to aggregate, to be added to the published data at a
later date.
1. cshields@gentoo.org
2. http://dev.gentoo.org/~cshields/survey/survey.html
Figure 1.1: Portage and optimizations most important for users
http://www.gentoo.org/images/gwn/20041108-survey1.jpg
The results bear little to no surprises as long as current user habits are
concerned. Out of experience, a majority of Gentooists synchronizing and
updating their configuration on a daily basis was to be expected. Some of
the questions concerning future plans for Gentoo provoked answers quite
outside expectations, though. Who would have thought that simplified,
possibly GUI-based installation routines would figure so prominently among
user preferences?
Figure 1.2: Caveat: Most respondents said 'None of these'
http://www.gentoo.org/images/gwn/20041108-survey2.jpg
Other requests are already reflected in Gentoo's policy. The release
schedule, estimated to be most useful at a new release every six months by
47 percent of Gentooists asked, will effectively be changed to a
twice-a-year rhythm starting with 2005.0.
==================
2. Gentoo security
==================
ppp: No denial of service vulnerability
---------------------------------------
pppd contains a bug that allows an attacker to crash his own connection,
but it cannot be used to deny service to other users.
For more information, please see the GLSA Announcement[3]
3. http://www.gentoo.org/security/en/glsa/glsa-200411-01.xml
Cherokee: Format string vulnerability
-------------------------------------
Cherokee contains a format string vulnerability that could lead to denial
of service or the execution of arbitary code.
For more information, please see the GLSA Announcement[4]
4. http://www.gentoo.org/security/en/glsa/glsa-200411-02.xml
Apache 1.3: Buffer overflow vulnerability in mod_include
--------------------------------------------------------
A buffer overflow vulnerability exists in mod_include which could possibly
allow a local attacker to gain escalated privileges.
For more information, please see the GLSA Announcement[5]
5. http://www.gentoo.org/security/en/glsa/glsa-200411-03.xml
Speedtouch USB driver: Privilege escalation vulnerability
---------------------------------------------------------
A vulnerability in the Speedtouch USB driver can be exploited to allow
local users to execute arbitrary code with escalated privileges.
For more information, please see the GLSA Announcement[6]
6. http://www.gentoo.org/security/en/glsa/glsa-200411-04.xml
libxml2: Remotely exploitable buffer overflow
---------------------------------------------
libxml2 contains multiple buffer overflows which could lead to the
execution of arbitrary code.
For more information, please see the GLSA Announcement[7]
7. http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
MIME-tools: Virus detection evasion
-----------------------------------
MIME-tools doesn't handle empty MIME boundaries correctly. This may
prevent some virus-scanning programs which use MIME-tools from detecting
certain viruses.
For more information, please see the GLSA Announcement[8]
8. http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
Proxytunnel: Format string vulnerability
----------------------------------------
Proxytunnel is vulnerable to a format string vulnerability, potentially
allowing a remote server to execute arbitrary code with the rights of the
Proxytunnel process.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml
GD: Integer overflow
--------------------
The PNG image decoding routines in the GD library contain an integer
overflow that may allow execution of arbitrary code with the rights of the
program decoding a malicious PNG image.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200411-08.xml
shadow: Unauthorized modification of account information
--------------------------------------------------------
A flaw in the chfn and chsh utilities might allow modification of account
properties by unauthorized users.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200411-09.xml
Gallery: Cross-site scripting vulnerability
-------------------------------------------
Gallery is vulnerable to cross-site scripting attacks.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200411-10.xml
ImageMagick: EXIF buffer overflow
---------------------------------
ImageMagick contains an error in boundary checks when handling EXIF
information, which could lead to arbitrary code execution.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200411-11.xml
=========================
3. Heard in the community
=========================
gentoo-user
-----------
Sharing /usr/portage
Supporting multiple Gentoo systems typically means maintaining separate
copies of the portage tree. To save disk space and time, several users
discuss how to manage a single shared copy across all systems.
* How much of portage can be shared/deleted?[14]
14. http://thread.gmane.org/gmane.linux.gentoo.user/105834
Perl modules in Portage
One user inquires about installing perl modules in portage after having
trouble finding them. Portage offers a helpful script to search for perl
modules and dynamically generate an ebuild to install them.
* GPG and Perl Modules[15]
15. http://thread.gmane.org/gmane.linux.gentoo.user/106090
gentoo-dev
----------
PS2 and Gentoo Linux
As Gentoo seems to run on everything (except maybe refrigerators), this
thread explores the feasibility of Gentoo on the PlayStation 2. Getting a
full Gentoo install on it will not be easy, but it looks like lots of fun
trying to.
* PS2 and Gentoo Linux[16]
16. http://thread.gmane.org/gmane.linux.gentoo.devel/22674
Handling multiple packages providing a symlink
Ciaran McCreesh[17] explores the possibilities of handling multiple
packages (like vi, vim, elvis) providing symlinks (in this case for vi).
Most suggestions from others included implementing a system like Debian
alternatives, so expect some nice and pleasant modifications soon.
17. ciaranm@gentoo.org
* Handling multiple packages providing a symlink[18]
18. http://thread.gmane.org/gmane.linux.gentoo.devel/22647
Official Gentoo motto?
Following a NewsForge article claiming that the official Gentoo Motto was
"If it moves, compile it", people were wondering - since clearly this
isn't it - what could in fact be a good motto for Gentoo.
* Official Gentoo Motto?[19]
19. http://thread.gmane.org/gmane.linux.gentoo.devel/22540
=======================
4. Gentoo International
=======================
Italy: Gentoo Day
-----------------
27 November 2004 is going to be the date for the fourth time that Italy's
ever-growing open-source movement organizes a national Linux day[20], and
the second time that this Italy-wide event is reason enough for the
Italian Gentoo users to prepare for some evangelism of their own: For the
second year in a row, "Gentoo Day" is going to be held simultaneously in
two cities in Italy, Prato and Milano, thanks to those Gentooists active
in the Gentoo Channel Italia (Gechi) framework, and the hospitality of two
co-organizing local Linux User Groups, MiLUG[21] and PLUG[22]. Gentoo Day
encompasses talks by weathered Gentoo presenters, various architectures on
display, some paraphernalia for collectors of Gentoo gadgetry, and of
course the opportunity to meet other Gentoo users and developers. If you
want to join the Gechi in this endeavour in either of the two cities
separated by about 300 kilometres, check this Forum thread[23] and the
Gechi's own forum[24] (both links in Italian).
20. http://www.linux.it/LinuxDay/
21. http://www.milug.org/
22. http://www.prato.linux.it/
23. http://forums.gentoo.org/viewtopic.php?t=242767
24. http://www.gechi.it/forums/viewtopic.php?t=12
UK: Gentoo User Meeting in Cambridge
------------------------------------
Last Thursday, 4 November 2004, Gentoo users and developers flocked from
places such as Poland, Peru, and even as far away as Cambridge, to meet up
for a quick drink in "The Eagle" pub, Cambridge, UK. Accompanied by a few
members of the Cambridge LUG[25], the turnout was higher than expected, at
about 15. Overall an enjoyable evening in anticipation for future Gentoo
UK meetings.
25. http://www.cambridge-lug.org/
======================
5. Gentoo in the press
======================
Notebook Review (5 November 2004)
---------------------------------
User experiences with a recent LG Electronics notebook model is what the
LG X-Note LM50 notebook review[26] is really all about, marking good old
Korean Lucky Goldstar's[27] debut on the North-American notebook market. A
plain hardware review, if it wasn't for a rather unexpected twist the
article takes about halfway down: The author has to cut the list of
hardware items he intended to write shorter than planned because he can't
access the device info in Windows - with the review not even finished, his
new LM50 is already busy installing Gentoo Linux.
26. http://www.notebookreview.com/default.aspx?newsID=2079
27. http://lg.ca
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[28]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 31 October 2004 and 07 November 2004, activity
on the site has resulted in:
28. http://bugs.gentoo.org
* 743 new bugs during this period
* 428 bugs closed or resolved during this period
* 26 previously closed bugs were reopened this period
Of the 7400 currently open bugs: 122 are labeled 'blocker', 251 are
labeled 'critical', and 560 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* ppc64 architecture team[29], with 70 closed bugs[30]
* Gentoo's Team for Core System packages[31], with 23 closed bugs[32]
* Gentoo Security[33], with 18 closed bugs[34]
* Gentoo Linux Gnome Desktop Team[35], with 17 closed bugs[36]
* Jeremy Huddleston[37], with 14 closed bugs[38]
* Gentoo KDE team[39], with 12 closed bugs[40]
* Chris Gianelloni[41], with 11 closed bugs[42]
* Gentoo Linux bug wranglers[43], with 11 closed bugs[44]
29. ppc64@gentoo.org
30.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=ppc64@gentoo.org
31. base-system@gentoo.org
32.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=base-system@gentoo.org
33. security@gentoo.org
34.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=security@gentoo.org
35. gnome@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=gnome@gentoo.org
37. eradicator@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=eradicator@gentoo.org
39. kde@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=kde@gentoo.org
41. wolf31o2@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=wolf31o2@gentoo.org
43. bug-wranglers@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=bug-wranglers@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* AMD64 Porting Team[45], with 30 new bugs[46]
* Gentoo's Team for Core System packages[47], with 13 new bugs[48]
* SpanKY[49], with 12 new bugs[50]
* Gentoo Games[51], with 10 new bugs[52]
* Gentoo X-windows packagers[53], with 8 new bugs[54]
* Net-Mail Packages[55], with 8 new bugs[56]
* Gentoo KDE team[57], with 8 new bugs[58]
* media-video herd[59], with 7 new bugs[60]
45. amd64@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=amd64@gentoo.org
47. base-system@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=base-system@gentoo.org
49. vapier@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=vapier@gentoo.org
51. games@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=games@gentoo.org
53. x11@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=x11@gentoo.org
55. net-mail@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=net-mail@gentoo.org
57. kde@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=kde@gentoo.org
59. media-video@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=media-video@gentoo.org
==================
7. Tips and Tricks
==================
Specifying only needed locales
------------------------------
The locales a user can choose from are built by the glibc. Usually all
available locales starting from aa_DJ (Afar locale for Djibouti) over
en_US (English locale for the USA) to zu_ZA.utf8 (Zulu locale for South
Africa) will be installed. Unless you're working at the UN and administer
a central server for all member states, it is difficult to conceive why
you would need a system where all of these locales are installed. This
week's tip was written with all those of you in mind who'd like to save 90
percent of the space occupied by locales in their system, by limiting the
number of installed locales to the bare minimum.
Ever since sys-libs/glibc-2.3.4.20040619-r2 has been in Portage, a
USE-flag called userlocales was provided to make sure only those locales
mentioned in /etc/locales.build are to be built and installed. As a
side-effect, this also leads to a much faster emerge of glibc, obviously.
---------------------------------------------------------------------------
| Code Listing 7.1: |
|Activate the userlocales USE flag especially for |
glibc----------------------------------------------------------------------
---
| |
|echo "sys-libs/glibc userlocales" >> /etc/portage/package.use |
| |
---------------------------------------------------------------------------
Now specify the locales you want to be able to use:
---------------------------------------------------------------------------
| Code Listing 7.2: |
|nano -w |
/etc/locales.build---------------------------------------------------------
----------------
| |
|The format of the locales is described in the file itself. |
|en_US/ISO-8859-1 |
|en_US.UTF-8/UTF-8 |
|de_DE/ISO-8859-1 |
|de_DE@euro/ISO-8859-15 |
|de_DE.UTF-8/UTF-8 |
| |
---------------------------------------------------------------------------
For further information about locale-handling make sure you read our
Gentoo Linux Localization Guide[61].
61. http://www.gentoo.org/doc/en/guide-localization.xml
Another interesting tool is app-admin/localepurge which can clean out any
installed man-page or info-file in languages you don't need on your
system. You should read the man-page to localepurge in any case, and
configure languages you intend to keep in /etc/locale.nopurge.
By the way, if you want to prohibit the installation of all man-pages,
info-files or documentation, for example when space on your disk is
severely limited, you can add noman, nodoc and/or noinfo to FEATURES in
your /etc/make.conf.
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* Yi Qiang - Gnome
Adds
----
The following developers recently joined the Gentoo Linux team:
* Simone Gotti (motaboy) - KDE
* Roy Marples (uberlord) - Init scripting
* Michael Tindal (urilith) - Apache, Embedded, Hardened
* Alin Nastac (mrness) - Net dialup
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[62].
62. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[63] and help make the GWN better.
63. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[64]
* Dutch[65]
* English[66]
* German[67]
* French[68]
* Japanese[69]
* Italian[70]
* Polish[71]
* Portuguese (Brazil)[72]
* Portuguese (Portugal)[73]
* Russian[74]
* Spanish[75]
* Turkish[76]
64. http://www.gentoo.org/news/da/gwn/gwn.xml
65. http://www.gentoo.org/news/be/gwn/gwn.xml
66. http://www.gentoo.org/news/en/gwn/gwn.xml
67. http://www.gentoo.org/news/de/gwn/gwn.xml
68. http://www.gentoo.org/news/fr/gwn/gwn.xml
69. http://www.gentoo.org/news/ja/gwn/gwn.xml
70. http://www.gentoo.org/news/it/gwn/gwn.xml
71. http://www.gentoo.org/news/pl/gwn/gwn.xml
72. http://www.gentoo.org/news/br/gwn/gwn.xml
73. http://www.gentoo.org/news/pt/gwn/gwn.xml
74. http://www.gentoo.org/news/ru/gwn/gwn.xml
75. http://www.gentoo.org/news/es/gwn/gwn.xml
76. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
Lars Weiler <pylon@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 8 November 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo User Survey Results
--------------------------
Corey Shields[1] has published the preliminary results of the Gentoo User
Survey[2]. Conducted during two weeks in September, all purely numerical
data has now been evaluated and processed for publication on Corey's own
developer webspace, pending interpretation of three additional text-based
questions that respondents have answered using their own words, which
requires more work to aggregate, to be added to the published data at a
later date.
1. cshields@gentoo.org
2. http://dev.gentoo.org/~cshields/survey/survey.html
Figure 1.1: Portage and optimizations most important for users
http://www.gentoo.org/images/gwn/20041108-survey1.jpg
The results bear little to no surprises as long as current user habits are
concerned. Out of experience, a majority of Gentooists synchronizing and
updating their configuration on a daily basis was to be expected. Some of
the questions concerning future plans for Gentoo provoked answers quite
outside expectations, though. Who would have thought that simplified,
possibly GUI-based installation routines would figure so prominently among
user preferences?
Figure 1.2: Caveat: Most respondents said 'None of these'
http://www.gentoo.org/images/gwn/20041108-survey2.jpg
Other requests are already reflected in Gentoo's policy. The release
schedule, estimated to be most useful at a new release every six months by
47 percent of Gentooists asked, will effectively be changed to a
twice-a-year rhythm starting with 2005.0.
==================
2. Gentoo security
==================
ppp: No denial of service vulnerability
---------------------------------------
pppd contains a bug that allows an attacker to crash his own connection,
but it cannot be used to deny service to other users.
For more information, please see the GLSA Announcement[3]
3. http://www.gentoo.org/security/en/glsa/glsa-200411-01.xml
Cherokee: Format string vulnerability
-------------------------------------
Cherokee contains a format string vulnerability that could lead to denial
of service or the execution of arbitary code.
For more information, please see the GLSA Announcement[4]
4. http://www.gentoo.org/security/en/glsa/glsa-200411-02.xml
Apache 1.3: Buffer overflow vulnerability in mod_include
--------------------------------------------------------
A buffer overflow vulnerability exists in mod_include which could possibly
allow a local attacker to gain escalated privileges.
For more information, please see the GLSA Announcement[5]
5. http://www.gentoo.org/security/en/glsa/glsa-200411-03.xml
Speedtouch USB driver: Privilege escalation vulnerability
---------------------------------------------------------
A vulnerability in the Speedtouch USB driver can be exploited to allow
local users to execute arbitrary code with escalated privileges.
For more information, please see the GLSA Announcement[6]
6. http://www.gentoo.org/security/en/glsa/glsa-200411-04.xml
libxml2: Remotely exploitable buffer overflow
---------------------------------------------
libxml2 contains multiple buffer overflows which could lead to the
execution of arbitrary code.
For more information, please see the GLSA Announcement[7]
7. http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml
MIME-tools: Virus detection evasion
-----------------------------------
MIME-tools doesn't handle empty MIME boundaries correctly. This may
prevent some virus-scanning programs which use MIME-tools from detecting
certain viruses.
For more information, please see the GLSA Announcement[8]
8. http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml
Proxytunnel: Format string vulnerability
----------------------------------------
Proxytunnel is vulnerable to a format string vulnerability, potentially
allowing a remote server to execute arbitrary code with the rights of the
Proxytunnel process.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml
GD: Integer overflow
--------------------
The PNG image decoding routines in the GD library contain an integer
overflow that may allow execution of arbitrary code with the rights of the
program decoding a malicious PNG image.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200411-08.xml
shadow: Unauthorized modification of account information
--------------------------------------------------------
A flaw in the chfn and chsh utilities might allow modification of account
properties by unauthorized users.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200411-09.xml
Gallery: Cross-site scripting vulnerability
-------------------------------------------
Gallery is vulnerable to cross-site scripting attacks.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200411-10.xml
ImageMagick: EXIF buffer overflow
---------------------------------
ImageMagick contains an error in boundary checks when handling EXIF
information, which could lead to arbitrary code execution.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200411-11.xml
=========================
3. Heard in the community
=========================
gentoo-user
-----------
Sharing /usr/portage
Supporting multiple Gentoo systems typically means maintaining separate
copies of the portage tree. To save disk space and time, several users
discuss how to manage a single shared copy across all systems.
* How much of portage can be shared/deleted?[14]
14. http://thread.gmane.org/gmane.linux.gentoo.user/105834
Perl modules in Portage
One user inquires about installing perl modules in portage after having
trouble finding them. Portage offers a helpful script to search for perl
modules and dynamically generate an ebuild to install them.
* GPG and Perl Modules[15]
15. http://thread.gmane.org/gmane.linux.gentoo.user/106090
gentoo-dev
----------
PS2 and Gentoo Linux
As Gentoo seems to run on everything (except maybe refrigerators), this
thread explores the feasibility of Gentoo on the PlayStation 2. Getting a
full Gentoo install on it will not be easy, but it looks like lots of fun
trying to.
* PS2 and Gentoo Linux[16]
16. http://thread.gmane.org/gmane.linux.gentoo.devel/22674
Handling multiple packages providing a symlink
Ciaran McCreesh[17] explores the possibilities of handling multiple
packages (like vi, vim, elvis) providing symlinks (in this case for vi).
Most suggestions from others included implementing a system like Debian
alternatives, so expect some nice and pleasant modifications soon.
17. ciaranm@gentoo.org
* Handling multiple packages providing a symlink[18]
18. http://thread.gmane.org/gmane.linux.gentoo.devel/22647
Official Gentoo motto?
Following a NewsForge article claiming that the official Gentoo Motto was
"If it moves, compile it", people were wondering - since clearly this
isn't it - what could in fact be a good motto for Gentoo.
* Official Gentoo Motto?[19]
19. http://thread.gmane.org/gmane.linux.gentoo.devel/22540
=======================
4. Gentoo International
=======================
Italy: Gentoo Day
-----------------
27 November 2004 is going to be the date for the fourth time that Italy's
ever-growing open-source movement organizes a national Linux day[20], and
the second time that this Italy-wide event is reason enough for the
Italian Gentoo users to prepare for some evangelism of their own: For the
second year in a row, "Gentoo Day" is going to be held simultaneously in
two cities in Italy, Prato and Milano, thanks to those Gentooists active
in the Gentoo Channel Italia (Gechi) framework, and the hospitality of two
co-organizing local Linux User Groups, MiLUG[21] and PLUG[22]. Gentoo Day
encompasses talks by weathered Gentoo presenters, various architectures on
display, some paraphernalia for collectors of Gentoo gadgetry, and of
course the opportunity to meet other Gentoo users and developers. If you
want to join the Gechi in this endeavour in either of the two cities
separated by about 300 kilometres, check this Forum thread[23] and the
Gechi's own forum[24] (both links in Italian).
20. http://www.linux.it/LinuxDay/
21. http://www.milug.org/
22. http://www.prato.linux.it/
23. http://forums.gentoo.org/viewtopic.php?t=242767
24. http://www.gechi.it/forums/viewtopic.php?t=12
UK: Gentoo User Meeting in Cambridge
------------------------------------
Last Thursday, 4 November 2004, Gentoo users and developers flocked from
places such as Poland, Peru, and even as far away as Cambridge, to meet up
for a quick drink in "The Eagle" pub, Cambridge, UK. Accompanied by a few
members of the Cambridge LUG[25], the turnout was higher than expected, at
about 15. Overall an enjoyable evening in anticipation for future Gentoo
UK meetings.
25. http://www.cambridge-lug.org/
======================
5. Gentoo in the press
======================
Notebook Review (5 November 2004)
---------------------------------
User experiences with a recent LG Electronics notebook model is what the
LG X-Note LM50 notebook review[26] is really all about, marking good old
Korean Lucky Goldstar's[27] debut on the North-American notebook market. A
plain hardware review, if it wasn't for a rather unexpected twist the
article takes about halfway down: The author has to cut the list of
hardware items he intended to write shorter than planned because he can't
access the device info in Windows - with the review not even finished, his
new LM50 is already busy installing Gentoo Linux.
26. http://www.notebookreview.com/default.aspx?newsID=2079
27. http://lg.ca
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[28]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 31 October 2004 and 07 November 2004, activity
on the site has resulted in:
28. http://bugs.gentoo.org
* 743 new bugs during this period
* 428 bugs closed or resolved during this period
* 26 previously closed bugs were reopened this period
Of the 7400 currently open bugs: 122 are labeled 'blocker', 251 are
labeled 'critical', and 560 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* ppc64 architecture team[29], with 70 closed bugs[30]
* Gentoo's Team for Core System packages[31], with 23 closed bugs[32]
* Gentoo Security[33], with 18 closed bugs[34]
* Gentoo Linux Gnome Desktop Team[35], with 17 closed bugs[36]
* Jeremy Huddleston[37], with 14 closed bugs[38]
* Gentoo KDE team[39], with 12 closed bugs[40]
* Chris Gianelloni[41], with 11 closed bugs[42]
* Gentoo Linux bug wranglers[43], with 11 closed bugs[44]
29. ppc64@gentoo.org
30.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=ppc64@gentoo.org
31. base-system@gentoo.org
32.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=base-system@gentoo.org
33. security@gentoo.org
34.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=security@gentoo.org
35. gnome@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=gnome@gentoo.org
37. eradicator@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=eradicator@gentoo.org
39. kde@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=kde@gentoo.org
41. wolf31o2@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=wolf31o2@gentoo.org
43. bug-wranglers@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-10-31&chfieldto=2004-11-07&resolution=FIXED&assigned_to=bug-wranglers@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* AMD64 Porting Team[45], with 30 new bugs[46]
* Gentoo's Team for Core System packages[47], with 13 new bugs[48]
* SpanKY[49], with 12 new bugs[50]
* Gentoo Games[51], with 10 new bugs[52]
* Gentoo X-windows packagers[53], with 8 new bugs[54]
* Net-Mail Packages[55], with 8 new bugs[56]
* Gentoo KDE team[57], with 8 new bugs[58]
* media-video herd[59], with 7 new bugs[60]
45. amd64@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=amd64@gentoo.org
47. base-system@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=base-system@gentoo.org
49. vapier@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=vapier@gentoo.org
51. games@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=games@gentoo.org
53. x11@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=x11@gentoo.org
55. net-mail@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=net-mail@gentoo.org
57. kde@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=kde@gentoo.org
59. media-video@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-10-31&chfieldto=2004-11-07&assigned_to=media-video@gentoo.org
==================
7. Tips and Tricks
==================
Specifying only needed locales
------------------------------
The locales a user can choose from are built by the glibc. Usually all
available locales starting from aa_DJ (Afar locale for Djibouti) over
en_US (English locale for the USA) to zu_ZA.utf8 (Zulu locale for South
Africa) will be installed. Unless you're working at the UN and administer
a central server for all member states, it is difficult to conceive why
you would need a system where all of these locales are installed. This
week's tip was written with all those of you in mind who'd like to save 90
percent of the space occupied by locales in their system, by limiting the
number of installed locales to the bare minimum.
Ever since sys-libs/glibc-2.3.4.20040619-r2 has been in Portage, a
USE-flag called userlocales was provided to make sure only those locales
mentioned in /etc/locales.build are to be built and installed. As a
side-effect, this also leads to a much faster emerge of glibc, obviously.
---------------------------------------------------------------------------
| Code Listing 7.1: |
|Activate the userlocales USE flag especially for |
glibc----------------------------------------------------------------------
---
| |
|echo "sys-libs/glibc userlocales" >> /etc/portage/package.use |
| |
---------------------------------------------------------------------------
Now specify the locales you want to be able to use:
---------------------------------------------------------------------------
| Code Listing 7.2: |
|nano -w |
/etc/locales.build---------------------------------------------------------
----------------
| |
|The format of the locales is described in the file itself. |
|en_US/ISO-8859-1 |
|en_US.UTF-8/UTF-8 |
|de_DE/ISO-8859-1 |
|de_DE@euro/ISO-8859-15 |
|de_DE.UTF-8/UTF-8 |
| |
---------------------------------------------------------------------------
For further information about locale-handling make sure you read our
Gentoo Linux Localization Guide[61].
61. http://www.gentoo.org/doc/en/guide-localization.xml
Another interesting tool is app-admin/localepurge which can clean out any
installed man-page or info-file in languages you don't need on your
system. You should read the man-page to localepurge in any case, and
configure languages you intend to keep in /etc/locale.nopurge.
By the way, if you want to prohibit the installation of all man-pages,
info-files or documentation, for example when space on your disk is
severely limited, you can add noman, nodoc and/or noinfo to FEATURES in
your /etc/make.conf.
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* Yi Qiang - Gnome
Adds
----
The following developers recently joined the Gentoo Linux team:
* Simone Gotti (motaboy) - KDE
* Roy Marples (uberlord) - Init scripting
* Michael Tindal (urilith) - Apache, Embedded, Hardened
* Alin Nastac (mrness) - Net dialup
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[62].
62. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[63] and help make the GWN better.
63. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[64]
* Dutch[65]
* English[66]
* German[67]
* French[68]
* Japanese[69]
* Italian[70]
* Polish[71]
* Portuguese (Brazil)[72]
* Portuguese (Portugal)[73]
* Russian[74]
* Spanish[75]
* Turkish[76]
64. http://www.gentoo.org/news/da/gwn/gwn.xml
65. http://www.gentoo.org/news/be/gwn/gwn.xml
66. http://www.gentoo.org/news/en/gwn/gwn.xml
67. http://www.gentoo.org/news/de/gwn/gwn.xml
68. http://www.gentoo.org/news/fr/gwn/gwn.xml
69. http://www.gentoo.org/news/ja/gwn/gwn.xml
70. http://www.gentoo.org/news/it/gwn/gwn.xml
71. http://www.gentoo.org/news/pl/gwn/gwn.xml
72. http://www.gentoo.org/news/br/gwn/gwn.xml
73. http://www.gentoo.org/news/pt/gwn/gwn.xml
74. http://www.gentoo.org/news/ru/gwn/gwn.xml
75. http://www.gentoo.org/news/es/gwn/gwn.xml
76. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Patrick Lauer <patrick@gentoo.org> - Author
Emmet Wagle <ewagle@email.com> - Author
Lars Weiler <pylon@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list