---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 20 December 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo UK conference call for speakers
--------------------------------------
Stuart Herbert[1] has renewed his call for papers to be presented at next
year's Gentoo conference for developers and users in the UK[2]. The topic
for the conference to be held on Saturday 12 March 2005 at the University
of Salford will be "Success with Gentoo". Please submit proposals to his
contact address before 31 December 2004.
1. stuart@gentoo.org
2. http://dev.gentoo.org/~stuart/2005/
New Catalyst mailing list
-------------------------
Everything you always wanted to know about catalyst, the Gentoo release
engineering's meta-tool[3] for creating LiveCDs, Gentoo Reference Platform
(GRP) packages and the installation stages 1 to 3, can now be discussed on
a mailing list of its own. Joining the new list will be particularly
useful for all those who wish to create their own customized versions of
Gentoo Linux. gentoo-catalyst@gentoo.org has been spun off the main
release engineering mailing list where these matters were usually
discussed before. Subscription help and other information can be found on
the mailing list page[4].
3. http://www.gentoo.org/proj/en/releng/catalyst/
4. http://www.gentoo.org/main/en/lists.xml
GWN needs additional translators
--------------------------------
The newsletter is currently translated into Japanese, German, Italian,
Polish, Dutch and Turkish. Since our last call for help quite a number of
volunteers have been found to give new life to some of the other formerly
translated versions of the GWN, namely Spanish, Russian and French, and
even an entirely new one: Romanian! If you would like to join the new
teams that are in the process of being created, please contact
gwn-feedback@gentoo.org. The team leaders would like to emphasize that
it's not just a question of "the more, the merrier" - translating is hard
work, and if you're unable to split it among a group of people, it's
almost impossible to sustain for a longer period of time.
==============
2. Future zone
==============
Pre-Christmas vacation
----------------------
Future zone takes a short rest before coming back with more stories from
bleeding edge development, fascinating technology insights and lesser
known projects that deserve more attention. If you would like to see
something you work on covered in this section, please send a short
description to our feedback address[5], and we'll get right back to you.
5. gwn-feedback@gentoo.org
==================
3. Gentoo security
==================
file: Arbitrary code execution
------------------------------
The code for parsing ELF headers in file contains a flaw which may allow
an attacker to execute arbitrary code.
For more information, please see the GLSA Announcement[6]
6. http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml
nfs-utils: Multiple remote vulnerabilities
------------------------------------------
Multiple vulnerabilities have been discovered in nfs-utils that could lead
to a Denial of Service, or the execution of arbitrary code.
For more information, please see the GLSA Announcement[7]
7. http://www.gentoo.org/security/en/glsa/glsa-200412-08.xml
ncpfs: Buffer overflow in ncplogin and ncpmap
---------------------------------------------
ncpfs is vulnerable to a buffer overflow that could lead to local
execution of arbitrary code with elevated privileges.
For more information, please see the GLSA Announcement[8]
8. http://www.gentoo.org/security/en/glsa/glsa-200412-09.xml
Vim, gVim: Vulnerable options in modelines
------------------------------------------
Several vulnerabilities related to the use of options in modelines have
been found and fixed in Vim. They could potentially result in a local user
escalating privileges.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
Cscope: Insecure creation of temporary files
--------------------------------------------
Cscope is vulnerable to symlink attacks, potentially allowing a local user
to overwrite arbitrary files.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml
Adobe Acrobat Reader: Buffer overflow vulnerability
---------------------------------------------------
Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to
remote execution of arbitrary code.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200412-12.xml
Samba: Integer overflow
-----------------------
Samba contains a bug that could lead to remote execution of arbitrary
code.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200412-13.xml
PHP: Multiple vulnerabilities
-----------------------------
Several vulnerabilities were found and fixed in PHP, ranging from an
information leak and a safe_mode restriction bypass to a potential remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml
Ethereal: Multiple vulnerabilities
----------------------------------
Multiple vulnerabilities exist in Ethereal, which may allow an attacker to
run arbitrary code, crash the program or perform DoS by CPU and disk
utilization.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml
kdelibs, kdebase: Multiple vulnerabilities
------------------------------------------
kdelibs and kdebase contain a flaw allowing password disclosure when
creating a link to a remote file. Furthermore Konqueror is vulnerable to
window injection.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
=========================
4. Heard in the community
=========================
Web forums
----------
At the strike of the falling log it's - 0 postcounts
Bit of a nasty surprise for some of the regulars frequenting the notorious
"Off the Wall" section at the Gentoo Forums last week: In a coup that is
aimed at restoring some of the credibility to the poster rankings
displayed below each user ID at the forums, nothing posted in the openly
off-topic OTW forum is counted towards the user ranking any longer, and
previous posts have been subtracted as well. The measure implemented by
the forum administrators has yielded some painful results for numerous
posters who had collected hundreds or even thousands of posts over their
subscription period, but ended up having lost their "veteran" status now
because all those posts had been in OTW. Moderators and admins are hoping
this will help shift some of the emphasis of the Forums back to its prime
objective, support for Gentoo Linux users.
* [forums-announce] OTW posts no longer count towards total[16]
* OTW will be deleted soon[17] (not really...)
16. http://forums.gentoo.org/viewtopic.php?t=266883
17. http://forums.gentoo.org/viewtopic.php?t=266580
gentoo-user
-----------
Cool console tip thread of the week
It all started with a simple question: How to stop emerge's output from
scrolling off the screen when there are many packages to merge. That
question got answered quickly, but then came the other tips: How to scroll
up and down in virtual terminals, increase your VT buffer history size,
bash history searching, and more!
* Visualize Packages List on Console[18]
18. http://thread.gmane.org/gmane.linux.gentoo.user/111441
File system discussions
The many virtues of running Linux include having a variety of file system
formats to choose from. There are the old reliables: ext2 and ext3 that
most seasoned Linux geeks know about. But in Linux's recent history, many
more file systems have come about. XFS, JFS, and ReiserFS to name a few.
This informative thread shares some of the experiences of Gentoo users on
all these file systems, and discusses the pros and cons of running a "less
popular" file system format.
* JFS and XFS[19]
19. http://thread.gmane.org/gmane.linux.gentoo.user/111710
X11 mice and udev
It's enevitiable, udev is the next stop for Linux's /dev filesystem. udev
brings along a slew of great features that are easy to use, but be on the
lookout for this common problem when switching from devfs.
* Problems with X11 and udev[20]
20. http://thread.gmane.org/gmane.linux.gentoo.user/111770
gentoo-dev
----------
Makefile variables inside ebuilds
Robin H. Johnson[21] asks: "I've seen a lot of ebuilds lately where the
author has tried to get a variable set inside the Makefile, but their code
actually doesn't work, and it hasn't been noticed." Read on to learn what
works and what doesn't, and get a lecture in advanced bash-magic as you
read along.
21. robbat2@gentoo.org
* Makefile variables inside ebuilds[22]
22. http://thread.gmane.org/gmane.linux.gentoo.devel/23417
libtool help
Mike Frysinger[23] offers some information on a libtool-related series of
bugs. As of libtool-1.5.10, some ebuilds fail with:
23. vapier@gentoo.org
---------------------------------------------------------------------------
| Code Listing 4.1: |
|-------------------------------------------------------------------------|
| |
|*** Gentoo sanity check failed! *** |
|*** libtool.m4 and ltmain.sh have a version mismatch! *** |
|*** (libtool.m4 = 1.5.10, ltmain.sh = 1.5.2) *** |
| |
---------------------------------------------------------------------------
This is an ebuild error, so if you hit this error, check on
bugs.gentoo.org if it is known and open a bug if there isn't one yet. The
fixes are relatively simple, a howto can be found in the mail thread.
* libtool help[24]
24. http://thread.gmane.org/gmane.linux.gentoo.devel/23449
======================
5. Gentoo in the press
======================
Hardware Upgrade (9 December 2004)
----------------------------------
In an extensive, eleven-page-long test titled "Gaming con Linux"[25], the
Italian magazine Hardware Upgrade puts Linux against Windows in a whole
series of performance tests for games like Unreal Tournament and Doom 3,
on graphics from both ATI and Nvidia. Author Raffaele Fanizzi chose Gentoo
Linux as his platform for the Linux side of benchmarking, and concludes
that using Nvidia NV40 in Linux offers better performance in Gentoo than
Windows XP, despite manufacturer optimizations for the hardware being
biased towards the Windows platform, with ATi Radeon cards being even more
heavily predisposed for optimal performance in Windows.
25. http://www.hwupgrade.it/articoli/1131/index.html
O'Reilly XML.com (15 December 2004)
-----------------------------------
Nick Kew, author of various XML applications and this recent article on
"XML Namespace Processing in Apache"[26], mentions Gentoo alongside
FreeBSD and Debian as an example for incorporation of his "unexpectedly
most popular" mod_proxy_html, "which rewrites URLs into a proxy's address
space and is an essential component of a reverse proxy."
26. http://www.xml.com/pub/a/2004/12/15/apache-namespaces.html
Linuxtimes.net (15 December 2004)
---------------------------------
Gentoo has been voted "Favourite distribution"[27] in a poll conducted by
Linuxtimes.net (owned by, interestingly enough, Linare Corporation),
leading the pack with almost a quarter of all 2500+ votes.
27. http://www.linuxtimes.net/modules.php?name=News&file=article&sid=467
Linux Journal (17 December 2004)
--------------------------------
In an interview with Linux Journal[28], Bill McCarty who recently
published a new book on "Security Enhanced Linux"[29] draws encouraging
signs of more widespread availability of SELinux in the future from the
fact that it's "now an integral component of several Linux distributions,
such as Fedora Core, Gentoo and the beta release of Red Hat Enterprise
Linux 4."
28. http://www.linuxjournal.com/article/7955
29. http://www.oreilly.com/catalog/selinux
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[30]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 12 December 2004 and 19 December 2004, activity
on the site has resulted in:
30. http://bugs.gentoo.org
* 738 new bugs during this period
* 368 bugs closed or resolved during this period
* 30 previously closed bugs were reopened this period
Of the 7750 currently open bugs: 126 are labeled 'blocker', 233 are
labeled 'critical', and 551 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* AMD64 Porting Team[31], with 26 closed bugs[32]
* Gentoo Games[33], with 24 closed bugs[34]
* Gentoo Security[35], with 16 closed bugs[36]
* ppc64 architecture team[37], with 15 closed bugs[38]
* Gentoo's Team for Core System packages[39], with 15 closed bugs[40]
* Java team[41], with 14 closed bugs[42]
* SpanKY[43], with 11 closed bugs[44]
* Gentoo Linux Gnome Desktop Team[45], with 11 closed bugs[46]
31. amd64@gentoo.org
32.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=amd64@gentoo.org
33. games@gentoo.org
34.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=games@gentoo.org
35. security@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=security@gentoo.org
37. ppc64@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=ppc64@gentoo.org
39. base-system@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=base-system@gentoo.org
41. java@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=java@gentoo.org
43. vapier@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=vapier@gentoo.org
45. gnome@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=gnome@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* media-video herd[47], with 16 new bugs[48]
* AMD64 Porting Team[49], with 14 new bugs[50]
* Gentoo's Team for Core System packages[51], with 13 new bugs[52]
* Gentoo Sound Team[53], with 10 new bugs[54]
* Gentoo Science Related Packages[55], with 10 new bugs[56]
* Java team[57], with 9 new bugs[58]
* Gentoo Linux Gnome Desktop Team[59], with 9 new bugs[60]
* Embedded Gentoo Team[61], with 9 new bugs[62]
47. media-video@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=media-video@gentoo.org
49. amd64@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=amd64@gentoo.org
51. base-system@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=base-system@gentoo.org
53. sound@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=sound@gentoo.org
55. sci@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=sci@gentoo.org
57. java@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=java@gentoo.org
59. gnome@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=gnome@gentoo.org
61. embedded@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=embedded@gentoo.org
==================
7. Tips and Tricks
==================
Devtodo: Nifty tool for developers and others
---------------------------------------------
This small program provides a per-directory todo list. Items can be added,
deleted, edited and changed in priority. The list is always sorted with
the most important items on top, equal priority items sorted by time,
oldest first.
---------------------------------------------------------------------------
| Code Listing 7.1: |
|To |
install--------------------------------------------------------------------
-----
| |
|emerge app-misc/devtodo |
| |
---------------------------------------------------------------------------
Let's see a small demonstration:
---------------------------------------------------------------------------
| Code Listing 7.2: |
|Adding |
items----------------------------------------------------------------------
---
| |
|$ tda |
|Enter text for the item you are adding. |
|text> Write some stuff for the GWN |
|1. veryhigh 2. high 3. medium 4. low 5. verylow |
|Enter a priority from those listed above. |
|priority> medium |
|Index of new item is 1 |
| |
|$ tda |
|Enter text for the item you are adding. |
|text> Install a speelchecker |
|1. veryhigh 2. high 3. medium 4. low 5. verylow |
|Enter a priority from those listed above. |
|priority> low |
|Index of new item is 2 |
| |
---------------------------------------------------------------------------
Now lets check the output:
---------------------------------------------------------------------------
| Code Listing 7.3: |
|Sample |
output---------------------------------------------------------------------
----
| |
|$ devtodo |
| 1.Write some stuff for the GWN |
| 2.Install a speelchecker |
| |
---------------------------------------------------------------------------
Ok, let's edit the priorities, a spellchecker would be quite useful before
finishing other things:
---------------------------------------------------------------------------
| Code Listing 7.4: |
|editing-------------------------------------------------------------------|
------
| |
|$ tde 2 |
|Modify the text of the item you are editing. |
|text> Install a speelchecker |
|1. veryhigh 2. high 3. medium 4. low 5. verylow |
|Enter a priority from those listed above. |
|priority> veryhigh |
| |
---------------------------------------------------------------------------
This moves the item above lower priority items and changes the output
colour to red. Available (colour-coded!) priorities are: 1. veryhigh 2.
high 3. medium 4. low 5. verylow
---------------------------------------------------------------------------
| Code Listing 7.5: |
|Output with changed |
priorities-----------------------------------------------------------------
--------
| |
|$ devtodo |
| 1.Install a speelchecker |
| 2.Write some stuff for the GWN |
| |
---------------------------------------------------------------------------
Once you have completed an item, you can either mark it as done with "tdd"
or remove it with "tdr". So from now on you don't have an excuse for
forgetting assignments and other things. Enjoy!
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* Gregorio Guidi (greg_g) - KDE
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[63].
63. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[64] and help make the GWN better.
64. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[65]
* Dutch[66]
* English[67]
* German[68]
* French[69]
* Japanese[70]
* Italian[71]
* Polish[72]
* Portuguese (Brazil)[73]
* Portuguese (Portugal)[74]
* Russian[75]
* Spanish[76]
* Turkish[77]
65. http://www.gentoo.org/news/da/gwn/gwn.xml
66. http://www.gentoo.org/news/be/gwn/gwn.xml
67. http://www.gentoo.org/news/en/gwn/gwn.xml
68. http://www.gentoo.org/news/de/gwn/gwn.xml
69. http://www.gentoo.org/news/fr/gwn/gwn.xml
70. http://www.gentoo.org/news/ja/gwn/gwn.xml
71. http://www.gentoo.org/news/it/gwn/gwn.xml
72. http://www.gentoo.org/news/pl/gwn/gwn.xml
73. http://www.gentoo.org/news/br/gwn/gwn.xml
74. http://www.gentoo.org/news/pt/gwn/gwn.xml
75. http://www.gentoo.org/news/ru/gwn/gwn.xml
76. http://www.gentoo.org/news/es/gwn/gwn.xml
77. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Patrick Lauer <patrick@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 20 December 2004.
---------------------------------------------------------------------------
==============
1. Gentoo News
==============
Gentoo UK conference call for speakers
--------------------------------------
Stuart Herbert[1] has renewed his call for papers to be presented at next
year's Gentoo conference for developers and users in the UK[2]. The topic
for the conference to be held on Saturday 12 March 2005 at the University
of Salford will be "Success with Gentoo". Please submit proposals to his
contact address before 31 December 2004.
1. stuart@gentoo.org
2. http://dev.gentoo.org/~stuart/2005/
New Catalyst mailing list
-------------------------
Everything you always wanted to know about catalyst, the Gentoo release
engineering's meta-tool[3] for creating LiveCDs, Gentoo Reference Platform
(GRP) packages and the installation stages 1 to 3, can now be discussed on
a mailing list of its own. Joining the new list will be particularly
useful for all those who wish to create their own customized versions of
Gentoo Linux. gentoo-catalyst@gentoo.org has been spun off the main
release engineering mailing list where these matters were usually
discussed before. Subscription help and other information can be found on
the mailing list page[4].
3. http://www.gentoo.org/proj/en/releng/catalyst/
4. http://www.gentoo.org/main/en/lists.xml
GWN needs additional translators
--------------------------------
The newsletter is currently translated into Japanese, German, Italian,
Polish, Dutch and Turkish. Since our last call for help quite a number of
volunteers have been found to give new life to some of the other formerly
translated versions of the GWN, namely Spanish, Russian and French, and
even an entirely new one: Romanian! If you would like to join the new
teams that are in the process of being created, please contact
gwn-feedback@gentoo.org. The team leaders would like to emphasize that
it's not just a question of "the more, the merrier" - translating is hard
work, and if you're unable to split it among a group of people, it's
almost impossible to sustain for a longer period of time.
==============
2. Future zone
==============
Pre-Christmas vacation
----------------------
Future zone takes a short rest before coming back with more stories from
bleeding edge development, fascinating technology insights and lesser
known projects that deserve more attention. If you would like to see
something you work on covered in this section, please send a short
description to our feedback address[5], and we'll get right back to you.
5. gwn-feedback@gentoo.org
==================
3. Gentoo security
==================
file: Arbitrary code execution
------------------------------
The code for parsing ELF headers in file contains a flaw which may allow
an attacker to execute arbitrary code.
For more information, please see the GLSA Announcement[6]
6. http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml
nfs-utils: Multiple remote vulnerabilities
------------------------------------------
Multiple vulnerabilities have been discovered in nfs-utils that could lead
to a Denial of Service, or the execution of arbitrary code.
For more information, please see the GLSA Announcement[7]
7. http://www.gentoo.org/security/en/glsa/glsa-200412-08.xml
ncpfs: Buffer overflow in ncplogin and ncpmap
---------------------------------------------
ncpfs is vulnerable to a buffer overflow that could lead to local
execution of arbitrary code with elevated privileges.
For more information, please see the GLSA Announcement[8]
8. http://www.gentoo.org/security/en/glsa/glsa-200412-09.xml
Vim, gVim: Vulnerable options in modelines
------------------------------------------
Several vulnerabilities related to the use of options in modelines have
been found and fixed in Vim. They could potentially result in a local user
escalating privileges.
For more information, please see the GLSA Announcement[9]
9. http://www.gentoo.org/security/en/glsa/glsa-200412-10.xml
Cscope: Insecure creation of temporary files
--------------------------------------------
Cscope is vulnerable to symlink attacks, potentially allowing a local user
to overwrite arbitrary files.
For more information, please see the GLSA Announcement[10]
10. http://www.gentoo.org/security/en/glsa/glsa-200412-11.xml
Adobe Acrobat Reader: Buffer overflow vulnerability
---------------------------------------------------
Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to
remote execution of arbitrary code.
For more information, please see the GLSA Announcement[11]
11. http://www.gentoo.org/security/en/glsa/glsa-200412-12.xml
Samba: Integer overflow
-----------------------
Samba contains a bug that could lead to remote execution of arbitrary
code.
For more information, please see the GLSA Announcement[12]
12. http://www.gentoo.org/security/en/glsa/glsa-200412-13.xml
PHP: Multiple vulnerabilities
-----------------------------
Several vulnerabilities were found and fixed in PHP, ranging from an
information leak and a safe_mode restriction bypass to a potential remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[13]
13. http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml
Ethereal: Multiple vulnerabilities
----------------------------------
Multiple vulnerabilities exist in Ethereal, which may allow an attacker to
run arbitrary code, crash the program or perform DoS by CPU and disk
utilization.
For more information, please see the GLSA Announcement[14]
14. http://www.gentoo.org/security/en/glsa/glsa-200412-15.xml
kdelibs, kdebase: Multiple vulnerabilities
------------------------------------------
kdelibs and kdebase contain a flaw allowing password disclosure when
creating a link to a remote file. Furthermore Konqueror is vulnerable to
window injection.
For more information, please see the GLSA Announcement[15]
15. http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml
=========================
4. Heard in the community
=========================
Web forums
----------
At the strike of the falling log it's - 0 postcounts
Bit of a nasty surprise for some of the regulars frequenting the notorious
"Off the Wall" section at the Gentoo Forums last week: In a coup that is
aimed at restoring some of the credibility to the poster rankings
displayed below each user ID at the forums, nothing posted in the openly
off-topic OTW forum is counted towards the user ranking any longer, and
previous posts have been subtracted as well. The measure implemented by
the forum administrators has yielded some painful results for numerous
posters who had collected hundreds or even thousands of posts over their
subscription period, but ended up having lost their "veteran" status now
because all those posts had been in OTW. Moderators and admins are hoping
this will help shift some of the emphasis of the Forums back to its prime
objective, support for Gentoo Linux users.
* [forums-announce] OTW posts no longer count towards total[16]
* OTW will be deleted soon[17] (not really...)
16. http://forums.gentoo.org/viewtopic.php?t=266883
17. http://forums.gentoo.org/viewtopic.php?t=266580
gentoo-user
-----------
Cool console tip thread of the week
It all started with a simple question: How to stop emerge's output from
scrolling off the screen when there are many packages to merge. That
question got answered quickly, but then came the other tips: How to scroll
up and down in virtual terminals, increase your VT buffer history size,
bash history searching, and more!
* Visualize Packages List on Console[18]
18. http://thread.gmane.org/gmane.linux.gentoo.user/111441
File system discussions
The many virtues of running Linux include having a variety of file system
formats to choose from. There are the old reliables: ext2 and ext3 that
most seasoned Linux geeks know about. But in Linux's recent history, many
more file systems have come about. XFS, JFS, and ReiserFS to name a few.
This informative thread shares some of the experiences of Gentoo users on
all these file systems, and discusses the pros and cons of running a "less
popular" file system format.
* JFS and XFS[19]
19. http://thread.gmane.org/gmane.linux.gentoo.user/111710
X11 mice and udev
It's enevitiable, udev is the next stop for Linux's /dev filesystem. udev
brings along a slew of great features that are easy to use, but be on the
lookout for this common problem when switching from devfs.
* Problems with X11 and udev[20]
20. http://thread.gmane.org/gmane.linux.gentoo.user/111770
gentoo-dev
----------
Makefile variables inside ebuilds
Robin H. Johnson[21] asks: "I've seen a lot of ebuilds lately where the
author has tried to get a variable set inside the Makefile, but their code
actually doesn't work, and it hasn't been noticed." Read on to learn what
works and what doesn't, and get a lecture in advanced bash-magic as you
read along.
21. robbat2@gentoo.org
* Makefile variables inside ebuilds[22]
22. http://thread.gmane.org/gmane.linux.gentoo.devel/23417
libtool help
Mike Frysinger[23] offers some information on a libtool-related series of
bugs. As of libtool-1.5.10, some ebuilds fail with:
23. vapier@gentoo.org
---------------------------------------------------------------------------
| Code Listing 4.1: |
|-------------------------------------------------------------------------|
| |
|*** Gentoo sanity check failed! *** |
|*** libtool.m4 and ltmain.sh have a version mismatch! *** |
|*** (libtool.m4 = 1.5.10, ltmain.sh = 1.5.2) *** |
| |
---------------------------------------------------------------------------
This is an ebuild error, so if you hit this error, check on
bugs.gentoo.org if it is known and open a bug if there isn't one yet. The
fixes are relatively simple, a howto can be found in the mail thread.
* libtool help[24]
24. http://thread.gmane.org/gmane.linux.gentoo.devel/23449
======================
5. Gentoo in the press
======================
Hardware Upgrade (9 December 2004)
----------------------------------
In an extensive, eleven-page-long test titled "Gaming con Linux"[25], the
Italian magazine Hardware Upgrade puts Linux against Windows in a whole
series of performance tests for games like Unreal Tournament and Doom 3,
on graphics from both ATI and Nvidia. Author Raffaele Fanizzi chose Gentoo
Linux as his platform for the Linux side of benchmarking, and concludes
that using Nvidia NV40 in Linux offers better performance in Gentoo than
Windows XP, despite manufacturer optimizations for the hardware being
biased towards the Windows platform, with ATi Radeon cards being even more
heavily predisposed for optimal performance in Windows.
25. http://www.hwupgrade.it/articoli/1131/index.html
O'Reilly XML.com (15 December 2004)
-----------------------------------
Nick Kew, author of various XML applications and this recent article on
"XML Namespace Processing in Apache"[26], mentions Gentoo alongside
FreeBSD and Debian as an example for incorporation of his "unexpectedly
most popular" mod_proxy_html, "which rewrites URLs into a proxy's address
space and is an essential component of a reverse proxy."
26. http://www.xml.com/pub/a/2004/12/15/apache-namespaces.html
Linuxtimes.net (15 December 2004)
---------------------------------
Gentoo has been voted "Favourite distribution"[27] in a poll conducted by
Linuxtimes.net (owned by, interestingly enough, Linare Corporation),
leading the pack with almost a quarter of all 2500+ votes.
27. http://www.linuxtimes.net/modules.php?name=News&file=article&sid=467
Linux Journal (17 December 2004)
--------------------------------
In an interview with Linux Journal[28], Bill McCarty who recently
published a new book on "Security Enhanced Linux"[29] draws encouraging
signs of more widespread availability of SELinux in the future from the
fact that it's "now an integral component of several Linux distributions,
such as Fedora Core, Gentoo and the beta release of Red Hat Enterprise
Linux 4."
28. http://www.linuxjournal.com/article/7955
29. http://www.oreilly.com/catalog/selinux
===========
6. Bugzilla
===========
Summary
-------
* Statistics
* Closed bug ranking
* New bug rankings
Statistics
----------
The Gentoo community uses Bugzilla (bugs.gentoo.org[30]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 12 December 2004 and 19 December 2004, activity
on the site has resulted in:
30. http://bugs.gentoo.org
* 738 new bugs during this period
* 368 bugs closed or resolved during this period
* 30 previously closed bugs were reopened this period
Of the 7750 currently open bugs: 126 are labeled 'blocker', 233 are
labeled 'critical', and 551 are labeled 'major'.
Closed bug rankings
-------------------
The developers and teams who have closed the most bugs during this period
are:
* AMD64 Porting Team[31], with 26 closed bugs[32]
* Gentoo Games[33], with 24 closed bugs[34]
* Gentoo Security[35], with 16 closed bugs[36]
* ppc64 architecture team[37], with 15 closed bugs[38]
* Gentoo's Team for Core System packages[39], with 15 closed bugs[40]
* Java team[41], with 14 closed bugs[42]
* SpanKY[43], with 11 closed bugs[44]
* Gentoo Linux Gnome Desktop Team[45], with 11 closed bugs[46]
31. amd64@gentoo.org
32.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=amd64@gentoo.org
33. games@gentoo.org
34.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=games@gentoo.org
35. security@gentoo.org
36.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=security@gentoo.org
37. ppc64@gentoo.org
38.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=ppc64@gentoo.org
39. base-system@gentoo.org
40.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=base-system@gentoo.org
41. java@gentoo.org
42.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=java@gentoo.org
43. vapier@gentoo.org
44.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=vapier@gentoo.org
45. gnome@gentoo.org
46.
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2004-12-12&chfieldto=2004-12-19&resolution=FIXED&assigned_to=gnome@gentoo.org
New bug rankings
----------------
The developers and teams who have been assigned the most new bugs during
this period are:
* media-video herd[47], with 16 new bugs[48]
* AMD64 Porting Team[49], with 14 new bugs[50]
* Gentoo's Team for Core System packages[51], with 13 new bugs[52]
* Gentoo Sound Team[53], with 10 new bugs[54]
* Gentoo Science Related Packages[55], with 10 new bugs[56]
* Java team[57], with 9 new bugs[58]
* Gentoo Linux Gnome Desktop Team[59], with 9 new bugs[60]
* Embedded Gentoo Team[61], with 9 new bugs[62]
47. media-video@gentoo.org
48.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=media-video@gentoo.org
49. amd64@gentoo.org
50.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=amd64@gentoo.org
51. base-system@gentoo.org
52.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=base-system@gentoo.org
53. sound@gentoo.org
54.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=sound@gentoo.org
55. sci@gentoo.org
56.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=sci@gentoo.org
57. java@gentoo.org
58.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=java@gentoo.org
59. gnome@gentoo.org
60.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=gnome@gentoo.org
61. embedded@gentoo.org
62.
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2004-12-12&chfieldto=2004-12-19&assigned_to=embedded@gentoo.org
==================
7. Tips and Tricks
==================
Devtodo: Nifty tool for developers and others
---------------------------------------------
This small program provides a per-directory todo list. Items can be added,
deleted, edited and changed in priority. The list is always sorted with
the most important items on top, equal priority items sorted by time,
oldest first.
---------------------------------------------------------------------------
| Code Listing 7.1: |
|To |
install--------------------------------------------------------------------
-----
| |
|emerge app-misc/devtodo |
| |
---------------------------------------------------------------------------
Let's see a small demonstration:
---------------------------------------------------------------------------
| Code Listing 7.2: |
|Adding |
items----------------------------------------------------------------------
---
| |
|$ tda |
|Enter text for the item you are adding. |
|text> Write some stuff for the GWN |
|1. veryhigh 2. high 3. medium 4. low 5. verylow |
|Enter a priority from those listed above. |
|priority> medium |
|Index of new item is 1 |
| |
|$ tda |
|Enter text for the item you are adding. |
|text> Install a speelchecker |
|1. veryhigh 2. high 3. medium 4. low 5. verylow |
|Enter a priority from those listed above. |
|priority> low |
|Index of new item is 2 |
| |
---------------------------------------------------------------------------
Now lets check the output:
---------------------------------------------------------------------------
| Code Listing 7.3: |
|Sample |
output---------------------------------------------------------------------
----
| |
|$ devtodo |
| 1.Write some stuff for the GWN |
| 2.Install a speelchecker |
| |
---------------------------------------------------------------------------
Ok, let's edit the priorities, a spellchecker would be quite useful before
finishing other things:
---------------------------------------------------------------------------
| Code Listing 7.4: |
|editing-------------------------------------------------------------------|
------
| |
|$ tde 2 |
|Modify the text of the item you are editing. |
|text> Install a speelchecker |
|1. veryhigh 2. high 3. medium 4. low 5. verylow |
|Enter a priority from those listed above. |
|priority> veryhigh |
| |
---------------------------------------------------------------------------
This moves the item above lower priority items and changes the output
colour to red. Available (colour-coded!) priorities are: 1. veryhigh 2.
high 3. medium 4. low 5. verylow
---------------------------------------------------------------------------
| Code Listing 7.5: |
|Output with changed |
priorities-----------------------------------------------------------------
--------
| |
|$ devtodo |
| 1.Install a speelchecker |
| 2.Write some stuff for the GWN |
| |
---------------------------------------------------------------------------
Once you have completed an item, you can either mark it as done with "tdd"
or remove it with "tdr". So from now on you don't have an excuse for
forgetting assignments and other things. Enjoy!
===========================
8. Moves, adds, and changes
===========================
Moves
-----
The following developers recently left the Gentoo team:
* None this week
Adds
----
The following developers recently joined the Gentoo Linux team:
* Gregorio Guidi (greg_g) - KDE
Changes
-------
The following developers recently changed roles within the Gentoo Linux
project:
* None this week
====================
9. Contribute to GWN
====================
Interested in contributing to the Gentoo Weekly Newsletter? Send us an
email[63].
63. gwn-feedback@gentoo.org
================
10. GWN feedback
================
Please send us your feedback[64] and help make the GWN better.
64. gwn-feedback@gentoo.org
================================
11. GWN subscription information
================================
To subscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
gentoo-gwn-unsubscribe@gentoo.org from the email address you are
subscribed under.
===================
12. Other languages
===================
The Gentoo Weekly Newsletter is also available in the following languages:
* Danish[65]
* Dutch[66]
* English[67]
* German[68]
* French[69]
* Japanese[70]
* Italian[71]
* Polish[72]
* Portuguese (Brazil)[73]
* Portuguese (Portugal)[74]
* Russian[75]
* Spanish[76]
* Turkish[77]
65. http://www.gentoo.org/news/da/gwn/gwn.xml
66. http://www.gentoo.org/news/be/gwn/gwn.xml
67. http://www.gentoo.org/news/en/gwn/gwn.xml
68. http://www.gentoo.org/news/de/gwn/gwn.xml
69. http://www.gentoo.org/news/fr/gwn/gwn.xml
70. http://www.gentoo.org/news/ja/gwn/gwn.xml
71. http://www.gentoo.org/news/it/gwn/gwn.xml
72. http://www.gentoo.org/news/pl/gwn/gwn.xml
73. http://www.gentoo.org/news/br/gwn/gwn.xml
74. http://www.gentoo.org/news/pt/gwn/gwn.xml
75. http://www.gentoo.org/news/ru/gwn/gwn.xml
76. http://www.gentoo.org/news/es/gwn/gwn.xml
77. http://www.gentoo.org/news/tr/gwn/gwn.xml
Ulrich Plate <plate@gentoo.org> - Editor
Brian Downey <bdowney@briandowney.net> - Author
Patrick Lauer <patrick@gentoo.org> - Author
--
gentoo-gwn@gentoo.org mailing list