Gentoo Logo

Jornal Semanal Gentoo: 1 de Abril de 2003

Content:

1.  Noticias Gentoo

Resumo

Portage 2.1 ira adotar formato RPM para ajustar-se ao LSB

Em algo que é uma decisão controversa, Portage 2.1 ira adotar o formato RPM para todos os pacotes daqui para frente. O uso dos ebuilds será abandonado a favor dos padrões RPM. O motivador primário para esta decisão é garantir compatibilidade com as especificações do Linux Standard Base que exige o suporte para gerenciamento de pacotes RPM.

Os desenvolvedores tem trabalhado duramente para fazer esta migração possível. Até o momento um programa ebuild2rpm foi escrito e esta sendo usado por um grupo de desenvolvedores. Infelizmente, devido as diferenças de arquitetura entre os dois formatos, algumas caracteristicas não serão mais suportadas pelo Gentoo ao mover-se para RPM. Variáveis USE é uma destas caracteristicas, segurança com caixa de areia é outra. Entretanto, o beneficio adicionado trará concordância total com as regras LSB, bem mais importante que estas duas caracteristicas menores.

Adicionalmento, devido a necessidade de suporte a bibliotecas, o pacote xfree86 será parte da base do Gentoo Linux, e não mais um adicional opcional. Usuários interessados em aprender mais sobre o Linux Standard Base devem ler o LSB FAQ ou o full LSB 1.3 specification.

Reestruturação da equipe Gentoo PPC

Como anunciado na edição a semana passada, Mark Guertin (gerk) recentemente saiu do projeto Gentoo Linux. Substituindo o Mark como o lider do Gentoo/PPC entrará Pieter Van den Abeele (pvdabeel). Ajudando Pieter no esforço de desenvolvimento PPC estará Luca, Graham e Seth, que tem sido apontado como o segundo lider do grupo. A nova estrutura vai distribuir melhor a liderança entre os desenvolvedores PPC e oferecer flexibilidade e redundância.

Anunciado o calendário de lançamento do Gentoo Linux 1.4_rc4

Brad Cowan (bcowan) recentemente anunciou o calendário de lançamento do Gentoo Linux 1.4_rc4:

  • Domingo, dia 23 de março - Fase de atualização de pacotes - As equipes de desenvolvedores são chamadas para mover pacotes de instável ("~" marcado) para estável para os próximos 14 dias.
  • Domingo, dia 30 de março - Compilação e fase de testes - serão feitos stage tarballs para cpu genérica e testados do atual árvore do CVS pelos próximos 7 dias com jhhudso e testes de QA reportando bugs encontrados.
  • Domingo, dia 6 de Abril - Final da fase de atualização de pacotes - Inicia compilação e fase de testes com um snapshot do CVS oficial.
  • Quarta, dia 9 de Abril - Decisão oficial sobre o lançamento - uma determinação é tomada se o próximo lançamento ser um "lançamento oficial" ou um "candidato à lançamento". O lider de cada arquitetura, o coordenador de lançamento, e o chefe de arquitetura irão dar a decisão unanime final sobre este assunto.

2.  Segurança Gentoo

Resumo

GLSA: stunnel

The stunnel SSL port wrapper is vulnerable to a timing attack against OpenSSL that may expose RSA keys.

  • Gravidade: High - Cryptographic exposure.
  • Pacotes afetados: net-misc/stunnel versions prior to stunnel-3.22-r2
  • Correção: Synchronize and emerge stunnel, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: mod_SSL

The Apache module mod_SSL is vulnerable to a timing attack against OpenSSL that may expose RSA keys.

  • Gravidade: High - Cryptographic exposure.
  • Pacotes afetados: net-www/mod_ssl versions prior to mod_ssl-2.8.14
  • Correção: Synchronize and emerge mod_ssl, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: glibc

An integer overflow vulnerability in the xdrmem_getbytes() function provided as part of glibc could permit a remote exploit attack.

  • Gravidade: High - Remote exploit possible.
  • Pacotes afetados: sys-libs/glibc versions prior to glibc-2.3.1-r4 (glibc-2.2.5-r8 on ARM systems).
  • Correção: Synchronize and emerge glibc, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: openssl

It has been discovered that OpenSSL is vulnerable to a sophisticated attack involving opening millions of SSL/TLS connections to a server in order to perform a private-key operation using the server's RSA key. The key itself is not compromised.

  • Gravidade: High - Cryptographic exposure.
  • Pacotes afetados: dev-libs/openssl versions prior to openssl-0.9.6i-r2
  • Correção: Synchronize and emerge openssl, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: mutt

The mutt mail client contains a vulnerability in its IMAP support that could permit a malicious IMAP server operator to crash the reader or potentially execute commands on the vulnerable system.

  • Gravidade: High - Remote code execution.
  • Pacotes afetados: net-mail/mutt versions prior to mutt-1.4.1
  • Correção: Synchronize and emerge mutt, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: bitchx

The bitchx IRC client is vulnerable to buffer-overflows, permitting malicious server operators or man-in-the-middle attackers to perform DoS attacks.

  • Gravidade: Moderate - remote DoS.
  • Pacotes afetados: net-irc/bitchx versions prior to bitchx-1.0.19-r5
  • Correção: Synchronize and emerge bitchx, emerge clean.
  • GLSA Announcement
  • Advisory

GLSA: zlib

The zlib system library contains a buffer-overflow vulnerability in its gzprintf() function. This vulnerability could be used to corrupt the call stack.

  • Gravidade: Moderate - local DoS.
  • Pacotes afetados: sys-libs/zlib versions prior to zlib-1.1.4-r1
  • Correção: Synchronize and emerge zlib, emerge clean.
  • GLSA Announcement
  • Advisory

Anuncio de novos bugs de segurança

Os seguintes novos bugs de segurança foram reportados esta semana:

3.  Desenvolvedor da Semana

Karl Trygve Kalleberg


Figure 3.1: Karl Trygve Kalleberg, aka karltk

Fig. 1: Karl Trygve Kalleberg, aka karltk

Karl Trygve Kalleberg maintains dev-lisp and dev-java with a few other developers, as well as several other languages and compilers and the eminently useful gentoolkit. This mostly entails fixing ebuild bugs and verifying new submissions; Karl also spends much time arguing with the other developers about how to improve Gentoo Linux's development process, a goal for which he has crafted tools like lintool and munchie. A Gentoo developer since summer 2001, Karl has worked on many other OSS projects, including the Savage3D driver for the Utah-GLX project, the Linux port to the Sega Dreamcast, a multi-language documentation system, the Norwegian translations of AbiWord and the Gimp (the first to Bokmål, the latter to Nynorks, two different dialects of Norwegian), and some other projects you can see listed on his personal page at SourceForge, but most of these projects, as well as his involvement with Gentoo were preempted by his Master's thesis: transformations for the CodeBoost transformation system which he presented on the 21st of March at the University of Bergen. Now he's back in all of his capacities, including that of comic relief for the Gentoo development team.

Karl has a nice dual Athlon 2000+ box with a Kyro II video card and an IDE RAID, but as of late he only visits it through ssh. He's currently borrowing an Athlon 1800+ running Redhat (his excuse: it's nice to know what the other distros look like once in a while), and is waiting for a replacement for his iBook, which he bought in January and which has broken down twice (Karl says that Apple's customer support is the worst service he's come across, including the tax authorities, but will gladly use an iBook if Apple decides to send him a working one). He uses Fluxbox and KDE depending on the occasion, com Galeon and Sylpheed for browsing and mail. Karl's other favorite apps include zsh, most, irssi, and ssh, and he suffers from withdrawal symptoms whenevr he tries to ditch the bloated, horrible, emacs, which is nevertheless home.

Karl used to design computer languages until the company he worked for caved in last summer, and afterwards he worked at a very cool ISP. Now unwittingly applying for a PhD position in computer science, he continues to study medicine at the Norwegian university of Technology and Science as a break from all the CS. Also, he enjoys various forms of roleplaying, generally Ars Magica interspersed with some happy-go-lucky Sci Fi stints. Believe it or not, his girlfriend's name is Tilde; the fact that she works for an evil cell phone company is offset by her understanding of obscure Unix jokes, and she lives with him in Trondheim, Norway. Karl was born in the coastal town of Haugesund but escaped to Bergen when he discovered that not all city halls were supposed to be pink. The city hall in Bergen was nondistinct, and there he was subjeced to Solaris and IRIX before he accidentally installed Linux and was not able to get it off.

Karl left the link between Bergen and Trodheim in a shroud of mystery, as to appear inscrutable.

4.  Heard In The Community

Web Forums

CFLAGS Central Revival

Floating point conversion functions in GCC, the standard C compiler suite, are susceptible of creating bugs when compiling with -march=pentium4. Some people circumvent this by "downgrading" to -march=pentium3, some deny bugginess altogether. Say hello to a renewed discussion of compiler optimizations:

Finally: Gentoo on the Xbox

A fresh post by Forum newbie, ShALLaX, sent shivers of relief +down many a Gentooist's spine: You can do a stage1 installation and run Gentoo Linux on your Xbox!

gentoo-user

Gentoo Migration Strategies

Matt Garman asked about migration strategies for moving from Debian to Gentoo. The resulting thread gave Matt some helpful hints and also touched upon the "requirement" of having a separate, 100MB boot partition.

Money Dance is Not Dead

Alex Combas inquired about running Money Dance on Gentoo. There was some confusion about whether or not Money Dance was still an actively-developed program, but it was eventually clarified that Money Dance is, in fact, still an active product.

gentoo-dev

Managing Disk Space

Andy Arbon posted a script for assisting in the tidying of binary packages built by portage.

Destroying Dependancies

Per Wigren had some troubles with dependancies when mysql was upgraded from 3.23 to 4.0 and proposed a solution to solve the problem going forward. Alain Penders pointed out that reverse dependancy checking in portage would likely solve Per's problem.

5.  Gentoo International

Gentoo Hanami

Cherry blossom season in Japan. While the weather report of Japanese TV stations still brings daily coverage of the full-bloom-front that is slowly moving towards the north of the country, the usual GentooJP suspects have already fulfilled their traditional "hanami" duty last Friday. For those unfamiliar with the expression: Hanami is a cherry blossom viewing event better described as an annual mass hysteria with the aim of getting seriously drunk in a park with preferrably large numbers of cherry trees and watching the petals float gently to the ground while noisily dancing around on much too blue plastic sheets. Roughly a dozen of GentooJP activists decided on Shinjuku Gyoen as a venue, a particularly nice and fairly central spot in Tokyo, but believe it or not: nobody brought a camera... Hoping for next year then, lads.

German Police Runs on Gentoo-ARM

Government agencies in Europe are known to be much more open towards Linux and Open Source Software than those of other countries. In their latest move, the BKA (the German equivalent of its more universally known cousins FBI or Scotland Yard) has started deploying Gentoo-ARM-based PDAs for use of its officers in the field. "They will mainly use it for playing MP3s of phone conversations in abduction cases", says Hein Bloed, head of the IT department at BKA's headquarters in Wiesbaden. PDAs have been part of the standard equipment at the BKA for many years, but the sudden decision to replace PocketPC with ARM-based Gentoo Linux came as a surprise. The Gentoo-ARM developer team says there are rumours of a PocketPC virus accidentally spread throughout the organization by their own computer crime department following a raid on illegal software importers in the port of Hamburg two months ago.

Erratum: Gentoo Presentation in Denmark on 1 April, not 2 April!

We apologize to Klavs Klavsen for the misinformation carried in last week's GWN: His presentation to the mixed Danish and Swedish SSLUG is going to take place on 1 April, i.e. Tuesday, at DKUUG/Symbion, Fruebjergvej 3 in Copenhagen East, starting at 19:30 in room M4.

6.  Portage Watch

The following stable packages were added to portage this week

Updates to notable packages

  • sys-apps/portage - portage-2.0.47-r12.ebuild;
  • sys-devel/gcc - gcc-3.2.2-r2.ebuild;
  • sys-libs/glibc - glibc-2.2.5-r8.ebuild; glibc-2.3.1-r4.ebuild;
  • sys-kernel/* - development-sources-2.5.66.ebuild; mips-headers-2.4.21.ebuild; mm-sources-2.5.65-r3.ebuild; mm-sources-2.5.65-r4.ebuild; mm-sources-2.5.66-r1.ebuild; ppc-sources-benh-2.4.20-r9.ebuild; selinux-sources-2.4.20-r2.ebuild; wolk-sources-4.0_rc4.ebuild;
  • dev-db/mysql - mysql-4.0.12.ebuild;

New USE variables

  • mpi - Adds MPI (Message Passing Interface) layer to the apps that support it
  • selinux - Adds support for Security Enhanced Linux (to build a more secure set of packages and kernel

7.  Bugzilla

Resumo

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:

  • 311 novos bugs this week
  • 311 bugs closed or resolved this week
  • 12 previously bugs fechados were reopened this week.
  • 2349 total bugs currently marked 'new'
  • 466 total bugs currently assigned to developers

There are currently 2880 bugs open in Bugzilla. Of these: 72 are labeled 'blocker', 104 are labeled 'critical', and 233 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs this week are:

New Bug Rankings

The developers and teams who have been assigned the most novos bugs this week are:

8.  Tips and Tricks

Synchronizing System Date/Time with rdate

This week's tip shows you how to keep your system's date and time synced without the hassle of NTP. The command rdate allows you to get the time from a server running NTP but doesn't require you to set up your own NTP server.

First make sure that you have rdate installed.

Code Listing 8.1: Installing rdate

# emerge rdate

To sync your computer clock, run rdate -s. You should probably change which server you use so as not to overload one particular one. Here is a list of public Stratum 2 servers that you can use.

Code Listing 8.2: Using rdate

# rdate -s ntp0.cornell.edu

To keep your machine automatically synced, you may want to make use of crontab.

Code Listing 8.3: Adding rdate to crontab

(Add the following to /etc/crontab to sync on the first day of the week.
)
* * * * 0 rdate -s ntp0.cornell.edu

9.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

  • Nicholas Henke (roughneck)
  • Maik Schreiber (blizzy)

Adds

The following developers recently joined the Gentoo Linux team:

  • Arun Thomas (sindian) -- Gentoo/ARM, gentoo-hardened

Changes

The following developers recently changed roles within the Gentoo Linux project.

  • none this week

10.  Contribute to GWN

Interested in contributing to the Jornal Semanal Gentoo? Send us an email.

11.  GWN Feedback

Please send us your feedback and help make GWN better.

12.  Other Languages

The Jornal Semanal Gentoo is also available in the following languages:



Print

Page updated 1 April 2003

Summary: Este é o Jornal Semanal Gentoo da semana de 1 de Abril de 2003.

Kurt Lieber
Editor

AJ Armstrong
Colaborador

Brice Burgess
Colaborador

Yuji Carlos Kosugi
Colaborador

Rafael Cordones Marcos
Colaborador

David Narayan
Colaborador

Ulrich Plate
Colaborador

Peter Sharp
Colaborador

Kim Tingkaer
Colaborador

Mathy Vanvoorden
Tradução Holandês

Tom Van Laerhoven
Tradução Holandês

Peter Dijkstra
Tradução Holandês

Bernard Bernieke
Tradução Holandês

Vincent Verleye
Tradução Holandês

Jochen Maes
Tradução Holandês

Ben De Groot
Tradução Holandês

Jelmer Jaarsma
Tradução Holandês

Nicolas Ledez
Tradução Francês

Guillaume Plessis
Tradução Francês

John Berry
Tradução Francês

Martin Prieto
Tradução Francês

Michael Kohl
Tradução Alemão

Steffen Lassahn
Tradução Alemão

Matthias F. Brandstetter
Tradução Alemão

Thomas Raschbacher
Tradução Alemão

Klaus-J. Wolf
Tradução Alemão

Marco Mascherpa
Tradução Italiano

Claudio Merloni
Tradução Italiano

Daniel Ketel
Tradução Japones

Yoshiaki Hagihara
Tradução Japones

Andy Hunne
Tradução Japones

Yuji Carlos Kosugi
Tradução Japones

Yasunori Fukudome
Tradução Japones

Ventura Barbeiro
Tradução Português do Brasil

Bruno Ferreira
Tradução Português de Portugal

Gustavo Felisberto
Tradução Português de Portugal

Ricardo Jorge Louro
Tradução Português de Portugal

Lanark
Tradução Espanhol

Rafael Cordones Marcos
Tradução Espanhol

Julio Castillo
Tradução Espanhol

Sergio Gómez
Tradução Espanhol

Pablo Pita Leira
Tradução Espanhol

Carlos Castillo
Tradução Espanhol

Tirant
Tradução Espanhol

Jaime Freire
Tradução Espanhol

Lucas Sallovitz
Tradução Espanhol

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.