Jornal Semanal Gentoo: 26 de Maio de 2003

1. Noticias Gentoo

Falhas de hardware no espelho Oregon State
Gentoo Linux esta procurando por desenvolvedores para a equipe GNOME

Falhas de hardware no espelho Oregon State

Na sexta feira, o servidor que hospeda o gentoo.oregonstate.edu sofreu duas falhas nos discos rigidos de seu RAID 5 array, uma das quais infelizmente era o de reserva. Isto causou uma série de problemas, incluindo um grande número de arquivos corrompidos e más informações. Nós estamos atualmente trabalhando com o pessoal da OSU para resolver os problemas, tanto em curto prazo como a longo prazo. Isto significa que os usuários estão convidados a usar um espelho alternativo até que o problema seja corrigido.

Gentoo Linux esta procurando por desenvolvedores para a equipe GNOME

A equipde do Gentoo GNOME Desktop esta procurando por desenvolvedores para ajudar a resolver falhas e manter todos os ebuilds relacionados com o GNOME Desktop atualizado no limite do desenvolvimento. Nós estamos procurando por desenvolvedores dedicados, de preferência com experiência em desenvolver para GNOME/GTK, alguma experiência em criar ebuilds e capacidade comprovada de resolver problemas. Um "a mais" é a experiência na área de acessibilidade, possivelmente em combinação com o GNOME. Principalmente, estamos procurando alguém que esteja de acordo com a filosofia de desenvolvimento do GNOME. Se você imagina que esta nestas condições e pode nos ajudar, por favor, envie um curriculo resumido para Marinus Schraal, explique porque você que fazer parte da equipe, inclua referências de trabalho que já tenha feito com software livre e nos envie o seu email bugzilla, se possível.

2. Segurança Gentoo

Resumo

GLSA: lv
GLSA: cdrtools
GLSA: xinetd
GLSA: ut2003-demo
Anúncio de novos bugs de segurança

GLSA: lv

The lv file viewer reads a configuration file from the current directory. This could permit a malicious user to insert commands that would be executed by lv on viewing a particular file.

Gravidade: Alta - Potential local root exploit.
Pacotes afetados: app-text/lv prior to lv-4.49.5
Correção: Synchronize and emerge lv, emerge clean.
GLSA Announcement

GLSA: cdrtools

cdrecord contains a format string vulnerability that could permit the execution of arbitrary code.

Gravidade: Alta - Arbitrary code execution.
Pacotes afetados:
1. app-cdr/cdrtools prior to cdrtools-1.11.33-r1 (xcdroast users)
2. app-cdr/cdrtools prior to cdrtools-1.11.39-r1 (sparc)
3. app-cdr/cdrtools prior to cdrtools-2.01_alpha14 (others)
Correção: Synchronize and emerge \=app-cdr/(your_version), emerge clean.
GLSA Announcement
Advisory

GLSA: xinetd

The xinet daemon contains a memory leak associated with rejecting connections.

Gravidade: Moderada - Memory leak.
Pacotes afetados: sys-apps/xinetd prior to xinetd-2.3.11
Correção: Synchronize and emerge xinetd, emerge clean.
GLSA Announcement
Advisory

GLSA: ut2003-demo

The Unreal Tournament game demo has a bug in how it handles spoofed negative index values. This could permit a denial of service attack on the client.

Gravidade: Moderada - DoS.
Pacotes afetados: app-games/ut2003-demo prior to ut2003-demo-2206-r1
Correção: Synchronize and emerge ut2003-demo, emerge clean.
GLSA Announcement
Advisory

Anúncio de novos bugs de segurança

Os seguintes novos bugs de segurança foram postados esta semana:

imap clients
kernel
app-games/maelstrom
net-analyzer/nessus

3. Histórias de usuários

Mathy e lanzone.be

Figure 3.1: Mathy Vanvoorden (equerda)

Fig. 1: Um Mathy cansado (esquerda) tentando resolver um problema com o Squid

Mathy Vanvoorden da Bélgica, organiza LAN parties junto com o seu irmão e algumas outras pessoas. Ele é o webmaster do lanzone.be (onde le também faz algum código HTML e PHP) e politics.be. Algumas semanas atrás a equipe LANzone decidiu mudar todos os seus servidores de jogos para Gentoo Linux (exeto Delta Force Land Warrior, que só pode ser executado em Windows) e agora vamos aprender alguns truques envolvidos:

Avoiding backaches

All of Mathy's gameservers are thin clients which boot from a Dual Pentium III. This setup has many benefits over regular servers. Firstly they don't need any hard drives, which saves money and leads to lighter servers which is really nice for the backs of the people carrying them. :-) But the greatest advantage is the easiness of hooking up a new game server: just plug in two network cards, set the MAC adress in dhcpd so the machine gets a static IP adress, copy a base directory and have fun!

Details on the thin clients

The setup used by Mathy and his friends is slightly based on the Linux Terminal Server Project but evolved beyond that. Although they are using the project's kernel patch, the initrd script has already been modified and lots of changes were made to the Gentoo Linux init scripts (e.g. removing dependencies so that init wouldn't try to fsck mounted NFS systems).

Using these thin clients is very easy: they are connected to the main server using a 100 MBit switch and boot from a floppy (although the LANzone guys are thinking about buying network cards with boot roms so they can get rid of the disk drives which would be even better for their backs ;-). After booting they just present a regular login. Based on which user one enters a gameserver will be started. This is accomplished by replacing the login shells with a script that starts up the server. So for example login in using the UID 'ut2k3instadm' will bring up an UT 2003 Instagib deathmatch server.

Final words

Many other small adaptations had to been done for specific gameservers, but this would go to far to be covered here. As a last note, LANzone also uses Gentoo Linux for the 0.5 Terabyte FTP server (running ProFTPD) and the router (using iptables and Squid to limit incoming traffic to 5 kB/s per user), although Mathy's thinking about switching the router to a BSD because he heard that they handle traffic shaping better than Linux and he's curious about trying it out.

4. Ouvimos na comunidade

Web Forums

Gnome 2.3.2

Forum veteran Lovechild started a thread announcing the ebuild he concocted mere minutes after the new Gnome version was published, and ever since then the band of Gnome fanatics in the forums has been merrily patching and tweaking it to almost stable use. Get carried away by the enthusiasm in this thread:

GNOME 2.3.2 is out now. [EBUILDS INSIDE]

When Portage Chokes

You'd expect critical alerts on bugs.gentoo.org or the mailing lists first, but whenever something affects a large number of people, many of them look to the Forums as the main emergency alert mechanism. Last week, Oregon State University's rsync server had temporary trouble that immediately got spotted by a lot of users. Check the sticky thread for an instant workaround in cases like this:

corrupt portage? MD5 sum problems

5. Gentoo Internacional

Gentoo Poland Established

Their URL points to more than just Poland as a base, but it's essentially for their compatriots here and there and everywhere that the Polish Gentooists busied themselves with setting up a complete Gentoo Poland framework. Started by a handful of activists a few weeks ago, the #gentoo-pl IRC channel on irc.freenode.net is now quite popular, and the very well organized website has made great progress in providing translations of the Gentoo documentation, a forum of their own, and many other features. And to round it all up, the group around Jaroslaw Swierad is currently bringing together enough translators to work on a Polish version of the Jornal Semanal Gentoo, too.

German Gentoo Usermeeting Planning

A small group of Gentoo Linux users, led by Gentoo developer Sascha Schwabbauer and Gentoo Linux user Tilman Klar, have started an effort to put together a German Gentoo Usermeeting. As part of the effort, Sascha has put up a web page that asks German Gentoo Linux users where they live. The responses to this survey will determine where the meeting will be physically held. Anyone interested in attending is invited to input their location using the above form.

Additional details about the German Gentoo Linux Usermeeting will be made available in future editions of the GWN.

6. Portage Watch

The following stable packages were updated or added to portage this week

app-arch/file-roller: archive manager for GNOME
app-doc/abs-guide: An advanced reference and a tutorial on bash shell scripting.
app-editors/bluefish: Bluefish is a GTK HTML editor for the experienced web designer or programmer.
app-editors/gvim: Graphical Vim
app-i18n/canna: A client-server based Kana-Kanji conversion system
app-office/gnucash: A personal finance manager
app-office/scribus: Layout program similar to AdobeÂ® PageMaker, QuarkXPress, or AdobeÂ® InDesign
app-pda/gtkpod: GUI for iPod using GTK2
app-sci/elph: ELPH -- general-purpose Gibbs sampler for finding motifs in a set of DNA or protein sequences
app-sci/libnova: Celestial Mechanics and Astronomical Calculation Library
app-shells/bash-completion: Programmable Completion for bash (includes emerge and ebuild commands).
app-shells/tcsh: Enhanced version of the Berkeley C shell (csh)
app-text/a2ps: Any to PostScript filter
dev-db/mysql: A fast, multi-threaded, multi-user SQL database server
dev-haskell/haddock: A documentation tool for Haskell
dev-java/blackdown-jdk: Blackdown Java Development Kit 1.3.1
dev-java/blackdown-jre: Blackdown Java Runtime Environment 1.4.1
dev-java/infobus: InfoBus enables dynamic exchange of data between JavaBeans component architecture.
dev-java/jaf: Sun's JavaBeans Activation Framework (JAF)
dev-lisp/mule-ucs: A character code translator.
dev-perl/Attribute-Handlers: A Perl module for I/O on in-core objects like strings and arrays
dev-python/Cheetah: Python-powered template engine and code generator.
dev-python/PyOpenGL: Python OpenGL bindings
dev-python/bsddb3: Python bindings for BerkelyDB
dev-ruby/amrita: A HTML/XHTML template library for Ruby
dev-ruby/amstd: Ruby utility collection by Minero Aoki
dev-ruby/devel-logger: Lightweight logging utility
dev-ruby/fxruby: Ruby language binding to the FOX GUI toolkit
dev-ruby/http-access2: HTTP accessing library
dev-ruby/mysql-ruby: A Ruby extention library to use MySQL
gnome-base/ORBit2: ORBit2 is a high-performance CORBA ORB
gnome-base/gnome-applets: Applets for the Gnome2 Desktop and Panel
gnome-base/gnome-vfs: Gnome Virtual Filesystem
gnome-base/libbonobo: a CORBA framework
gnome-extra/gconfmm: C++ bindings for GConf
gnome-extra/gnome-media: Multimedia related programs for the Gnome2 desktop
gnome-extra/gnome-pilot: Gnome Pilot apps
gnome-extra/gnome-pilot-conduits: Gnome Pilot Conduits
gnome-extra/gnome-pim: gnome-pim
gnome-extra/libglademm: C++ bindings for libglade
kde-base/arts: aRts, the KDE sound (and all-around multimedia) server/output manager
kde-base/kde: KDE 3.1 - merge this to pull in all non-developer kde-base/* packages
media-sound/alsa-driver: Advanced Linux Sound Architecture kernel modules
media-sound/aumix: Aumix volume/mixer control program.
media-sound/cm: Common Music: An object oriented music composition environment in LISP/scheme
media-sound/ecasound: A package for multitrack audio processing
media-video/ati-drivers: Ati precompiled drivers for r300, r250 and r200 chipsets
media-video/avidemux: Great Video editing/encoding tool. New, gtk2 version
media-video/avifile: Library for AVI-Files
net-dialup/diald: Daemon that provides on demand IP links via SLIP or PPP
net-dialup/freeradius: Free RADIUS server with MySQL support
net-dialup/gnokii: a client that plugs into your handphone
net-firewall/shorewall: Full state iptables firewall
net-fs/nfs-utils: NFS client and server daemons
net-irc/cyclone: IRC daemon with hostname cloaking, SOCKS proxy checking and other advanced features
net-irc/kvirc: An advanced IRC Client
net-libs/libnet: library to provide an API for commonly used low-level network
net-libs/linc: A library to ease the writing of networked applications
net-mail/courier-imap: An IMAP daemon designed specifically for maildirs
net-news/yydecode: A decoder for yENC format, popular on Usenet.
net-print/foomatic: Generates printer configurations automagically
net-wireless/bluez-utils: bluetooth utilities
net-wireless/hostap: HostAP wireless drivers
net-www/amphetadesk: AmphetaDesk is a free syndicated news aggregator
net-www/apache: Apache Web Server, Version 2.0.x
sys-apps/baselayout: Base layout for Gentoo Linux filesystem (incl. initscripts and sysvinit)
sys-apps/console-tools: Console and font utilities
sys-apps/dcron: A cute little cron from Matt Dillon
sys-apps/debianutils: A selection of tools from Debian
sys-devel/distcc: a program to distribute compilation of C code across several machines on a network
sys-devel/gcc: The GNU Compiler Collection. Includes C/C++ and java compilers
sys-kernel/ac-sources: Full sources for Alan Cox's Linux kernel
sys-libs/cracklib: Password Checking Library
sys-libs/db: Berkeley DB for transaction support in MySQL
sys-libs/glibc: GNU libc6 (also called glibc2) C library
sys-libs/libieee1284: Library to query devices using IEEE1284
x11-base/xfree: Xfree86: famous and free X server
x11-libs/gtkglextmm: C++ bindings for gtkglext
x11-libs/gtkmm: C++ interface for GTK+2
x11-themes/gnome-icon-theme: Gnome2 default icon theme

Total categories: 82

Total packages: 4428 (32 new packages added this week).

7. Bugzilla

Resumo

Statistics
Closed Bug Ranking
New Bug Rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:

343 novos bugs this week
346 bugs closed or resolved this week
7 previously bugs fechados were reopened this week.
2669 total bugs currently marked 'new'
339 total bugs currently assigned to developers

There are currently 3056 bugs open in Bugzilla. Of these: 44 are labeled 'blocker', 111 are labeled 'critical', and 242 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs this week are:

New Bug Rankings

The developers and teams who have been assigned the most novos bugs this week are:

8. Tips and Tricks

Blocking Spam with bogofilter

While we've already had one tip on blocking spam with SpamAssassin, this week we look at another way to block spam using bogofilter (available in portage), crontab and Evolution. This example uses MH style mailboxes but could be extended to other types as well.

This week's tip was submitted by John Mylchreest.

You will need bogofilter and a mail client that reads MH style mailboxes such as mutt or Evolution.

Code Listing 8.1: Installing bogofilter

# emerge bogofilter

Create a folder called SPAM and mark it as MH format. Additionally, mark Inbox as MH format.

Add a filter for incoming mail that pipes to a shell command. The shell command should be /usr/bin/bogofilter. Set the return condition to 0 and set the action as "Move to Folder SPAM". Add another action to this filter called "Stop Processing".

Create another filter than runs after the first one. This filter should have two criteria. The first is that Size should be greater than 0. The second is another external pipe; this time to /usr/bin/bogofilter -Sn (notice the -Sn). The -Sn option tells bogofilter to register the text as non-spam and to undo any prior registrations of the message as spam.

The last step is to set up a crontab to evaluate spam messages. Add the following to your crontab with crontab -e.

Code Listing 8.2: crontab

(Go through the SPAM folder and learn what spam looks like)
0 0 * * * cd ~/evolution/local/SPAM/mbox/ ; for i in *; do if [ ! "$i" = "*" ] ; then /usr/bin/bogofilter -Ns < $i ; rm $i ; fi ; done
(Go through the Inbox folder and learn what spam is not.)
5 0 * * * cd ~/evolution/local/Inbox/mbox/; for i in *; do if [ ! "$i" = "*" ] ; then /usr/bin/bogofilter -Sn < $i ; fi ; done

9. Quote/Signature of the week

Old but still good: "There are 10 types of people in the world; those who understand binary, and those who don't". (Signature of forums user ssjf)

10. Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team: