Gentoo Weekly Newsletter: May 26th, 2003
Hardware failures on Oregon State mirror
On Friday, the server that hosts gentoo.oregonstate.edu suffered two hard disk failures in its RAID 5 array, one of which was unfortunately the hot spare. This caused a series of problems, including a number of corrupted files and bad digests. We are actively working with the folks at OSU to resolve the problem, both in the short term as well as the long term. In the mean time, users are asked to use an alternate mirror until the problem has been fully resolved.
Gentoo Linux is seeking developers for the GNOME team
The Gentoo GNOME Desktop team is looking for new developers to help squash bugs
and keep the Gentoo GNOME-related ebuilds on the bleeding edge of development.
We are looking for dedicated developers, preferably with experience in
developing for GNOME/GTK, some experience in creating ebuilds and solid problem
solving capabilities. A plus would be experience in the area of accessibility,
possibly in combination with GNOME. Most of all we're looking for people who
stand completely behind the current GNOME development philosophy. If you think
you got what it takes and can help us out then please send a resume to Marinus Schraal, explain why you would like to
be part of the team, include references to work you've done on OSS and provide
us with your bugzilla email address if possible.
Gentoo Linux in the news
Gentoo Linux has been generating some good press of late, with a mention on Slashdot discussing our intent to port Gentoo Linux to the AMD Opteron platform. Additionally, Gentoo Linux received a favorable review from LinuxWorld.com, where the author states, "[U]ntil further notice, Gentoo is now my flavor of Linux."
The lv file viewer reads a configuration file from the current directory. This could permit a malicious user to
insert commands that would be executed by lv on viewing a particular file.
- Severity: High - Potential local root exploit.
- Packages Affected: app-text/lv prior to lv-4.49.5
- Rectification: Synchronize and emerge lv, emerge clean.
- GLSA Announcement
cdrecord contains a format string vulnerability that could permit the execution of arbitrary code.
- Severity: High - Arbitrary code execution.
- Packages Affected:
- app-cdr/cdrtools prior to cdrtools-1.11.33-r1 (xcdroast users)
- app-cdr/cdrtools prior to cdrtools-1.11.39-r1 (sparc)
- app-cdr/cdrtools prior to cdrtools-2.01_alpha14 (others)
- Rectification: Synchronize and emerge \=app-cdr/(your_version), emerge clean.
- GLSA Announcement
The xinet daemon contains a memory leak associated with rejecting connections.
- Severity: Moderate - Memory leak.
- Packages Affected: sys-apps/xinetd prior to xinetd-2.3.11
- Rectification: Synchronize and emerge xinetd, emerge clean.
- GLSA Announcement
The Unreal Tournament game demo has a bug in how it handles spoofed negative index values. This could
permit a denial of service attack on the client.
The security fix for this bug caused problems with the game itself. As such, it has been removed in -r2 of the ebuild until a better patch can be integrated.
- Severity: Moderate - DoS.
- Packages Affected: app-games/ut2003-demo prior to ut2003-demo-2206-r1
- Rectification: Synchronize and emerge ut2003-demo, emerge clean.
- GLSA Announcement
New Security Bug Reports
The following new security bugs were posted this week:
Mathy and lanzone.be
Figure 3.1: Mathy Vanvoorden (left)
Mathy Vanvoorden from Belgium organizes LAN parties together with his brother and some other people. He is the webmaster of lanzone.be (where he also did the HTML and PHP coding) and politics.be. A few months ago the LANzone team decided to switch all their gameservers to Gentoo Linux (except for Delta Force Land Warrior, which only runs on Windows) and now we're going to learn about the tricks involved:
All of Mathy's gameservers are thin clients which boot from a Dual Pentium III. This setup has many benefits over regular servers. Firstly they don't need any hard drives, which saves money and leads to lighter servers which is really nice for the backs of the people carrying them. :-) But the greatest advantage is the easiness of hooking up a new game server: just plug in two network cards, set the MAC adress in dhcpd so the machine gets a static IP adress, copy a base directory and have fun!
Details on the thin clients
The setup used by Mathy and his friends is slightly based on the Linux Terminal Server Project but evolved beyond that. Although they are using the project's kernel patch, the initrd script has already been modified and lots of changes were made to the Gentoo Linux init scripts (e.g. removing dependencies so that init wouldn't try to fsck mounted NFS systems).
Using these thin clients is very easy: they are connected to the main server using a 100 MBit switch and boot from a floppy (although the LANzone guys are thinking about buying network cards with boot roms so they can get rid of the disk drives which would be even better for their backs ;-). After booting they just present a regular login. Based on which user one enters a gameserver will be started. This is accomplished by replacing the login shells with a script that starts up the server. So for example login in using the UID 'ut2k3instadm' will bring up an UT 2003 Instagib deathmatch server.
Many other small adaptations had to been done for specific gameservers, but this would go to far to be covered here. As a last note, LANzone also uses Gentoo Linux for the 0.5 Terabyte FTP server (running ProFTPD) and the router (using iptables and Squid to limit incoming traffic to 5 kB/s per user), although Mathy's thinking about switching the router to a BSD because he heard that they handle traffic shaping better than Linux and he's curious about trying it out.
Heard In The Community
Forum veteran Lovechild started a thread announcing the ebuild he concocted mere minutes after the new Gnome version was published, and ever since then the band of Gnome fanatics in the forums has been merrily patching and tweaking it to almost stable use. Get carried away by the enthusiasm in this thread:
When Portage Chokes
You'd expect critical alerts on bugs.gentoo.org or the mailing lists first, but whenever something affects a large number of people, many of them look to the Forums as the main emergency alert mechanism. Last week, Oregon State University's rsync server had temporary trouble that immediately got spotted by a lot of users. Check the sticky thread for an instant workaround in cases like this:
JRE Support - Is it worth it?
It has been brought up that there might be a couple of good reasons to remove the Java Runtime Envirronment (JRE)
support from Gentoo. Read the full discussion.
Gentoo Poland Established
Their URL points to more than just Poland as a base, but it's essentially for their compatriots here and there and everywhere that the Polish Gentooists busied themselves with setting up a complete Gentoo Poland framework. Started by a handful of activists a few weeks ago, the #gentoo-pl IRC channel on irc.freenode.net is now quite popular, and the very well organized website has made great progress in providing translations of the Gentoo documentation, a forum of their own, and many other features. And to round it all up, the group around Jaroslaw Swierad is currently bringing together enough translators to work on a Polish version of the Gentoo Weekly Newsletter, too.
German Gentoo User Meeting Planning
A small group of Gentoo Linux users, led by Gentoo developer Sascha Schwabbauer and Gentoo Linux user Tilman Klar, have started an effort to put together a German Gentoo User Meeting. As part of the effort, Sascha has put up a web page that asks German Gentoo Linux users where they live. The responses to this survey will determine where the meeting will be held. Anyone interested in attending is invited to input their location using the above form.
Additional details about the German Gentoo Linux user meeting will be made available in future editions of the GWN.
The following stable packages were updated or added to portage this week
- app-arch/file-roller: archive manager for GNOME
- app-doc/abs-guide: An advanced reference and a tutorial on bash shell scripting.
- app-editors/bluefish: Bluefish is a GTK HTML editor for the experienced web designer or programmer.
- app-editors/gvim: Graphical Vim
- app-i18n/canna: A client-server based Kana-Kanji conversion system
- app-office/gnucash: A personal finance manager
- app-office/scribus: Layout program similar to Adobe® PageMaker, QuarkXPress, or Adobe® InDesign
- app-pda/gtkpod: GUI for iPod using GTK2
- app-sci/elph: ELPH -- general-purpose Gibbs sampler for finding motifs in a set of DNA or protein sequences
- app-sci/libnova: Celestial Mechanics and Astronomical Calculation Library
- app-shells/bash-completion: Programmable Completion for bash (includes emerge and ebuild commands).
- app-shells/tcsh: Enhanced version of the Berkeley C shell (csh)
- app-text/a2ps: Any to PostScript filter
- dev-db/mysql: A fast, multi-threaded, multi-user SQL database server
- dev-haskell/haddock: A documentation tool for Haskell
- dev-java/blackdown-jdk: Blackdown Java Development Kit 1.3.1
- dev-java/blackdown-jre: Blackdown Java Runtime Environment 1.4.1
- dev-java/infobus: InfoBus enables dynamic exchange of data between JavaBeans component architecture.
- dev-java/jaf: Sun's JavaBeans Activation Framework (JAF)
- dev-lisp/mule-ucs: A character code translator.
- dev-perl/Attribute-Handlers: A Perl module for I/O on in-core objects like strings and arrays
- dev-python/Cheetah: Python-powered template engine and code generator.
- dev-python/PyOpenGL: Python OpenGL bindings
- dev-python/bsddb3: Python bindings for BerkelyDB
- dev-ruby/amrita: A HTML/XHTML template library for Ruby
- dev-ruby/amstd: Ruby utility collection by Minero Aoki
- dev-ruby/devel-logger: Lightweight logging utility
- dev-ruby/fxruby: Ruby language binding to the FOX GUI toolkit
- dev-ruby/http-access2: HTTP accessing library
- dev-ruby/mysql-ruby: A Ruby extention library to use MySQL
- kde-base/arts: aRts, the KDE sound (and all-around multimedia) server/output manager
- kde-base/kde: KDE 3.1 - merge this to pull in all non-developer kde-base/* packages
- media-sound/alsa-driver: Advanced Linux Sound Architecture kernel modules
- media-sound/aumix: Aumix volume/mixer control program.
- media-sound/cm: Common Music: An object oriented music composition environment in LISP/scheme
- media-video/ati-drivers: Ati precompiled drivers for r300, r250 and r200 chipsets
- media-video/avidemux: Great Video editing/encoding tool. New, gtk2 version
- media-video/avifile: Library for AVI-Files
- net-dialup/diald: Daemon that provides on demand IP links via SLIP or PPP
- net-dialup/freeradius: Free RADIUS server with MySQL support
- net-dialup/gnokii: a client that plugs into your handphone
- net-firewall/shorewall: Full state iptables firewall
- net-fs/nfs-utils: NFS client and server daemons
- net-irc/cyclone: IRC daemon with hostname cloaking, SOCKS proxy checking and other advanced features
- net-irc/kvirc: An advanced IRC Client
- net-libs/libnet: library to provide an API for commonly used low-level network
- net-libs/linc: A library to ease the writing of networked applications
- net-mail/courier-imap: An IMAP daemon designed specifically for maildirs
- net-news/yydecode: A decoder for yENC format, popular on Usenet.
- net-print/foomatic: Generates printer configurations automagically
- net-wireless/bluez-utils: bluetooth utilities
- net-wireless/hostap: HostAP wireless drivers
- net-www/amphetadesk: AmphetaDesk is a free syndicated news aggregator
- net-www/apache: Apache Web Server, Version 2.0.x
- sys-apps/baselayout: Base layout for Gentoo Linux filesystem (incl. initscripts and sysvinit)
- sys-apps/console-tools: Console and font utilities
- sys-apps/dcron: A cute little cron from Matt Dillon
- sys-apps/debianutils: A selection of tools from Debian
- sys-devel/distcc: a program to distribute compilation of C code across several machines on a network
- sys-devel/gcc: The GNU Compiler Collection. Includes C/C++ and java compilers
- sys-kernel/ac-sources: Full sources for Alan Cox's Linux kernel
- sys-libs/cracklib: Password Checking Library
- sys-libs/db: Berkeley DB for transaction support in MySQL
- sys-libs/glibc: GNU libc6 (also called glibc2) C library
- sys-libs/libieee1284: Library to query devices using IEEE1284
- x11-base/xfree: Xfree86: famous and free X server
- x11-libs/gtkglextmm: C++ bindings for gtkglext
- x11-libs/gtkmm: C++ interface for GTK+2
- x11-themes/gnome-icon-theme: Gnome2 default icon theme
Total categories: 82
Total packages: 4428 (32 new packages added this week).
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track
bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity
on the site has resulted in:
- 343 new bugs this week
- 346 bugs closed or resolved this week
- 7 previously closed bugs were reopened this week.
- 2669 total bugs currently marked 'new'
- 339 total bugs currently assigned to developers
There are currently 3056 bugs open in Bugzilla. Of these: 44 are labeled 'blocker', 111 are labeled 'critical',
and 242 are labeled 'major'.
Closed Bug Rankings
The developers and teams who have closed the most bugs this week are:
New Bug Rankings
The developers and teams who have been assigned the most new bugs this week are:
Tips and Tricks
Blocking Spam with bogofilter
While we've already had one tip on blocking spam with SpamAssassin, this
week we look at another way to block spam using bogofilter (available in
portage), crontab and Evolution. This example uses MH style mailboxes but
could be extended to other types as well.
This week's tip was submitted by
You will need bogofilter and a mail client that reads MH style mailboxes
such as mutt or Evolution.
Code Listing 8.1: Installing bogofilter
# emerge bogofilter
Create a folder called SPAM and mark it as MH format. Additionally, mark
Inbox as MH format.
Add a filter for incoming mail that pipes to a shell command. The shell
command should be /usr/bin/bogofilter. Set the return condition to
0 and set the action as "Move to Folder SPAM". Add another action to this
filter called "Stop Processing".
Create another filter than runs after the first one. This filter should
have two criteria. The first is that Size should be greater than 0. The
second is another external pipe; this time to /usr/bin/bogofilter -Sn
(notice the -Sn). The -Sn option tells bogofilter to register the text as
non-spam and to undo any prior registrations of the message as spam.
The last step is to set up a crontab to evaluate spam messages. Add the
following to your crontab with crontab -e.
Code Listing 8.2: crontab
0 0 * * * cd ~/evolution/local/SPAM/mbox/ ; for i in *; do if [ ! "$i" = "*" ] ; \
then /usr/bin/bogofilter -Ns < $i ; rm $i ; fi ; done
5 0 * * * cd ~/evolution/local/Inbox/mbox/; for i in *; do if [ ! "$i" = "*" ] ; \
then /usr/bin/bogofilter -Sn < $i ; fi ; done
Quote/Signature of the week
Old but still good: "There are 10 types of people in the world; those who understand binary, and those who don't". (Signature of forums user ssjf)
Moves, Adds and Changes
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project.
Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to firstname.lastname@example.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to email@example.com from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: