Gentoo Logo

Gentoo Weekly Newsletter: September 22, 2003

Content:

1.  Gentoo News

Summary

Gentoo 1.4 maintenance release 1 for x86

New 20030911 builds of Gentoo 1.4 are now available on mirrors and at the Gentoo Store so this may be a good time to reburn your CDs or to order some copies of the LiveCDs. This maintenance build has the same functionality as the 1.4 release but fixes many bugs. Also, if you installed Gentoo with the 1.4 release there's no need to worry because the releases are only relevant for the LiveCDs and GRPs; run emerge rsync; emerge -u world and your Gentoo system will be as up-to-date as anyone else's.

Experimental IA-64 stage1 available

The IA-64 port can now be fully built from stage1, and an experimental IA-64 stage1 tarball is now available under experimental/ia64. There's no LiveCD, but users are encouraged to try building a system, see how it works, and submit bugs to Bugzilla.

2.  Gentoo Security

Summary

GLSA: mysql

Quote from advisory:

"Anyone with global administrative privileges on a MySQL server may execute arbitrary code even on a host he isn't supposed to have a shell on, with the privileges of the system account running the MySQL server."

  • Severity: High - execute arbitrary code.
  • Packages Affected: <mysql-3.23.57-r1 <mysql-4.0.13-r4 >=mysql-4.0.14-r2(masked)
  • Rectification: emerge sync; emerge dev-db/mysql/<mysql version>; emerge clean
  • GLSA Announcement

GLSA: exim

"There's a heap overflow in all versions of exim3 and exim4 prior to version 4.21. It can be exercised by anyone who can make an SMTP connection to the exim daemon."

  • Severity: Low - heap overflow
  • Packages Affected: <exim-4.21
  • Rectification: Synchronize and emerge exim, emerge clean.
  • GLSA Announcement

GLSA: pine

"A remotely exploitable buffer overflow exists within the parsing of the message/external-body type attribute name/value pairs. Failure to check that the length of the longest attribute is less than the space available allows a maliciously formed e-mail message to overwrite control structures."

  • Severity: High - Remotely exploitable buffer overflow
  • Packages Affected: <pine-4.58
  • Rectification: Synchronize and emerge pine, emerge clean.
  • GLSA Announcement

GLSA: openssh

"All versions of OpenSSH's sshd prior to 3.7.1_p1 contain a buffer management error. It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively."

GLSA: sendmail

"Fix a buffer overflow in address parsing. Problem detected by Michal Zalewski, patch from Todd C. Miller of Courtesan Consulting."

Fix a potential buffer overflow in ruleset parsing. This problem is not exploitable in the default sendmail configuration; only if non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients rulesets are used then a problem may occur. Problem noted by Timo Sirainen."

  • Severity: High - Buffer Overflow
  • Packages Affected: <sendmail-8.2.10
  • Rectification: Synchronize and emerge sendmail, emerge clean.
  • GLSA Announcement

New Security Bug Reports

There were no new security bugs opened this week.

3.  Featured Developer of the Week

Brian Jackson


Figure 3.1: Brian Jackson

Fig. 1: Brian Jackson

We are pleased to present Brian Jackson, who has gone by the handle iggy for the better part of a decade. Brian maintains the courier MTA package, as well as working on the gentoo-cluster project and assisting with patch maintenance for the kernel team. He modestly describes his duties as "mostly bug-fixing" and kernel "patch monkey", and keeps an eye peeled for prospective new developers while participating in the recently-inaugurated Gentoo Bugdays.

Brian lives in Montgomery, Texas, just outside Houston. His home enjoys a surfeit of mammals: three cats, 300 lbs of Great Dane (in two discrete packages) and a wife share the space. He also seems to have an infestation of computers, with an Athlon XP 2600 (2 GB, NForce2) main workstation, Athlon XP 1800 (1 Gb, Radeon) media server, P2 450 file server, two Epia boxen for cluster testing and a pair of test servers. Given the situation, his lament that he has "poor air conditioning" seems particularly poignant.

He is a professional network administrator and programmer who has unfortunately recently been numbered among the victims of IT startup failures - a situation unlikely to continue for long. He currently works from a home office decorated with a lava lamp and a sumo penguin. Brian attended the US Navy's Nuclear Power School, and enjoys working with sport compact cars when not working on his computers. When he finds time, he is a skilled cook. He also spends a lot of time with his pets, and generally starts his day by letting the dogs out before retiring to his office and computers.

Brian first began using Linux in the mid-1990's, trying out Red Hat and SuSE before a friend firmly admonished him to start using Slackware. He first heard about Gentoo on a Linux news-site about a year ago, and migrated to it once he had confirmed that lilo was available as a bootloader. Brian is a KDE user, generally having KMail and a number of Konsoles open at any given time. One of the Konsoles is invariably connected to a screen'd IRSSI client running on one of his servers. In addition, he uses Kate for editing, courier for his MTA, and is fond of the djbdns DNS server. When asked to provide a favorite quote, Brian cited Edmond Burke: "All that is necessary for the triumph of evil is that good men do nothing."

4.  Heard in the Community

Web Forums

Life on the Bleeding Edge

Accepting the ~x86 keyword is usually not near as unstable as people might think. Nonetheless: on occasion, very nasty things are known to happen. They may not be that big a deal if you're a developer and used to your system breaking apart every now and then, but ~x86 is being followed by newbyish to intermediate Gentooists, too. They like to stick to it to get the latest and greatest software across all genres, even if they know they could be in for a bumpy ride. Nothing wrong with that as long as you manage to stay in the saddle, but on occasion the horse turns its head and delivers some very painful bites...

KDE 3.1.4 and 3.2 Alpha

The forums have been teeming with threads about KDE last week, with the appearance of both KDE 3.1.4 (including a brief episode of chicken-and-egg blocking of Qt 3.2.1 ebuilds), and - more importantly - the first alpha version of the next major minor release bump scheduled for early December: KDE 3.2. The ebuilds for the latter are still masked, but Gentoo KDE lead caleb who started both forum threads encourages people to test the new version...

gentoo-dev

Where we come from.

Ever wondered where Gentoo came from? The tales of its journeys? The frivolous fantasies that have followed its growth? Well have a look here! After a post to gentoo-dev on what gentoo hopes to achieve, this short history was posted.

5.  Gentoo International

Germany: Regional Gentoo Meetings

Separated by only 24 hours and 98,5 kilometres, two regional German Gentooist gatherings are going to take place in October. The Ruhrgebiet - a sprawl of dozens of loosely connected cities with a total of 5,5 million inhabitants - Gentoo faction elected a quite appropriately oversized steel and glass complex located in Oberhausen, the Centro, as their venue on 8 October, 19:00 hours. Meanwhile, the Bonn bunch has (tentatively) decided to meet on 9 October in a classic grassroots community location, the Netzladen, just one day later, on 9 October. Details for both meetings are being swapped via forum threads, click here for Oberhausen or here for Bonn. Busy week for people who'd also like to attend the Practical Linux day in Gießen two days later - and another 155,6 kilometres west...

6.  Portage Watch

Portage Watch is on hiatus this week.

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 12 September 2003 and 18 September 2003, activity on the site has resulted in:

  • 539 new bugs during this period
  • 281 bugs closed or resolved during this period
  • 4 previously closed bugs were reopened this period

Of the 3942 currently open bugs: 90 are labeled 'blocker', 198 are labeled 'critical', and 295 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  Tips and Tricks

An introduction to info

This week's tip introduces the info command. Just about everyone has used the man command to look up information on a command, but the info command is less well known. However, it's actually the preferred documentation method of many programmers. So if man doesn't have what you're looking for, try using info instead.

info uses the concept of nodes for information. Each page of information on a topic is a node and you can navigate between nodes using n to move forward and p to move backwards. To get started with info, just type info at the command prompt. There's an easy to follow tutorial you can view by typing h or, for just a list of available commands, type ?.

If you're looking for documentation on a specific command, you can use info command (e.g. info tar). If you're not quite sure what the command name is, but want to search, add the --apropos=STRING option. For example, if you're looking for documentation on mysqld, you could use info --apropos=mysqld. This displays a list of nodes with information on mysqld.

This is just an introduction to info, but hopefully it will help you get to know your system a little better. Remember, to get started with the primer, use info and the press h.

9.  Moves, Adds and Changes

Moves

The following developers recently left the Gentoo team:

  • none this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Wolfram Schlich (wschlich) -- virus scanning
  • Hallgrimur H. Gunnarsson (hhg) -- daemontools
  • Marius Mauch (genone) -- portage
  • Douglas Russell (puggy) -- repoman
  • Markus Nigbur (pYrania) -- portage, general bugfixing
  • Ian Leitch (port001) -- general bugfixing

Changes

The following developers recently changed roles within the Gentoo Linux project.

  • none this week

10.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

11.  GWN Feedback

Please send us your feedback and help make the GWN better.

12.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

13.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 22 September 2003

Summary: This is the Gentoo Weekly Newsletter for the week of September 22nd, 2003.

Yuji Carlos Kosugi
Editor

AJ Armstrong
Contributor

Brian Downey
Contributor

Cal Evans
Contributor

Chris Gavin
Contributor

Luke Giuliani
Contributor

Shawn Jonnet
Contributor

Michael Kohl
Contributor

Kurt Lieber
Contributor

Rafael Cordones Marcos
Contributor

David Narayan
Contributor

Gerald J Normandin Jr.
Contributor

Ulrich Plate
Contributor

Mathy Vanvoorden
Dutch Translation

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Thomas Raschbacher
German Translation

Klaus-J. Wolf
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Christian Apolloni
Italian Translation

Stefano Lucidi
Italian Translation

Yoshiaki Hagihara
Japanese Translation

Katsuyuki Konno
Japanese Translation

Yuji Carlos Kosugi
Japanese Translation

Yasunori Fukudome
Japanese Translation

Takashi Ota
Japanese Translation

Radoslaw Janeczko
Polish Translation

Lukasz Strzygowski
Polish Translation

Michal Drobek
Polish Translation

Adam Lyjak
Polish Translation

Krzysztof Klimonda
Polish Translation

Atila "Jedi" Bohlke Vasconcelos
Portuguese (Brazil) Translation

Eduardo Belloti
Portuguese (Brazil) Translation

João Rafael Moraes Nicola
Portuguese (Brazil) Translation

Marcelo Gonçalves de Azambuja
Portuguese (Brazil) Translation

Otavio Rodolfo Piske
Portuguese (Brazil) Translation

Pablo N. Hess -- NatuNobilis
Portuguese (Brazil) Translation

Pedro de Medeiros
Portuguese (Brazil) Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

José Costa
Portuguese (Portugal) Translation

Luis Medina
Portuguese (Portugal) Translation

Ricardo Loureiro
Portuguese (Portugal) Translation

Sergey Galkin
Russian Translator

Sergey Kuleshov
Russian Translator

Alex Spirin
Russian Translator

Dmitry Suzdalev
Russian Translator

Anton Vorovatov
Russian Translator

Denis Zaletov
Russian Translator

Lanark
Spanish Translation

Fernando J. Pereda
Spanish Translation

Lluis Peinado Cifuentes
Spanish Translation

Zephryn Xirdal T
Spanish Translation

Guillermo Juarez
Spanish Translation

Jesús García Crespo
Spanish Translation

Carlos Castillo
Spanish Translation

Julio Castillo
Spanish Translation

Sergio Gómez
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.