Support for multiple MTAs with mailwrapper
Since 17 March 2004, Gentoo has slowly been gaining support for having multiple mail transfer agents (MTAs) installed simultaneously by using a version of mailwrapper that has been ported from {Free,Open,Net}BSD to Linux.
The problem is an old one. Because sendmail was the MTA of choice for so long, many mail clients just expect a /usr/sbin/sendmail program to exist on the system that does the "right thing" when invoked with the usual sendmail command flags. Consequently, every modern MTA installs either a /usr/sbin/sendmail binary or a symbolic link that points /usr/sbin/sendmail to the actual MTA binary. Installing more than one MTA then becomes rather difficult, since each MTA will want to install its own version of /usr/sbin/sendmail (and, in the process, clobbering any already-existing version of /usr/sbin/sendmail).
The solution to this problem that mailwrapper provides is to have /usr/sbin/sendmail be a binary that executes the true MTA binary by looking up the location of the desired MTA in an /etc/mailer.conf text file. For example, somebody who has both sendmail and postfix installed might have an /etc/mailer.conf file that contains:
Code Listing 1.1: Example /etc/mailer.conf |
# Postfix sendmail /usr/sbin/sendmail.postfix send-mail /usr/sbin/sendmail.postfix mailq /usr/sbin/sendmail.postfix newaliases /usr/sbin/sendmail.postfix # Sendmail #sendmail /usr/sbin/sendmail.sendmail #send-mail /usr/sbin/sendmail.sendmail #mailq /usr/sbin/sendmail.sendmail #newaliases /usr/sbin/sendmail.sendmail #hoststat /usr/sbin/sendmail.sendmail #purgestat /usr/sbin/sendmail.sendmail |
With this version of /etc/mailer.conf, any attempt to run /usr/sbin/sendmail would actually run /usr/sbin/sendmail.postfix. Switching from postfix to sendmail, on the other hand, whould require nothing more than commenting out the postfix lines and uncommenting the sendmail lines in /etc/mailer.conf.
Right now the latest unstable (~arch) versions of ssmtp, postfix, exim, and sendmail have been modified to take advantage of mailwrapper. Since each new MTA ebuild installs a default version of /etc/mailer.conf with the lines for that mailer uncommented, most users will be able to upgrade or install one of these mailwrapper-enabled MTA packages without ever having to worry about mailwrapper. For users who want to try out various MTAs, however, support for doing so rather painlessly is either available already, or it will be there soon.
Users who have installed or upgraded a recent unstable versions of ssmtp, postfix, exim, or sendmail might have noticed that net-mail/mailwrapper was pulled in as a dependency. The mailwrapper package has been ported to linux from {free,open,net}BSD and it provides a /usr/sbin/sendmail binary that checks /etc/mailer.conf to see which program should actually get executed when /usr/sbin/sendmail (or a symlink to /usr/sbin/sendmail) is called.
Apache 2.0.49 has been added to Portage, and marked stable; see below for a GLSA about some security holes in 2.0.48. Users upgrading from apache-2.0.48-r1 and earlier need to note that some files have been moved from /etc/apache2 to /usr/lib/apache2. Specifically, users will need to manually remove these directories once they have emerged apache-2.0.49:
Code Listing 1.2: Directories that need to be manually removed |
/etc/apache2/lib /etc/apache2/logs /etc/apache2/modules /etc/apache2/extramodules |
Gentoo Linux seeking a dedicated Apache maintainer
The Gentoo Linux Project is seeking a dedicated Apache maintainer. As this week's GLSA has shown, it's clear that there needs to be at least one Gentoo developer whose main responsibility is to look after the Apache ebuilds and the associated modules in the Portage tree. We're looking for a dedicated developer with a good knowledge of Apache and modules, as well as general development experience. If you're interested, send an email to Stuart Herbert with some background information.
Multiple security vulnerabilities in Apache 2
A memory leak in mod_ssl allows a remote denial of service attack against an SSL-enabled server via plain HTTP requests. Another flaw was found when arbitrary client-supplied strings can be written to the error log, allowing the exploit of certain terminal emulators. A third flaw exists with the mod_disk_cache module.
For more information, please see the GLSA Announcement
A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions) may cause UUDeview to crash or execute arbitrary code.
For more information, please see the GLSA Announcement
Multiple remote buffer overflow vulnerabilities in Courier
Remote buffer overflow vulnerabilites have been found in Courier-IMAP and Courier MTA. These exploits may allow the execution of abritrary code, allowing unauthorized access to a vulnerable system.
For more information, please see the GLSA Announcement
Multiple remote overflows and vulnerabilities in Ethereal
Mulitple overflows and vulnerabilities exist in Ethereal which may allow an attacker to crash the program or run arbitrary code.
For more information, please see the GLSA Announcement
A remotely-exploitable overflow exists in oftpd, allowing an attacker to crash the oftpd daemon.
For more information, please see the GLSA Announcement
Buffer overflow in Midnight Commander
A remotely-exploitable buffer overflow in Midnight Commander allows arbitrary code to be run on a user's computer
For more information, please see the GLSA Announcement
Saving space in /usr
It can be easy to underestimate how much space /usr/portage may take up, and occasionally moving /usr/portage can be a quick and painless solution!
Console Eye Candy
Check out some of the things some other Gentoo users have done with their shell prompts as well as a handy escape code color table in this thread!
Shell choices.
Although bash tends to be the overwhelming standard, perhaps there is some room for choice. Despite some bash dependancies in rc-scripts, there are ways around this.Here is a thread discussing the option of giving a little more choice in this area.
Secure Portage.
Something that we are all in great expectation is the securing of our favorite tree with gpg-signatures. However we will have to wait a little longer as some issues have come up that need to be resolved first. To check out what's going on in the process, have a look here. But watch out! It's a long one!
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 19 March 2004 and 25 March 2004, activity on the site has resulted in:
Of the 5446 currently open bugs: 129 are labeled 'blocker', 216 are labeled 'critical', and 447 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Timezone conversion using date
Many users may already use date to check the time from a console, but this week we're going to show you how it can be used to convert timezones. For example, most Gentoo announcements are timestamped in UTC. To convert a time to your timezone, use the following, which uses /etc/localtime to determine the target timezone:
Code Listing 5.1: Converting to the local timezone |
% date -d '17:00 UTC'
Sun Mar 28 12:00:00 EST 2004
|
If you want to convert to a different timezone, you can set the TZ enviornment variable to the appropriate timezone. There's a pitfall here: if GNU date doesn't find TZ in /usr/share/zoneinfo, it'll fall back to /etc/localtime without warning or error, so be careful. Here's an example of doing the reverse conversion from the previous example:
Code Listing 5.2: Converting to UTC |
% TZ=UTC date -d '12:00 EST'
Sun Mar 28 17:00:00 EST 2004 |
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
9. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: