Gentoo Logo

Gentoo Weekly Newsletter: July 12, 2004

Content:

1.  Gentoo News

Portage update.

Portage 2.0.51 continues to be in internal testing. Now in version 2.0.51_pre13 and masked, it's nearing readiness for ~arch. We'd like to cover some changes to Portage that users will notice if they pick up the currently masked 2.0.51_pre13, or a later ~arch masked or stable version. First of all, due to changes in the Portage cache, users will notice corruption messages when performing rsync updates, which will go away when the cache is altered in a few weeks. At this point however, versions of Portage prior to 2.0.50-r7 will start having problems because they won't be able to handle the new cache. As always, users are recommended to read the messages from emerge rsync and update Portage whenever a new stable version is available.

Also, in the new version /var/cache/edb/virtuals is going to become obsolete: Portage will calculate the virtuals based on packages installed in the database. Once users upgrade to 2.0.51 the file will be obsolete and there will be no need to save it. Also, /var/cache/edb/world will be moving to the FHS-compliant state directory, /var/lib/portage.

For more information, read Nicholas Jones's announcement on gentoo-dev.

2.  Gentoo Security

XFree86, X.org: XDM ignores requestPort setting

XDM will open TCP sockets for its chooser, even if the DisplayManager.requestPort setting is set to 0. This may allow authorized users to access a machine remotely via X, even if the administrator has configured XDM to refuse such connections.

For more information, please see the GLSA Announcement

libpng: Buffer overflow on row buffers

libpng contains a buffer overflow vulnerability potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.

For more information, please see the GLSA Announcement

Shorewall : Insecure temp file handling

Shorewall contains a bug in the code handling the creation of temporary files and directories. This can allow a non-root user to overwrite arbitrary system files.

For more information, please see the GLSA Announcement

Ethereal: Multiple security problems

Multiple vulnerabilities including one buffer overflow exist in Ethereal, which may allow an attacker to run arbitrary code or crash the program.

For more information, please see the GLSA Announcement

MoinMoin: Group ACL bypass

MoinMoin contains a bug allowing a user to bypass group ACLs (Access Control Lists).

For more information, please see the GLSA Announcement

3.  Featured Developer of the Week

Featured Developer is on hiatus this week.

4.  Heard in the Community

Web Forums

New nvidia Drivers With Support for 2.6 Kernel

Both the Kernel & Hardware and the Gamers & Players forums have threads about the new nvidia drivers that have been issued little over a week ago. The 4k stacksize problem with 2.6 kernels appears to have been solved, and the new drivers feature a configuration utility people seem to be quite pleased with:

gentoo-user

Useful Install Tips

Not to be left behind the forums, the some folks started their own Useful Install Tips thread on gentoo-user this week.

Migrating to 2.6

Still haven't made the switch? The Changing to 2.6 thread may be a good place to start!

5.  Gentoo International

Gentoo International is on hiatus this week.

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 03 July 2004 and 09 July 2004, activity on the site has resulted in:

  • 576 new bugs during this period
  • 356 bugs closed or resolved during this period
  • 26 previously closed bugs were reopened this period

Of the 6736 currently open bugs: 138 are labeled 'blocker', 179 are labeled 'critical', and 528 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  Tips and Tricks

Using 'make' for backups

Thanks to Lars Weiler for providing this week's tip.

Usualy make from sys-devel/make is known as a tool for compiling applications. But it could also be used to provide often used commands so that they can be accessed easily.

Quite everybody wants to do backups. This could be done by packing them with tar. For instance, we want to pack the ~/Mail folder and name the file with a date:

Code Listing 7.1: tar ~/Mail with date included

$ tar cvjf ~/Backups/Mail-`date +%F`.tar.bz2 ~/Mail
  

After that we copy that file (and possibly more) to another computer by using rsync and delete all the files in ~/Backups afterwards:

Code Listing 7.2: Copy backup-file to another computer with rsync

$ rsync -avute ssh ~/Backups/ user@othermachine:~/Backups/
% rm ~/Backups/*
  

And now comes the clue with make. After a week you already forgot the commands. Why not store them in a Makefile located in the home-directory, so that you only have to call make backup?

Inside the Makefile (beware of the uppercased 'M') we provide two targets for the commands, so that we can call them separately, e.g. if you only want to copy the files. The first target backup will only call the other targets in the given order:

Code Listing 7.3: Sample Makefile for backups

backup: compress \
	copy

compress:
	tar cvjf ~/Backups/Mail-`date +%F`.tar.bz2 ~/Mail

copy:
	rsync -avute ssh ~/Backups/ user@othermachine:~/Backups/
	rm ~/Backups/*
  

Now we can call make backup in the home directory and the ~/Mail-folder will be compressed and copied to the other computer. The restore-command-set will be your homework ;-)

Of course, there is a wide use for batched processes with Makefiles. Think about all the things you ever wanted to have scripted with easy usability. You can find more instructions in the info make pages.

8.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN Feedback

Please send us your feedback and help make the GWN better.

11.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 12 July 2004

Summary: This is the Gentoo Weekly Newsletter for the week of July 12th, 2004.

Yuji Carlos Kosugi
Editor

AJ Armstrong
Contributor

Brian Downey
Contributor

Kurt Lieber
Contributor

David Narayan
Contributor

Ulrich Plate
Contributor

Sven Vermeulen
Contributor

Simon Holm Thagersen
Danish Translation

Jesper Brodersen
Danish Translation

Arne Mejlholm
Danish Translation

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Xavier Neys
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Thomas Raschbacher
German Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Lukas Domagala
German Translation

Tobias Scherbaum
German Translation

Daniel Gerholdt
German Translation

Marc Herren
German Translation

Tobias Matzat
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Stefano Lucidi
Italian Translation

Katuyuki Konno
Japanese Translation

Hiroyuki Takeda
Japanese Translation

Masato Hatakeyama
Japanese Translation

Shigehiro Idani
Japanese Translation

Masayoshi Nakamura
Japanese Translation

Tomoyuki Sakurai
Japanese Translation

Lukasz Strzygowski
Polish Translation

Karol Goralski
Polish Translation

Atila "Jedi" Bohlke Vasconcelos
Portuguese (Brazil) Translation

Eduardo Belloti
Portuguese (Brazil) Translation

João Rafael Moraes Nicola
Portuguese (Brazil) Translation

Marcelo Gonçalves de Azambuja
Portuguese (Brazil) Translation

Otavio Rodolfo Piske
Portuguese (Brazil) Translation

Pablo N. Hess -- NatuNobilis
Portuguese (Brazil) Translation

Pedro de Medeiros
Portuguese (Brazil) Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

José Costa
Portuguese (Portugal) Translation

Luis Medina
Portuguese (Portugal) Translation

Ricardo Loureiro
Portuguese (Portugal) Translation

Aleksandr Martyncev
Russian Translator

Sergey Galkin
Russian Translator

Sergey Kuleshov
Russian Translator

Alex Spirin
Russian Translator

Denis Zaletov
Russian Translator

Guillermo Juarez
Spanish Translation

Fernando J. Pereda
Spanish Translation

Juan Diego Gutiérrez Gallardo
Spanish Translation

Nicolas Silva
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.