Gentoo Logo

Gentoo Weekly Newsletter: August 16, 2004

Content:

1.  Gentoo News

Various Infrastructure Upgrades for Gentoo

The Gentoo infrastructure received some good news this week with the donation of two new servers. One server, a dual Xeon with 2GB of RAM, will be used to augment capacity in the main rsync.gentoo.org rotation. The other server, a quad Xeon with 1GB of RAM, will be used as a master bittorrent server. Gentoo Linux would like to thank Melior, Inc. for providing these servers to the Gentoo Linux project.

Additionally, Gentoo Linux recently received a donation from EMC for a license of VMWare GSX Server, which will be used to assist in development efforts of our various internal projects.

Finally, a new, custom list archiving solution is now in closed beta and will be released to the public soon. This archive solution will allow public, read-only access of all our mailing lists, including the gentoo-trustees mailing list. We expect to have this solution publicly available within two weeks.

2.  Projects Update

Documentation

The Documentation Team have recently completed a work cycle to review a large number of the "bugs" reported for documentation, and have implemented a large number of minor corrections to wording or content in the documents. They also have a new Status Update that describes a number of major revisions, including: a new Quick HOWTO on su with X, extensions to the Gentoo Installation Tips 'n Tricks, major edits to the Gentoo Security Guide and several updates to the Gentoo Handbook.

Infrastructure

The Infrastructure team are currently working on moving the Forums server to faster hardware - this upgrade will consist of moving the Apache server (currently a a dual PIII 1GHz/1GB) and database server (dual Xeon 2.4 GHz/2GB) to new platforms: a dual 2.4GHz/1GB and a 3.0GHz/4GB, respectively. This should substantially improve Forums performance, especially during peak loading.

Security

Gentoo is currently working towards inclusion on the vendor-sec mailing list, a limited-access mailing list that includes many major Linux vendors. Membership on the list would permit early access to security alerts and related discussions, prior to general release of the issue.

3.  Gentoo Security

SpamAssassin: Denial of Service vulnerability

SpamAssassin is vulnerable to a Denial of Service attack when handling certain malformed messages.

For more information, please see the GLSA Announcement

Horde-IMP: Input validation vulnerability for Internet Explorer users

An input validation vulnerability has been discovered in Horde-IMP. This only affects users of Internet Explorer.

For more information, please see the GLSA Announcement

Cfengine: RSA Authentication Heap Corruption

Cfengine is vulnerable to a remote root exploit from clients in AllowConnectionsFrom.

For more information, please see the GLSA Announcement

Roundup: Filesystem access vulnerability

Roundup will make files owned by the user that it's running as accessable to a remote attacker.

For more information, please see the GLSA Announcement

gv: Exploitable Buffer Overflow

gv contains an exploitable buffer overflow that allows an attacker to execute arbitrary code.

For more information, please see the GLSA Announcement

Nessus: "adduser" race condition vulnerability

Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.

For more information, please see the GLSA Announcement

Gaim: MSN protocol parsing function buffer overflow

Gaim contains a remotely exploitable buffer overflow vulnerability in the MSN-protocol parsing code that may allow remote execution of arbitrary code.

For more information, please see the GLSA Announcement

kdebase, kdelibs: Multiple security issues

KDE contains three security issues that can allow an attacker to compromise system accounts, cause a Denial of Service, or spoof websites via frame injection.

For more information, please see the GLSA Announcement

acroread: UUDecode filename buffer overflow

acroread contains two errors in the handling of UUEncoded filenames that may lead to execution of arbitrary code or programs.

For more information, please see the GLSA Announcement

Tomcat: Insecure installation

Improper file ownership may allow a member of the tomcat group to execute scripts as root.

For more information, please see the GLSA Announcement

glibc: Information leak with LD_DEBUG

glibc contains an information leak vulnerability allowing the debugging of SUID binaries.

For more information, please see the GLSA Announcement

4.  Featured Developer of the Week

Benjamin Judas


Figure 4.1: Benjamin Judas

Fig. 1: Benjamin Judas

This week, we feature Benjamin Judas(beejay), the Gentoo Release Co-ordinator for the x86 architecture. This responsibility involves managing and developing the x86 release media, including the stage tarballs, Live-CDs and GRP installation sets, as well as working with the documentation team to ensure that the install documentation is current. For the recent 2004.2 release, Chris Gianneloni managed the creation of the LiveCD images, allowing Benjamin to focus on the other aspects of the release. This new division of labour, including the sharing of release engineering responsibilities, is likely to be maintained for future releases. However, Benjamin retains primary responsibility for managing and scheduling release points for the x86 platform.

Although Benjamin had been reading about Linux since 1994, it wasn't until 1998 that he took the opportunity to install and use it. His initial introduction was somewhat prosaic: he was "walking through Friedberg (a small town nearby) trying to find some new shoes." He then recounts that "since I didn't find any good looking shoes, I went into a computer store to spend my money there instead." The result was a spanking new set of SuSE-Linux 5.3 Mini-Edition install media. "Hey, 30 bucks...you can't do anything wrong with that price for 6 CDs." He then tells us that it took him 6 months to have the OS working properly and the remainder of a year to strengthen that knowledge. A few years later, an article by Thomas Raschbacher in a German Linux magazine lead him to Gentoo. On August 18th, 2002 (he recalls the date because he ran his first emerge system while at a friends birthday party), Benjamin downloaded and installed the new distro and never looked back.

Benjamin's first contribution to Gentoo took the form of an apache-based online help system, which he asked Alexander Holler, who managed www.gentoo.de, to post for him. Alexander gave him rights on the server and encouraged him to contribute, so Benjamin continued by assisting with translating materials for the German website. By the Fall of 2003, Benjamin had begun using his nascent python skills to hack portage with an interest to developing a Web-based portage front-end. While working on his first task, a package search engine, he was approached by Seemant Kulleen and asked if he would work on Gentoo in a more formal capacity. Benjamin started out as a QA assistant for x86 releases, testing the Live CDs, stages and packages. When Seemant gave up his role co-ordinating the releases, the responsibilities were picked up by Benjamin. In addition to his work on www.gentoo.de and the Release Engineering Team, Benjamin was co-founder of the German Gentoo-NFP (Not-For-Profit) Organization, Friends of Gentoo e.V.. This group represents a formal organization to collect and manage contributions, financial and otherwise, toward fostering and protecting Gentoo development in Germany.

Benjamin works on a collection of four computers that reside around his home desk: an Athlon-Thunderbird 1300 and an IBM Thinkpad R40 are his main working platforms. These are supported by a Sun Ultra 5 which provides DNS, SMTP and IMAP services and an SGI Indy "which doesn't have a particular task - It just sits there and tries to look good." He has recently fallen in love with the zsh shell, and uses vim and catalyst while developing. Evolution, rxvt-unicde, tvtime and Mozilla round out the list of his most-used applications - excepting the occasional round of UT2k3, Simcity 3000 and Heavy Metal F.A.K.K.2.

In real life, Benjamin works at the University Medical Centre of Justus-Liebig-University Giessen, providing desktop application support. He has a formal qualification as an Assistant for Information Technologies - roughly equivalent to a practical diploma in Computer Science. He describes himself as a "typical couch potato". He enjoys watching television and movies - with a penchant for Science Fiction and Horror, with the occasional helping of televised Car Racing. He is an avid reader, and is currently negotiating China Melville's "Perdido Street Station", which he recommends. Benjamin lives in Muecke-Merlau, a small village about 80 Km from Frankfurt, in the Vogelsberg region of Germany - situated on an ancient dormant volcano. He asked for the opportunity to thank Seemant, Daniel, John and Jeff: "Thanks for trusting me and believing in me, helping me and providing constructive Critics!" He also had a message for the Gentoo devs collectively known as "The German Conspiracy": "Thanks for all the hard work to make Gentoo look good in Germany!". And finally, for the rest of us: "Gentoo is like a Goodyear-tire: if it doesn't run straight anymore, you refresh the profile and it will work again."

5.  Heard in the Community

gentoo-user

Always Working as Root

Many hardend Linux and Unix people know that consistently logging in as root isn't a good idea. However many newcomers from the Windows world are not really sure why this is not a good idea. On Windows, most people log in with administrative privileges more often than not. So why should it be any different on Linux? A Linux newcomer asked this question on gentoo-user and got some great reasons, and suggestions for simplifying his transition to a Unix way of life.

6.  Gentoo International

Gentoo International is on hiatus this week.

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 07 August 2004 and 13 August 2004, activity on the site has resulted in:

  • 526 new bugs during this period
  • 416 bugs closed or resolved during this period
  • 30 previously closed bugs were reopened this period

Of the 7002 currently open bugs: 143 are labeled 'blocker', 198 are labeled 'critical', and 557 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  Tips and Tricks

Tips and Tricks is looking for a new owner. If you're interested in taking over this section of the GWN, please email gwn-feedback@gentoo.org.

9.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

10.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

11.  GWN Feedback

Please send us your feedback and help make the GWN better.

12.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

13.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 16 August 2004

Summary: This is the Gentoo Weekly Newsletter for the week of August 16th, 2004.

Yuji Carlos Kosugi
Editor

AJ Armstrong
Contributor

Brian Downey
Contributor

Kurt Lieber
Contributor

Ulrich Plate
Contributor

Sven Vermeulen
Contributor

Simon Holm Thagersen
Danish Translation

Jesper Brodersen
Danish Translation

Arne Mejlholm
Danish Translation

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Xavier Neys
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Thomas Raschbacher
German Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Lukas Domagala
German Translation

Tobias Scherbaum
German Translation

Daniel Gerholdt
German Translation

Marc Herren
German Translation

Tobias Matzat
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Stefano Lucidi
Italian Translation

Katuyuki Konno
Japanese Translation

Hiroyuki Takeda
Japanese Translation

Masato Hatakeyama
Japanese Translation

Shigehiro Idani
Japanese Translation

Masayoshi Nakamura
Japanese Translation

Tomoyuki Sakurai
Japanese Translation

Lukasz Strzygowski
Polish Translation

Karol Goralski
Polish Translation

Atila "Jedi" Bohlke Vasconcelos
Portuguese (Brazil) Translation

Eduardo Belloti
Portuguese (Brazil) Translation

João Rafael Moraes Nicola
Portuguese (Brazil) Translation

Marcelo Gonçalves de Azambuja
Portuguese (Brazil) Translation

Otavio Rodolfo Piske
Portuguese (Brazil) Translation

Pablo N. Hess -- NatuNobilis
Portuguese (Brazil) Translation

Pedro de Medeiros
Portuguese (Brazil) Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

José Costa
Portuguese (Portugal) Translation

Luis Medina
Portuguese (Portugal) Translation

Ricardo Loureiro
Portuguese (Portugal) Translation

Aleksandr Martyncev
Russian Translator

Sergey Galkin
Russian Translator

Sergey Kuleshov
Russian Translator

Alex Spirin
Russian Translator

Denis Zaletov
Russian Translator

Guillermo Juarez
Spanish Translation

Fernando J. Pereda
Spanish Translation

Juan Diego Gutiérrez Gallardo
Spanish Translation

Nicolas Silva
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.