Gentoo Logo

Gentoo Weekly Newsletter: September 20, 2004

Content:

1.  Gentoo News

First Official Gentoo User Survey

The Gentoo User Survey has been released. This survey is meant to get some feedback from Gentoo Linux users and give us a feel on how Gentoo is being used and what we can do to improve. The survey should take around ten minutes to complete and will be available through the rest of September. Upon registering for the survey at our new Survey site an activation code will be sent to your email address.

Forum Platform Embellishments

As reported three weeks ago, the forums have been moved to new hardware lately. However, many users were still experiencing sluggish behaviour. Now the Forum administrators have looked a little closer into this and started to analyse the problem. They decided not to prune forums because they don't wanted to lose any information that could be of any help to the users. Analysis of the database showed that some tables had become very choppy and filled with search terms hardly anyone would ever use for a search, or the terms, if used at all, wouldn't produce usable results. Robert Coie created a list containing the top 256 words used in posts and broke it down to only a handful of useful search terms. On Wednesday last week, 15 September, he dropped all useless words from the wordmatch tables and registered them in the stopword list so that in future these words will stay ignored. Rac thus reduced search index volume by about 20 percent, and the forums became much snappier immediately.

Benefitting from the few hours that the Forums were read-only on that same day, fellow admin Christian Hartmann applied some patches to the phpBB sources that reduce the hits on the database server by caching and prestoring those tables almost every page relies on. The patches make the Forum software query the database server about 50,000 times less per hour. The search for more opportunities to tweak performance is still on, with the aim of pushing the Forum's responsiveness even beyond the level of three years ago when there was only a handful of users.

2.  Gentoo Security

Samba: Denial of Service vulnerabilities

Two Denial of Service vulnerabilities have been found and fixed in Samba.

For more information, please see the GLSA Announcement

SUS: Local root vulnerability

SUS contains a string format bug that could lead to local privilege escalation.

For more information, please see the GLSA Announcement

cdrtools: Local root vulnerability in cdrecord if set SUID root

cdrecord, if manually set SUID root, is vulnerable to a local root exploit allowing users to escalate privileges.

For more information, please see the GLSA Announcement

Heimdal: ftpd root escalation

Several bugs exist in the Heimdal ftp daemon which could allow a remote attacker to gain root privileges.

For more information, please see the GLSA Announcement

mpg123: Buffer overflow vulnerability

mpg123 decoding routines contain a buffer overflow bug that might lead to arbitrary code execution.

For more information, please see the GLSA Announcement

Apache 2, mod_dav: Multiple vulnerabilities

Several vulnerabilities have been found in Apache 2 and mod_dav for Apache 1.3 which could allow a remote attacker to cause a Denial of Service or a local user to get escalated privileges.

For more information, please see the GLSA Announcement

phpGroupWare: XSS vulnerability in wiki module

The phpGroupWare software contains a cross site scripting vulnerability in the wiki module.

For more information, please see the GLSA Announcement

SnipSnap: HTTP response splitting

SnipSnap is vulnerable to HTTP response splitting attacks such as web cache poisoning, cross-user defacement, and cross-site scripting.

For more information, please see the GLSA Announcement

3.  Featured Developer of the Week

NN - Your Name Here?

No featured developer this week. If you're a Gentoo developer and you would like to see your portrait here, please contact the GWN team.

4.  Heard in the Community

gentoo-user

Comparing Gentoo with Debian

Just about everyone in the Linux community has heard of Debian Linux. It has been a cornerstone in the Linux distribution world. This week, a rather diverse thread developed from the question of what advantages Gentoo has over Debian. In the end it really all comes down to personal choice; and whatever distribution is right for the job.

gentoo-dev

GCC 3.4 goes ~x86

After much discussion, GCC 3.4.0 is considered stable enough to be used in ~x86. A few apps like OpenOffice and Sun Java2 SDK still break since GCC 3.4 has stricter syntax checking. It still has some SSE2 bugs, too, most noticeable in xorg / xfree, and some 64bit bugs, resulting in some package up/down/cross-grading.

Portage 2.0.51 becoming stable

The .51 series of portage has reached _pre23 and is now considered almost stable enough for most uses. Among the many changes are performance enhancements (faster dependency calculation), some cool new features (rebuilding of packages when USE flags have changed, GPG signature verification) and FHS compliance have been introduced.

experimental ConfCache patch

Stuart Herbert writes: "GNU autoconf is a bottleneck for compiling packages - especially on multi-processor boxes. It supports the idea of a cache, but provides no tools for maintaining the cache at all. I've put together an experimental patch for Portage 2.0.50-r10, which maintains a cache for configure to reuse."

Portage prelink patch?

Every now and then requests for direct portage support for prelink are heard. As it seems, this functionality is mostly included, but still not completely supported. The best course of action now seems to be running prelink manually after large updates.

5.  Gentoo International

Germany: International Gentoo PPC Developer Meeting 30 September

Kransberg Castle is going to be the venue for an impromptu GentooPPC developer meeting scheduled for the 30th of this month. Hosted by GWN editor Ulrich Plate, at least five Gentoo PPC developers including Damien Krotkine (France), David Holm (Sweden), Luca Barbato (Italy), Lars Weiler (Germany) and Bryon Roche (USA) will have dinner, drinks and talks all evening, starting around 19:00. Benjamin Judas of Gentoo Release Enginering will make a special appearance, too. The event marks the closing day of the Freescale Smart Networks Developer Conference in near-by Frankfurt, and it's open for people with an interest in Gentoo PPC, active developers and users alike. If you happen to be in the area and would like to attend the meeting, register with Ulrich Plate, especially if you need accomodation.

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 12 September 2004 and 18 September 2004,activity on the site has resulted in:

  • 729 new bugs during this period
  • 289 bugs closed or resolved during this period
  • 25 previously closed bugs were reopened this period

Of the 7369 currently open bugs: 140 are labeled 'blocker', 216 are labeled 'critical', and 589 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  Tips and Tricks

Using Unison to Synchronize Two Directories

A very common question often asked in the Forums and on IRC is how to synchronize directories and files on a host or between different hosts. Unison is a robust user-level file-synchronization tool that works cross-platform available under the GNU Public License.

Unison offers a textural interface an an interface based on Gtk. If you want to use the Gtk interface make sure to compile unison with gtk useflag enabled.

Code Listing 7.1: Install unison

# emerge unison

To get in touch with the usage of unison we’ll create two directories, create some files and sync them with the help of unison.

Code Listing 7.2: Creating some test files and directories

# mkdir testdir1
# touch testdir1/foo testdir1/bar
# mkdir testdir1/null
# touch testdir1/null/foobar
# mkdir testdir2

Now we want to synchronize testdir1 and testdir2 so that these directorys will contain the same files after unison finishes.

Code Listing 7.3: Running unison for the first time

We will use the textclient in this example:
# unison -ui text testdir1 testdir2
[...]
testdir1       testdir2
file     ---->            bar  [f]
file     ---->            foo  [f]
dir      ---->            null  [f]
[...]
#

The output of unison tells us that it successfully copied 2 files (bar and foo) and 1 directory from testdir1 to testdir2.

For tutorials and more information about the usage of unison check the Unison - User Manual and Reference.

8.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN Feedback

Please send us your feedback and help make the GWN better.

11.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 20 September 2004

Summary: This is the Gentoo Weekly Newsletter for the week of 20 September 2004.

Ulrich Plate
Editor

Brian Downey
Author

Christian Hartmann
Author

Patrick Lauer
Author

Emmet Wagle
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.