Gentoo Logo

Gentoo Weekly Newsletter: September 27, 2004

Content:

1.  Gentoo News

Gentoo documentation revisited

The first thing many visitors to the Gentoo website will notice when opening the Gentoo Handbook or any other piece of documentation these days is a little "Print" link sitting on the top of the right column: Bowing to long-standing popular requests, Xavier Neys implemented a simple way of viewing a printer-friendly version of Gentoo documentation.

Other changes to the Handbook include info about Gentoo's SLOT handling for packages, an explanation of the reasons for package masking (and how to circumvent it, if need be) and a reinstatement of the manual GRUB installation guide requested by many users. Other documentation has been added last month, too: Dennis Niehüser contributed a very nice document on power management for laptops, with tips on setting up CPU frequency scaling, a walkthrough of display, disk, and battery power management features, and last but not least, a section on sleep states that answers questions many people are too polite to ask. For Gentoo users who want to set up their own Internet radio stations, Streaming Radio with SHOUTcast is an excellent new guide by Chris White that leads through each step of configuring the server and the network, together with loads of information on optimizing the service for different uses, get transcoding for locally stored MP3s to work and much more. Benny Chuang has corrected the language directories for documentation to reflect variants of languages (e.g. Chinese, Portuguese), and Steven McCoy has added a chapter on PAM authentication to the OpenAFS guide.

The Gentoo Documentation Project has put up a roadmap document, featuring all items on the agenda that need immediate fixing. If you want to help, get involved by subscribing to the documentation project mailing list.

New GWN section: Gentoo in the press

Starting this week, the GWN carries a new section referencing publications that have written about Gentoo. It is likely to have an irregular schedule, since we don't expect to find something to point you to each week, but will gladly accept any hints from our readers: If you happen to know of an article in a magazine, or even TV or radio coverage of Gentoo Linux, please tell us! The original language of the publication is unimportant. Just write a short description of the article's content and send it to gwn-feedback@gentoo.org, together with a link to the publisher's website, and possibly a scan of the article (if it isn't available online). Thanks a lot, and enjoy reading the first installment of Gentoo in the Press, just below our International News section.

2.  Gentoo security

Foomatic: Arbitrary command exec foomatic

The foomatic-rip filter in foomatic-filters contains a vulnerability which may allow arbitrary command execution on the print server.

For more information, please see the GLSA Announcement

CUPS: Denial of service vulnerability

A vulnerability in CUPS allows remote attackers to cause a denial of service when sending a carefully-crafted UDP packet to the IPP port.

For more information, please see the GLSA Announcement

Mozilla, Firefox, Thunderbird, Epiphany vulnerability fixes

New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

glFTPd: Local buffer overflow vulnerability

glFTPd is vulnerable to a local buffer overflow which may allow arbitrary code execution.

For more information, please see the GLSA Announcement

GTK+ 2, gdk-pixbuf: multiple vulnerabilities

The GdkPixbuf library, which is also included in GTK+ 2, contains several vulnerabilities that could lead to a Denial of Service or the execution of arbitrary code.

For more information, please see the GLSA Announcement

FreeRADIUS: Multiple Denial of Service vulnerabilities

Multiple Denial of Service vulnerabilities were found and fixed in FreeRADIUS.

For more information, please see the GLSA Announcement

xine-lib: Multiple vulnerabilities

xine-lib contains several vulnerabilities potentially allowing the execution of arbitrary code.

For more information, please see the GLSA Announcement

jabberd 1.x: Denial of Service vulnerability

The jabberd server was found to be vulnerable to a remote Denial of Service attack.

For more information, please see the GLSA Announcement

getmail: Filesystem overwrite vulnerability

getmail contains a vulnerability that could potentially allow any local user to create or overwrite files in any directory on the system. This flaw can be escalated further and possibly lead to a complete system compromise.

For more information, please see the GLSA Announcement

Apache: Exposure of protected directories

A bug in the way Apache handles the Satisfy directive can lead to the exposure of protected directories to unauthorized users.

For more information, please see the GLSA Announcement

3.  Heard in the community

Web forums

Portage 2.0.51_rc1 trials and tribulations

The new Portage version is rippling the surface of more than one forum these days. Check for new features, bugs, and bugs that really are features at one of the threads below:

gentoo-user

Alsa and the 2.6 Kernel

Upgrading to the 2.6 kernel series brings a lot of benefits. Better performance under load, a simplified compilation process, and ALSA sound drivers included in the kernel. List contributor Greg wondered if after upgrading the user-land ALSA headers and libraries were necessary. Check the thread to find out!

gentoo-dev

Xorg takes the place of xfree as default for the x11 virtual

Hardened toolchain reorganization

Solar had previously announced that the hardened toolchain might be dropped, but reconsidered when many developers and users gave very positive feedback. As it stands now, the Gentoo Hardened subproject does not have the manpower to do everything at once, so every bit of support, especially with bug hunting and fixing is wanted.

Stack-smash protection by default?

This long and controversial thread was started upon someone asking a rather innocent question: Shouldn't Gentoo offer stack-smash protection ("-fstack-protector" CFLAG) by default, since most vulnerabilities are still buffer overflows? Stack-smash protection can adversely affect performance, it offers protection against a class of exploits, enabling it may protect users, at little extra cost.

USE="acl" likely to be removed from profiles

All profiles and stage2 / stage3 set USE="acl", but most users will not need it, and some complications may happen during install. Therefore this flag has been removed from the 2004.3 x86 profile; most likely the other profiles will do the same.

Moving /usr/qt and /usr/kde for better FHS compliance?

The FHS (File Hierarchy Standard) defines default locations for most files in a linux system. Is the Gentoo strategy of using /usr/qt/x.y and /usr/kde/x.y to allow different KDE and QT versions to coexist a violation of the FHS?

4.  Gentoo International

Italy: Impressions from Linux World Expò - The Gechi LWE movie

The Gechi (Gentoo Channel Italia) activists have veni to the Linux World Expo (Milano edition), and have both vidi and vici... To provide a virtual experience of their introductory Gentoo presentation they've set up four movie versions of the speech given by Forum user .:deadhead:.. Kindly refrain from clicking any of the links listed below if your bandwidth doesn't allow for large downloads, or you don't have 54 minutes to watch their endeavours:

Germany: Gentoo PPC developer meeting update

Both Belgians on the Gentoo PPC team, Pieter van den Abeele (pvdabeel) and Jochen Maes (SeJo), have announced their presence at the GentooPPC developer meeting scheduled for Thursday this week, 30 September, bringing the number of participants to double digits (from almost as many different countries). You can still register for this event at Kransberg Castle (near Frankfurt am Main) with Ulrich Plate.

5.  Gentoo in the press

Linux Gazette: September 2004 (issue no. 106)

Mike Orr (aka Sluggo) wrote an article about Installing Gentoo - "still my favourite distro" - for this month's Linux Gazette. He describes the installation process of a desktop system on two different PCs, both dual-booting Windows, one Pentium III with 1 GHz and a brandnew 2.6 GHz Pentium4 with two monitors.

Linux+ 02/2004 (September 2004)

This month the Polish magazine Linux+ (also distributed in German and Czech versions) comes bundled with two DVDs, one of which has Gentoo Linux 2004.1 for x86 (stages 1 and 3 included) on it, with an updated Portage and an extra-check of software dependencies. The printed edition includes an article describing the installation from DVD, the official handbook and additional installation guides can always be found at the Gentoo website.

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 19 September 2004 and 25 September 2004, activity on the site has resulted in:

  • 680 new bugs during this period
  • 505 bugs closed or resolved during this period
  • 15 previously closed bugs were reopened this period

Of the 7133 currently open bugs: 135 are labeled 'blocker', 220 are labeled 'critical', and 562 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  Tips and tricks

Roaming network profiles for laptops with Quickswitch

Every Laptop user knows what I am talking about by saying that switching network profiles is a real problem and hard to keep track of when doing it manually. This is where Quickswitch comes in. Quickswitch is a utility that not only makes laptop users' everyday life easier by letting them create and use roaming network profiles, but it also has built-in support for multiple network cards, wireless LAN configurations, different kernel parameters, support for X configurations, Netscape preferences, Samba shares and so on and so forth.

Sounds good? Want to learn how to use it? Read on:

Code Listing 7.1: Installing Quickswitch

# emerge quickswitch

Now we need to tell quickswitch about all the network settings we want to be able to switch to. Quickswitch can be configured using it configuration file in /etc/quickswitch/switchto.conf. There is also a sample configuration in /etc/quickswitch/switchto.conf.sample.

Code Listing 7.2: Setting up the quickswitch configuration in /etc/quickswitch/switchto.conf

# This is the default configuration:
[config]
device=eth0
# Path to save last known good configuration...
servicefilename=/etc/quickswitch/switchto.last

# This is our profile called "home":
[home]
description=home
address=192.168.0.25
netmask=255.255.255.0
gateway=192.168.0.1
dns1=195.62.99.42
dns2=195.62.97.177

# This is our profile called "work":
[work]
description=work
address=10.16.3.114
netmask=255.255.255.0
gateway=10.16.3.249
dns1=195.62.99.42

We are finished with the configuration now. Let's test if it works.

Code Listing 7.3: Using switchto to switch to another profile

Switch to "work" profile:
# switchto work
Switch to "home" profile:
# switchto home

Use ifconfig and route to make sure that switchto correctly applied the settings the first time. Everythings ok? Well done!

Quickswitch offers two more ways of how to switch your profile.

  1. switcher is a simple curses based GUI to switch between your profiles.
  2. TraySwitcher is a more sophisticated Gnome tray applet.

To learn how Quickswitch easily lets you create profiles that also switch Samba, X configurations and even more. Take a look at the well documented /etc/quickswitch/switchto.conf.sample sample configuration file and visit the Quickswitch project homepage.

8.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 27 September 2004

Summary: This is the Gentoo Weekly Newsletter for the week of 27 September 2004.

Ulrich Plate
Editor

Brian Downey
Author

Christian Hartmann
Author

Patrick Lauer
Author

Emmet Wagle
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.