Gentoo Weekly Newsletter: September 27, 2004Gentoo documentation revisited The first thing many visitors to the Gentoo website will notice when opening the Gentoo Handbook or any other piece of documentation these days is a little "Print" link sitting on the top of the right column: Bowing to long-standing popular requests, Xavier Neys implemented a simple way of viewing a printer-friendly version of Gentoo documentation. Other changes to the Handbook include info about Gentoo's SLOT handling for packages, an explanation of the reasons for package masking (and how to circumvent it, if need be) and a reinstatement of the manual GRUB installation guide requested by many users. Other documentation has been added last month, too: Dennis Niehüser contributed a very nice document on power management for laptops, with tips on setting up CPU frequency scaling, a walkthrough of display, disk, and battery power management features, and last but not least, a section on sleep states that answers questions many people are too polite to ask. For Gentoo users who want to set up their own Internet radio stations, Streaming Radio with SHOUTcast is an excellent new guide by Chris White that leads through each step of configuring the server and the network, together with loads of information on optimizing the service for different uses, get transcoding for locally stored MP3s to work and much more. Benny Chuang has corrected the language directories for documentation to reflect variants of languages (e.g. Chinese, Portuguese), and Steven McCoy has added a chapter on PAM authentication to the OpenAFS guide. The Gentoo Documentation Project has put up a roadmap document, featuring all items on the agenda that need immediate fixing. If you want to help, get involved by subscribing to the documentation project mailing list. New GWN section: Gentoo in the press Starting this week, the GWN carries a new section referencing publications that have written about Gentoo. It is likely to have an irregular schedule, since we don't expect to find something to point you to each week, but will gladly accept any hints from our readers: If you happen to know of an article in a magazine, or even TV or radio coverage of Gentoo Linux, please tell us! The original language of the publication is unimportant. Just write a short description of the article's content and send it to gwn-feedback@gentoo.org, together with a link to the publisher's website, and possibly a scan of the article (if it isn't available online). Thanks a lot, and enjoy reading the first installment of Gentoo in the Press, just below our International News section. Foomatic: Arbitrary command exec foomatic The foomatic-rip filter in foomatic-filters contains a vulnerability which may allow arbitrary command execution on the print server. For more information, please see the GLSA Announcement CUPS: Denial of service vulnerability A vulnerability in CUPS allows remote attackers to cause a denial of service when sending a carefully-crafted UDP packet to the IPP port. For more information, please see the GLSA Announcement Mozilla, Firefox, Thunderbird, Epiphany vulnerability fixes New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including the remote execution of arbitrary code. For more information, please see the GLSA Announcement glFTPd: Local buffer overflow vulnerability glFTPd is vulnerable to a local buffer overflow which may allow arbitrary code execution. For more information, please see the GLSA Announcement GTK+ 2, gdk-pixbuf: multiple vulnerabilities The GdkPixbuf library, which is also included in GTK+ 2, contains several vulnerabilities that could lead to a Denial of Service or the execution of arbitrary code. For more information, please see the GLSA Announcement FreeRADIUS: Multiple Denial of Service vulnerabilities Multiple Denial of Service vulnerabilities were found and fixed in FreeRADIUS. For more information, please see the GLSA Announcement xine-lib: Multiple vulnerabilities xine-lib contains several vulnerabilities potentially allowing the execution of arbitrary code. For more information, please see the GLSA Announcement jabberd 1.x: Denial of Service vulnerability The jabberd server was found to be vulnerable to a remote Denial of Service attack. For more information, please see the GLSA Announcement getmail: Filesystem overwrite vulnerability getmail contains a vulnerability that could potentially allow any local user to create or overwrite files in any directory on the system. This flaw can be escalated further and possibly lead to a complete system compromise. For more information, please see the GLSA Announcement Apache: Exposure of protected directories A bug in the way Apache handles the Satisfy directive can lead to the exposure of protected directories to unauthorized users. For more information, please see the GLSA Announcement Portage 2.0.51_rc1 trials and tribulations The new Portage version is rippling the surface of more than one forum these days. Check for new features, bugs, and bugs that really are features at one of the threads below:
Alsa and the 2.6 Kernel Upgrading to the 2.6 kernel series brings a lot of benefits. Better performance under load, a simplified compilation process, and ALSA sound drivers included in the kernel. List contributor Greg wondered if after upgrading the user-land ALSA headers and libraries were necessary. Check the thread to find out! Xorg takes the place of xfree as default for the x11 virtual Hardened toolchain reorganization Solar had previously announced that the hardened toolchain might be dropped, but reconsidered when many developers and users gave very positive feedback. As it stands now, the Gentoo Hardened subproject does not have the manpower to do everything at once, so every bit of support, especially with bug hunting and fixing is wanted. Stack-smash protection by default? This long and controversial thread was started upon someone asking a rather innocent question: Shouldn't Gentoo offer stack-smash protection ("-fstack-protector" CFLAG) by default, since most vulnerabilities are still buffer overflows? Stack-smash protection can adversely affect performance, it offers protection against a class of exploits, enabling it may protect users, at little extra cost. USE="acl" likely to be removed from profiles All profiles and stage2 / stage3 set USE="acl", but most users will not need it, and some complications may happen during install. Therefore this flag has been removed from the 2004.3 x86 profile; most likely the other profiles will do the same. Moving /usr/qt and /usr/kde for better FHS compliance? The FHS (File Hierarchy Standard) defines default locations for most files in a linux system. Is the Gentoo strategy of using /usr/qt/x.y and /usr/kde/x.y to allow different KDE and QT versions to coexist a violation of the FHS? Italy: Impressions from Linux World Expò - The Gechi LWE movie The Gechi (Gentoo Channel Italia) activists have veni to the Linux World Expo (Milano edition), and have both vidi and vici... To provide a virtual experience of their introductory Gentoo presentation they've set up four movie versions of the speech given by Forum user .:deadhead:.. Kindly refrain from clicking any of the links listed below if your bandwidth doesn't allow for large downloads, or you don't have 54 minutes to watch their endeavours: Germany: Gentoo PPC developer meeting update Both Belgians on the Gentoo PPC team, Pieter van den Abeele (pvdabeel) and Jochen Maes (SeJo), have announced their presence at the GentooPPC developer meeting scheduled for Thursday this week, 30 September, bringing the number of participants to double digits (from almost as many different countries). You can still register for this event at Kransberg Castle (near Frankfurt am Main) with Ulrich Plate. Linux Gazette: September 2004 (issue no. 106) Mike Orr (aka Sluggo) wrote an article about Installing Gentoo - "still my favourite distro" - for this month's Linux Gazette. He describes the installation process of a desktop system on two different PCs, both dual-booting Windows, one Pentium III with 1 GHz and a brandnew 2.6 GHz Pentium4 with two monitors. Linux+ 02/2004 (September 2004) This month the Polish magazine Linux+ (also distributed in German and Czech versions) comes bundled with two DVDs, one of which has Gentoo Linux 2004.1 for x86 (stages 1 and 3 included) on it, with an updated Portage and an extra-check of software dependencies. The printed edition includes an article describing the installation from DVD, the official handbook and additional installation guides can always be found at the Gentoo website. The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 19 September 2004 and 25 September 2004, activity on the site has resulted in:
Of the 7133 currently open bugs: 135 are labeled 'blocker', 220 are labeled 'critical', and 562 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Roaming network profiles for laptops with Quickswitch Every Laptop user knows what I am talking about by saying that switching network profiles is a real problem and hard to keep track of when doing it manually. This is where Quickswitch comes in. Quickswitch is a utility that not only makes laptop users' everyday life easier by letting them create and use roaming network profiles, but it also has built-in support for multiple network cards, wireless LAN configurations, different kernel parameters, support for X configurations, Netscape preferences, Samba shares and so on and so forth. Sounds good? Want to learn how to use it? Read on:
Now we need to tell quickswitch about all the network settings we want to be able to switch to. Quickswitch can be configured using it configuration file in /etc/quickswitch/switchto.conf. There is also a sample configuration in /etc/quickswitch/switchto.conf.sample.
We are finished with the configuration now. Let's test if it works.
Use ifconfig and route to make sure that switchto correctly applied the settings the first time. Everythings ok? Well done! Quickswitch offers two more ways of how to switch your profile.
To learn how Quickswitch easily lets you create profiles that also switch Samba, X configurations and even more. Take a look at the well documented /etc/quickswitch/switchto.conf.sample sample configuration file and visit the Quickswitch project homepage. The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email. Please send us your feedback and help make the GWN better. 11. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|