Gentoo Logo

Gentoo Weekly Newsletter: October 18, 2004


1.  Gentoo News

2004.3 release coming your way: LiveCD test builds for x86 and PPC avalable soon

Watch out for beta versions of the upcoming 2004.3 LiveCDs this week: Both x86 and PPC architectures are on the brink of releasing previews, and will eagerly await bug reports at Gentoo's bugzilla as soon as the test builds hit the mirrors. Comments from testers are highly welcome before marking the respective architectures ready for release.

New lead translator for Japanese GWN

The GWN extends its gratitude to a long-time contributor, Japanese lead translator Katsuyuki Konno who is leaving the team this month, to be followed by Tomoyuki Sakurai. The Japanese version of the GWN has been in existence from the fourth issue of the English language publication, and it hasn't skipped a single issue ever since then, making Japanese one of the first and most reliable of the various alternative GWN languages.

2.  Gentoo security

LessTif: Integer and stack overflows in libXpm

Multiple vulnerabilities have been discovered in libXpm, which is included in LessTif, that can potentially lead to remote code execution.

For more information, please see the GLSA Announcement

gettext: Insecure temporary file handling

The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user.

For more information, please see the GLSA Announcement

tiff: Buffer overflows in image decoding

Multiple heap-based overflows have been found in the tiff library image decoding routines, potentially allowing to execute arbitrary code with the rights of the user viewing a malicious image.

For more information, please see the GLSA Announcement

WordPress: HTTP response splitting and XSS vulnerabilities

WordPress contains HTTP response splitting and cross-site scripting vulnerabilities.

For more information, please see the GLSA Announcement

BNC: Input validation flaw

BNC contains an input validation flaw which might allow a remote attacker to issue arbitrary IRC related commands.

For more information, please see the GLSA Announcement

3.  Heard in the community

Web forums


Security comes at a price: When packages supposedly collaborating with each other for providing GnuPG and S/MIME support in the KDE mail client are being updated without coordination upstream, things may occasionally break:


KDE and broken DNS

Several Gentooers noticed that after upgrading glibc on their systems, DNS sporadically quit working inside KDE. One helpful poster provided a link back to KDE's bugzilla that had a bug report specifically for Gentoo, but it had no solution. So what is the culprit? When doing large system upgrades such as perl, glibc, etc. you should be sure to do a revdep-rebuild to help solve issues like the above. It's not a magic fix for everything, but it can certainly reduce hair-pulling for strange events like these.

Resuming emerge on a notebook

Many people have an issue with long running emerges on their notebooks: Between work and home they have to cancel and completely restart the compilation of some larger packages.

Filesystem automounter

Having trouble getting autofs to work on your Gentoo system? Here's a thread discussing alternative program recommendations for mounting filesystems.


xorg-x11-6.8.0-r1 ready to go stable on all archs

Donnie Berkholz announced that xorg-x11-6.8.0-r1 is ready to go stable on x86 and asked all arch maintainers to follow shortly thereafter, unless there is a good reason not to mark it stable. Reason for this is to have marked it stable before the portage snapshot for the 2004.3 release will be taken.

init script optimizations?

Discussions about more or less dangerous optimizations to speed up the boot sequence.

HPPA dev box is now online at OSU

Mike Frysinger got his HPPA development-box set up on OSU where it is accessible for every Gentoo developer who need to test ebuilds on HPPA.

rsync speed and space taken

Discussions about the size of the Gentoo portage tree.

Support for UTF-8 in the console

Mike Frysinger was looking for feedback from people using UTF-8 fonts and keymaps in the console, and asked them to test a new patch.

GLEP23 - Updates and call for further discussion

GLEP 23 deals with Portage and how it handles the ACCEPT_LICENSE clause:

4.  Gentoo International

Germany: Munich Gentoo Linux User Group Event

Last Saturday, 15 October, MGLUG's Gentooistas and other Linux users from Munich's general LUG (celebrating its 10th anniversary this year) and neighboring Erding LUG had organized a joint event with "Berkeley in Munich", the local BSD community. Labeled "First Open-source Infotainment Day", the organisers had brought together speakers exploring the structural differences between Linux and FreeBSD, introducing TeX desktop publishing, and other topics. One presentation was dedicated to "Gentoo Linux from an ISP's viewpoint", and installations of both Gentoo Linux and FreeBSD were offered during the event, too. The meeting started early and continued over lunch at the premises of a Munich-based job training center, and a few impressions of the event can be viewed at the MGLUG's photo gallery.

Figure 4.1: Gentoo Linux users and friends in Munich

Fig. 1: MGLUG meeting

Italy: To Smau or not to Smau

It has a reputation for being the largest and most important IT fair in Italy, but some Italian Gentooists seem to be skeptical about its usefulness. Nevertheless, a few Gechi members are openly thinking of attending the Smau this year, held at the Milano trade fair ground from Thursday 21 October to Monday 25 October 2004. Never mind that weighing the pros and cons at this thread in the Gentoo forums only has "half-naked dancers" on the plus-side of the balance sheet - you'll still be able to meet one or the other Gentooist among the almost 400,000 visitors expected at the event.

5.  Gentoo in the press

The Age (12 October 2004)

In a rather disturbingly titled article in Australia's leading newspaper for the Victoria district, "Microsoft scores well on security analysis", the Victorian open-source activist Con Zymaris did his best to convince author Rob O'Neill of the virtue of open-source security advisories, but wasn't entirely successful. If getting shot as a messenger of security flaws really is a considerable risk down under, Gentoo may want to stand less tall, but in reality, of course, having the highest number of security advisories of all open-source projects and commercial vendors is not bad at all.

ZDNet (12 October 2004)

David Berlind at ZDnet props Linux against Mac OS X in his quest for the future ruler of the desktop: "Today, even the most reputable and recommended distributions of desktop Linux, such as Gentoo and Xandros, are not the no-brainers that OS X and Windows--in that order--are." Interestingly enough, he seems quite confident that Linux will eventually be persistent enough for popular acceptance as a desktop OS: "However, it’s only a matter of time before desktop Linux follows precisely the same path as server Linux did when it worked its way from the pockets of early adopters and risk takers into gaining the widespread affection of server administrators."

Central Command, Inc. (press release 13 October 2004)

Gentoo figures as one of the supported distributions in a press release by Central Command, Inc., a privately held company in Ohio providing anti-virus software that is going to be offered as a server-side application bundled with the services of Outblaze Ltd., a global provider of hosted email headquartered in Hong Kong.

6.  Bugzilla



The Gentoo community uses Bugzilla ( to record and track bugs, notifications, suggestions and other interactions with the development team. Between 10 October 2004 and 16 October 2004, activity on the site has resulted in:

  • 796 new bugs during this period
  • 310 bugs closed or resolved during this period
  • 38 previously closed bugs were reopened this period

Of the 7252 currently open bugs: 124 are labeled 'blocker', 245 are labeled 'critical', and 525 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  Tips and Tricks

Gentoo Initscripts

This week we will have a look at some nice to know things about initscripts that every sysadmin and user should at least have heard of once.

By installing and administering your installation of Gentoo Linux you will have learned about how to add services to a specific runlevel, and how to start and stop those services.

But most users are not aware of some other nifty functions in the Gentoo initscripts that have the potential for making their lives easier in administering their Gentoo boxes.

Q: What to do if I can’t stop a service? What if the processes were killed but my system thinks they are still running?

A: Execute /etc/init.d/<service> zap to reset the status of the service.

Q: How do I figure out if a service is running or not?

A: /etc/init.d/<service> status will tell you the current status of the given service.

Q: And while we're at it, how can I see all services running?

A: rc-status lists all services that have been started and their current status.

Q: How to restart a service?

A: /etc/init.d/<service> restart restarts the service.

Q: How do I find out what other services have to be started when I want to use <service>?

A: /etc/init.d/<service> ineed will give you a list of services that need to be running before this service can be started.

Q: Which services need/depend on this <service>?

A: /etc/init.d/<service> needsme lists all services that depend on the service given.

For further information on how runlevels work in Gentoo Linux please take a look at the Initscript guide that is part of the Gentoo System Documentation.

8.  Moves, adds, and changes


The following developers recently left the Gentoo team:

  • None this week


The following developers recently joined the Gentoo Linux team:

  • None this week


The following developers recently changed roles within the Gentoo Linux project:

  • None this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:


Page updated 18 October 2004

Summary: This is the Gentoo Weekly Newsletter for the week of 18 October 2004.

Ulrich Plate

Brian Downey

Christian Hartmann

Marc Hildebrand

Patrick Lauer

Emmet Wagle

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.