Gentoo Logo

Gentoo Weekly Newsletter: November 8, 2004

Content:

1.  Gentoo News

Gentoo User Survey Results

Corey Shields has published the preliminary results of the Gentoo User Survey. Conducted during two weeks in September, all purely numerical data has now been evaluated and processed for publication on Corey's own developer webspace, pending interpretation of three additional text-based questions that respondents have answered using their own words, which requires more work to aggregate, to be added to the published data at a later date.


Figure 1.1: Portage and optimizations most important for users

Fig. 1: Why choose Gentoo?

The results bear little to no surprises as long as current user habits are concerned. Out of experience, a majority of Gentooists synchronizing and updating their configuration on a daily basis was to be expected. Some of the questions concerning future plans for Gentoo provoked answers quite outside expectations, though. Who would have thought that simplified, possibly GUI-based installation routines would figure so prominently among user preferences?


Figure 1.2: Caveat: Most respondents said 'None of these'

Fig. 2: User preferences

Other requests are already reflected in Gentoo's policy. The release schedule, estimated to be most useful at a new release every six months by 47 percent of Gentooists asked, will effectively be changed to a twice-a-year rhythm starting with 2005.0.

2.  Gentoo security

Cherokee: Format string vulnerability

Cherokee contains a format string vulnerability that could lead to denial of service or the execution of arbitary code.

For more information, please see the GLSA Announcement

Apache 1.3: Buffer overflow vulnerability in mod_include

A buffer overflow vulnerability exists in mod_include which could possibly allow a local attacker to gain escalated privileges.

For more information, please see the GLSA Announcement

Speedtouch USB driver: Privilege escalation vulnerability

A vulnerability in the Speedtouch USB driver can be exploited to allow local users to execute arbitrary code with escalated privileges.

For more information, please see the GLSA Announcement

libxml2: Remotely exploitable buffer overflow

libxml2 contains multiple buffer overflows which could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

MIME-tools: Virus detection evasion

MIME-tools doesn't handle empty MIME boundaries correctly. This may prevent some virus-scanning programs which use MIME-tools from detecting certain viruses.

For more information, please see the GLSA Announcement

Proxytunnel: Format string vulnerability

Proxytunnel is vulnerable to a format string vulnerability, potentially allowing a remote server to execute arbitrary code with the rights of the Proxytunnel process.

For more information, please see the GLSA Announcement

GD: Integer overflow

The PNG image decoding routines in the GD library contain an integer overflow that may allow execution of arbitrary code with the rights of the program decoding a malicious PNG image.

For more information, please see the GLSA Announcement

shadow: Unauthorized modification of account information

A flaw in the chfn and chsh utilities might allow modification of account properties by unauthorized users.

For more information, please see the GLSA Announcement

Gallery: Cross-site scripting vulnerability

Gallery is vulnerable to cross-site scripting attacks.

For more information, please see the GLSA Announcement

ImageMagick: EXIF buffer overflow

ImageMagick contains an error in boundary checks when handling EXIF information, which could lead to arbitrary code execution.

For more information, please see the GLSA Announcement

3.  Heard in the community

gentoo-user

Sharing /usr/portage

Supporting multiple Gentoo systems typically means maintaining separate copies of the portage tree. To save disk space and time, several users discuss how to manage a single shared copy across all systems.

Perl modules in Portage

One user inquires about installing perl modules in portage after having trouble finding them. Portage offers a helpful script to search for perl modules and dynamically generate an ebuild to install them.

gentoo-dev

PS2 and Gentoo Linux

As Gentoo seems to run on everything (except maybe refrigerators), this thread explores the feasibility of Gentoo on the PlayStation 2. Getting a full Gentoo install on it will not be easy, but it looks like lots of fun trying to.

Handling multiple packages providing a symlink

Ciaran McCreesh explores the possibilities of handling multiple packages (like vi, vim, elvis) providing symlinks (in this case for vi). Most suggestions from others included implementing a system like Debian alternatives, so expect some nice and pleasant modifications soon.

Official Gentoo motto?

Following a NewsForge article claiming that the official Gentoo Motto was "If it moves, compile it", people were wondering - since clearly this isn't it - what could in fact be a good motto for Gentoo.

4.  Gentoo International

Italy: Gentoo Day

27 November 2004 is going to be the date for the fourth time that Italy's ever-growing open-source movement organizes a national Linux day, and the second time that this Italy-wide event is reason enough for the Italian Gentoo users to prepare for some evangelism of their own: For the second year in a row, "Gentoo Day" is going to be held simultaneously in two cities in Italy, Prato and Milano, thanks to those Gentooists active in the Gentoo Channel Italia (Gechi) framework, and the hospitality of two co-organizing local Linux User Groups, MiLUG and PLUG. Gentoo Day encompasses talks by weathered Gentoo presenters, various architectures on display, some paraphernalia for collectors of Gentoo gadgetry, and of course the opportunity to meet other Gentoo users and developers. If you want to join the Gechi in this endeavour in either of the two cities separated by about 300 kilometres, check this Forum thread and the Gechi's own forum (both links in Italian).

UK: Gentoo User Meeting in Cambridge

Last Thursday, 4 November 2004, Gentoo users and developers flocked from places such as Poland, Peru, and even as far away as Cambridge, to meet up for a quick drink in "The Eagle" pub, Cambridge, UK. Accompanied by a few members of the Cambridge LUG, the turnout was higher than expected, at about 15. Overall an enjoyable evening in anticipation for future Gentoo UK meetings.

5.  Gentoo in the press

Notebook Review (5 November 2004)

User experiences with a recent LG Electronics notebook model is what the LG X-Note LM50 notebook review is really all about, marking good old Korean Lucky Goldstar's debut on the North-American notebook market. A plain hardware review, if it wasn't for a rather unexpected twist the article takes about halfway down: The author has to cut the list of hardware items he intended to write shorter than planned because he can't access the device info in Windows - with the review not even finished, his new LM50 is already busy installing Gentoo Linux.

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 31 October 2004 and 07 November 2004, activity on the site has resulted in:

  • 743 new bugs during this period
  • 428 bugs closed or resolved during this period
  • 26 previously closed bugs were reopened this period

Of the 7400 currently open bugs: 122 are labeled 'blocker', 251 are labeled 'critical', and 560 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  Tips and Tricks

Specifying only needed locales

The locales a user can choose from are built by the glibc. Usually all available locales starting from aa_DJ (Afar locale for Djibouti) over en_US (English locale for the USA) to zu_ZA.utf8 (Zulu locale for South Africa) will be installed. Unless you're working at the UN and administer a central server for all member states, it is difficult to conceive why you would need a system where all of these locales are installed. This week's tip was written with all those of you in mind who'd like to save 90 percent of the space occupied by locales in their system, by limiting the number of installed locales to the bare minimum.

Ever since sys-libs/glibc-2.3.4.20040619-r2 has been in Portage, a USE-flag called userlocales was provided to make sure only those locales mentioned in /etc/locales.build are to be built and installed. As a side-effect, this also leads to a much faster emerge of glibc, obviously.

Code Listing 7.1: Activate the userlocales USE flag especially for glibc

echo "sys-libs/glibc userlocales" >> /etc/portage/package.use

Now specify the locales you want to be able to use:

Code Listing 7.2: nano -w /etc/locales.build

The format of the locales is described in the file itself.
en_US/ISO-8859-1
en_US.UTF-8/UTF-8
de_DE/ISO-8859-1
de_DE@euro/ISO-8859-15
de_DE.UTF-8/UTF-8

For further information about locale-handling make sure you read our Gentoo Linux Localization Guide.

Another interesting tool is app-admin/localepurge which can clean out any installed man-page or info-file in languages you don't need on your system. You should read the man-page to localepurge in any case, and configure languages you intend to keep in /etc/locale.nopurge.

By the way, if you want to prohibit the installation of all man-pages, info-files or documentation, for example when space on your disk is severely limited, you can add noman, nodoc and/or noinfo to FEATURES in your /etc/make.conf.

8.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • Yi Qiang - Gnome

Adds

The following developers recently joined the Gentoo Linux team:

  • Simone Gotti (motaboy) - KDE
  • Roy Marples (uberlord) - Init scripting
  • Michael Tindal (urilith) - Apache, Embedded, Hardened
  • Alin Nastac (mrness) - Net dialup

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 8 November 2004

Summary: This is the Gentoo Weekly Newsletter for the week of 8 November 2004.

Ulrich Plate
Editor

Brian Downey
Author

Patrick Lauer
Author

Emmet Wagle
Author

Lars Weiler
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.