Gentoo Weekly Newsletter: November 8, 2004Corey Shields has published the preliminary results of the Gentoo User Survey. Conducted during two weeks in September, all purely numerical data has now been evaluated and processed for publication on Corey's own developer webspace, pending interpretation of three additional text-based questions that respondents have answered using their own words, which requires more work to aggregate, to be added to the published data at a later date.
The results bear little to no surprises as long as current user habits are concerned. Out of experience, a majority of Gentooists synchronizing and updating their configuration on a daily basis was to be expected. Some of the questions concerning future plans for Gentoo provoked answers quite outside expectations, though. Who would have thought that simplified, possibly GUI-based installation routines would figure so prominently among user preferences?
Other requests are already reflected in Gentoo's policy. The release schedule, estimated to be most useful at a new release every six months by 47 percent of Gentooists asked, will effectively be changed to a twice-a-year rhythm starting with 2005.0. Cherokee: Format string vulnerability Cherokee contains a format string vulnerability that could lead to denial of service or the execution of arbitary code. For more information, please see the GLSA Announcement Apache 1.3: Buffer overflow vulnerability in mod_include A buffer overflow vulnerability exists in mod_include which could possibly allow a local attacker to gain escalated privileges. For more information, please see the GLSA Announcement Speedtouch USB driver: Privilege escalation vulnerability A vulnerability in the Speedtouch USB driver can be exploited to allow local users to execute arbitrary code with escalated privileges. For more information, please see the GLSA Announcement libxml2: Remotely exploitable buffer overflow libxml2 contains multiple buffer overflows which could lead to the execution of arbitrary code. For more information, please see the GLSA Announcement MIME-tools: Virus detection evasion MIME-tools doesn't handle empty MIME boundaries correctly. This may prevent some virus-scanning programs which use MIME-tools from detecting certain viruses. For more information, please see the GLSA Announcement Proxytunnel: Format string vulnerability Proxytunnel is vulnerable to a format string vulnerability, potentially allowing a remote server to execute arbitrary code with the rights of the Proxytunnel process. For more information, please see the GLSA Announcement The PNG image decoding routines in the GD library contain an integer overflow that may allow execution of arbitrary code with the rights of the program decoding a malicious PNG image. For more information, please see the GLSA Announcement shadow: Unauthorized modification of account information A flaw in the chfn and chsh utilities might allow modification of account properties by unauthorized users. For more information, please see the GLSA Announcement Gallery: Cross-site scripting vulnerability Gallery is vulnerable to cross-site scripting attacks. For more information, please see the GLSA Announcement ImageMagick: EXIF buffer overflow ImageMagick contains an error in boundary checks when handling EXIF information, which could lead to arbitrary code execution. For more information, please see the GLSA Announcement Sharing /usr/portage Supporting multiple Gentoo systems typically means maintaining separate copies of the portage tree. To save disk space and time, several users discuss how to manage a single shared copy across all systems. Perl modules in Portage One user inquires about installing perl modules in portage after having trouble finding them. Portage offers a helpful script to search for perl modules and dynamically generate an ebuild to install them. PS2 and Gentoo Linux As Gentoo seems to run on everything (except maybe refrigerators), this thread explores the feasibility of Gentoo on the PlayStation 2. Getting a full Gentoo install on it will not be easy, but it looks like lots of fun trying to. Handling multiple packages providing a symlink Ciaran McCreesh explores the possibilities of handling multiple packages (like vi, vim, elvis) providing symlinks (in this case for vi). Most suggestions from others included implementing a system like Debian alternatives, so expect some nice and pleasant modifications soon. Official Gentoo motto? Following a NewsForge article claiming that the official Gentoo Motto was "If it moves, compile it", people were wondering - since clearly this isn't it - what could in fact be a good motto for Gentoo. 27 November 2004 is going to be the date for the fourth time that Italy's ever-growing open-source movement organizes a national Linux day, and the second time that this Italy-wide event is reason enough for the Italian Gentoo users to prepare for some evangelism of their own: For the second year in a row, "Gentoo Day" is going to be held simultaneously in two cities in Italy, Prato and Milano, thanks to those Gentooists active in the Gentoo Channel Italia (Gechi) framework, and the hospitality of two co-organizing local Linux User Groups, MiLUG and PLUG. Gentoo Day encompasses talks by weathered Gentoo presenters, various architectures on display, some paraphernalia for collectors of Gentoo gadgetry, and of course the opportunity to meet other Gentoo users and developers. If you want to join the Gechi in this endeavour in either of the two cities separated by about 300 kilometres, check this Forum thread and the Gechi's own forum (both links in Italian). UK: Gentoo User Meeting in Cambridge Last Thursday, 4 November 2004, Gentoo users and developers flocked from places such as Poland, Peru, and even as far away as Cambridge, to meet up for a quick drink in "The Eagle" pub, Cambridge, UK. Accompanied by a few members of the Cambridge LUG, the turnout was higher than expected, at about 15. Overall an enjoyable evening in anticipation for future Gentoo UK meetings. Notebook Review (5 November 2004) User experiences with a recent LG Electronics notebook model is what the LG X-Note LM50 notebook review is really all about, marking good old Korean Lucky Goldstar's debut on the North-American notebook market. A plain hardware review, if it wasn't for a rather unexpected twist the article takes about halfway down: The author has to cut the list of hardware items he intended to write shorter than planned because he can't access the device info in Windows - with the review not even finished, his new LM50 is already busy installing Gentoo Linux. The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 31 October 2004 and 07 November 2004, activity on the site has resulted in:
Of the 7400 currently open bugs: 122 are labeled 'blocker', 251 are labeled 'critical', and 560 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Specifying only needed locales The locales a user can choose from are built by the glibc. Usually all available locales starting from aa_DJ (Afar locale for Djibouti) over en_US (English locale for the USA) to zu_ZA.utf8 (Zulu locale for South Africa) will be installed. Unless you're working at the UN and administer a central server for all member states, it is difficult to conceive why you would need a system where all of these locales are installed. This week's tip was written with all those of you in mind who'd like to save 90 percent of the space occupied by locales in their system, by limiting the number of installed locales to the bare minimum. Ever since sys-libs/glibc-2.3.4.20040619-r2 has been in Portage, a USE-flag called userlocales was provided to make sure only those locales mentioned in /etc/locales.build are to be built and installed. As a side-effect, this also leads to a much faster emerge of glibc, obviously.
Now specify the locales you want to be able to use:
For further information about locale-handling make sure you read our Gentoo Linux Localization Guide. Another interesting tool is app-admin/localepurge which can clean out any installed man-page or info-file in languages you don't need on your system. You should read the man-page to localepurge in any case, and configure languages you intend to keep in /etc/locale.nopurge. By the way, if you want to prohibit the installation of all man-pages, info-files or documentation, for example when space on your disk is severely limited, you can add noman, nodoc and/or noinfo to FEATURES in your /etc/make.conf. The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email. Please send us your feedback and help make the GWN better. 11. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
