Gentoo Weekly Newsletter: December 20, 2004

1.  Gentoo News

Gentoo UK conference call for speakers

Stuart Herbert has renewed his call for papers to be presented at next year's Gentoo conference for developers and users in the UK. The topic for the conference to be held on Saturday 12 March 2005 at the University of Salford will be "Success with Gentoo". Please submit proposals to his contact address before 31 December 2004.

New Catalyst mailing list

Everything you always wanted to know about catalyst, the Gentoo release engineering's meta-tool for creating LiveCDs, Gentoo Reference Platform (GRP) packages and the installation stages 1 to 3, can now be discussed on a mailing list of its own. Joining the new list will be particularly useful for all those who wish to create their own customized versions of Gentoo Linux. gentoo-catalyst@gentoo.org has been spun off the main release engineering mailing list where these matters were usually discussed before. Subscription help and other information can be found on the mailing list page.

GWN needs additional translators

The newsletter is currently translated into Japanese, German, Italian, Polish, Dutch and Turkish. Since our last call for help quite a number of volunteers have been found to give new life to some of the other formerly translated versions of the GWN, namely Spanish, Russian and French, and even an entirely new one: Romanian! If you would like to join the new teams that are in the process of being created, please contact gwn-feedback@gentoo.org. The team leaders would like to emphasize that it's not just a question of "the more, the merrier" - translating is hard work, and if you're unable to split it among a group of people, it's almost impossible to sustain for a longer period of time.

2.  Future zone

Pre-Christmas vacation

Future zone takes a short rest before coming back with more stories from bleeding edge development, fascinating technology insights and lesser known projects that deserve more attention. If you would like to see something you work on covered in this section, please send a short description to our feedback address, and we'll get right back to you.

3.  Gentoo security

file: Arbitrary code execution

The code for parsing ELF headers in file contains a flaw which may allow an attacker to execute arbitrary code.

For more information, please see the GLSA Announcement

nfs-utils: Multiple remote vulnerabilities

Multiple vulnerabilities have been discovered in nfs-utils that could lead to a Denial of Service, or the execution of arbitrary code.

For more information, please see the GLSA Announcement

ncpfs: Buffer overflow in ncplogin and ncpmap

ncpfs is vulnerable to a buffer overflow that could lead to local execution of arbitrary code with elevated privileges.

For more information, please see the GLSA Announcement

Vim, gVim: Vulnerable options in modelines

Several vulnerabilities related to the use of options in modelines have been found and fixed in Vim. They could potentially result in a local user escalating privileges.

For more information, please see the GLSA Announcement

Cscope: Insecure creation of temporary files

Cscope is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

Adobe Acrobat Reader: Buffer overflow vulnerability

Adobe Acrobat Reader is vulnerable to a buffer overflow that could lead to remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Samba: Integer overflow

Samba contains a bug that could lead to remote execution of arbitrary code.

For more information, please see the GLSA Announcement

PHP: Multiple vulnerabilities

Several vulnerabilities were found and fixed in PHP, ranging from an information leak and a safe_mode restriction bypass to a potential remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Ethereal: Multiple vulnerabilities

Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.

For more information, please see the GLSA Announcement

kdelibs, kdebase: Multiple vulnerabilities

kdelibs and kdebase contain a flaw allowing password disclosure when creating a link to a remote file. Furthermore Konqueror is vulnerable to window injection.

For more information, please see the GLSA Announcement

4.  Heard in the community

Web forums

At the strike of the falling log it's - 0 postcounts

Bit of a nasty surprise for some of the regulars frequenting the notorious "Off the Wall" section at the Gentoo Forums last week: In a coup that is aimed at restoring some of the credibility to the poster rankings displayed below each user ID at the forums, nothing posted in the openly off-topic OTW forum is counted towards the user ranking any longer, and previous posts have been subtracted as well. The measure implemented by the forum administrators has yielded some painful results for numerous posters who had collected hundreds or even thousands of posts over their subscription period, but ended up having lost their "veteran" status now because all those posts had been in OTW. Moderators and admins are hoping this will help shift some of the emphasis of the Forums back to its prime objective, support for Gentoo Linux users.

• [forums-announce] OTW posts no longer count towards total
• OTW will be deleted soon (not really...)

gentoo-user

Cool console tip thread of the week

It all started with a simple question: How to stop emerge's output from scrolling off the screen when there are many packages to merge. That question got answered quickly, but then came the other tips: How to scroll up and down in virtual terminals, increase your VT buffer history size, bash history searching, and more!

• Visualize Packages List on Console

File system discussions

The many virtues of running Linux include having a variety of file system formats to choose from. There are the old reliables: ext2 and ext3 that most seasoned Linux geeks know about. But in Linux's recent history, many more file systems have come about. XFS, JFS, and ReiserFS to name a few. This informative thread shares some of the experiences of Gentoo users on all these file systems, and discusses the pros and cons of running a "less popular" file system format.

• JFS and XFS

X11 mice and udev

It's enevitiable, udev is the next stop for Linux's /dev filesystem. udev brings along a slew of great features that are easy to use, but be on the lookout for this common problem when switching from devfs.

• Problems with X11 and udev

gentoo-dev

Makefile variables inside ebuilds

Robin H. Johnson asks: "I've seen a lot of ebuilds lately where the author has tried to get a variable set inside the Makefile, but their code actually doesn't work, and it hasn't been noticed." Read on to learn what works and what doesn't, and get a lecture in advanced bash-magic as you read along.

• Makefile variables inside ebuilds

libtool help

Mike Frysinger offers some information on a libtool-related series of bugs. As of libtool-1.5.10, some ebuilds fail with:

*** Gentoo sanity check failed! ***
*** libtool.m4 and ltmain.sh have a version mismatch! ***
*** (libtool.m4 = 1.5.10, ltmain.sh = 1.5.2) ***

This is an ebuild error, so if you hit this error, check on bugs.gentoo.org if it is known and open a bug if there isn't one yet. The fixes are relatively simple, a howto can be found in the mail thread.

• libtool help

5.  Gentoo in the press

Hardware Upgrade (9 December 2004)

In an extensive, eleven-page-long test titled "Gaming con Linux", the Italian magazine Hardware Upgrade puts Linux against Windows in a whole series of performance tests for games like Unreal Tournament and Doom 3, on graphics from both ATI and Nvidia. Author Raffaele Fanizzi chose Gentoo Linux as his platform for the Linux side of benchmarking, and concludes that using Nvidia NV40 in Linux offers better performance in Gentoo than Windows XP, despite manufacturer optimizations for the hardware being biased towards the Windows platform, with ATi Radeon cards being even more heavily predisposed for optimal performance in Windows.

O'Reilly XML.com (15 December 2004)

Nick Kew, author of various XML applications and this recent article on "XML Namespace Processing in Apache", mentions Gentoo alongside FreeBSD and Debian as an example for incorporation of his "unexpectedly most popular" mod_proxy_html, "which rewrites URLs into a proxy's address space and is an essential component of a reverse proxy."

Linuxtimes.net (15 December 2004)

Gentoo has been voted "Favourite distribution" in a poll conducted by Linuxtimes.net (owned by, interestingly enough, Linare Corporation), leading the pack with almost a quarter of all 2500+ votes.

Linux Journal (17 December 2004)

In an interview with Linux Journal, Bill McCarty who recently published a new book on "Security Enhanced Linux" draws encouraging signs of more widespread availability of SELinux in the future from the fact that it's "now an integral component of several Linux distributions, such as Fedora Core, Gentoo and the beta release of Red Hat Enterprise Linux 4."

6.  Bugzilla

Summary

• Statistics
• Closed bug ranking
• New bug rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 12 December 2004 and 19 December 2004, activity on the site has resulted in:

• 738 new bugs during this period
• 368 bugs closed or resolved during this period
• 30 previously closed bugs were reopened this period

Of the 7750 currently open bugs: 126 are labeled 'blocker', 233 are labeled 'critical', and 551 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

• AMD64 Porting Team, with 26 closed bugs
• Gentoo Games, with 24 closed bugs
• Gentoo Security, with 16 closed bugs
• ppc64 architecture team, with 15 closed bugs
• Gentoo's Team for Core System packages, with 15 closed bugs
• Java team, with 14 closed bugs
• SpanKY, with 11 closed bugs
• Gentoo Linux Gnome Desktop Team, with 11 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

• media-video herd, with 16 new bugs
• AMD64 Porting Team, with 14 new bugs
• Gentoo's Team for Core System packages, with 13 new bugs
• Gentoo Sound Team, with 10 new bugs
• Gentoo Science Related Packages, with 10 new bugs
• Java team, with 9 new bugs
• Gentoo Linux Gnome Desktop Team, with 9 new bugs
• Embedded Gentoo Team, with 9 new bugs

7.  Tips and Tricks

Devtodo: Nifty tool for developers and others

This small program provides a per-directory todo list. Items can be added, deleted, edited and changed in priority. The list is always sorted with the most important items on top, equal priority items sorted by time, oldest first.

emerge app-misc/devtodo

Let's see a small demonstration:

$ tda
Enter text for the item you are adding.
text> Write some stuff for the GWN
1. veryhigh   2. high   3. medium   4. low   5. verylow   
Enter a priority from those listed above.
priority> medium
Index of new item is 1

$ tda
Enter text for the item you are adding.
text> Install a speelchecker
1. veryhigh   2. high   3. medium   4. low   5. verylow   
Enter a priority from those listed above.
priority> low
Index of new item is 2

Now lets check the output:

$ devtodo 
  1.Write some stuff for the GWN
  2.Install a speelchecker

Ok, let's edit the priorities, a spellchecker would be quite useful before finishing other things:

$ tde 2
Modify the text of the item you are editing.
text> Install a speelchecker
1. veryhigh   2. high   3. medium   4. low   5. verylow   
Enter a priority from those listed above.
priority> veryhigh

This moves the item above lower priority items and changes the output colour to red. Available (colour-coded!) priorities are: 1. veryhigh 2. high 3. medium 4. low 5. verylow

$ devtodo
  1.Install a speelchecker
  2.Write some stuff for the GWN

Once you have completed an item, you can either mark it as done with "tdd" or remove it with "tdr". So from now on you don't have an excuse for forgetting assignments and other things. Enjoy!

8.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

• None this week

Adds

The following developers recently joined the Gentoo Linux team:

• Gregorio Guidi (greg_g) - KDE

Changes

The following developers recently changed roles within the Gentoo Linux project:

• None this week

9.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

10.  GWN feedback

Please send us your feedback and help make the GWN better.

11.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

12.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

• Danish
• Dutch
• English
• German
• French
• Japanese
• Italian
• Polish
• Portuguese (Brazil)
• Portuguese (Portugal)
• Russian
• Spanish
• Turkish