Gentoo Logo

Gentoo Weekly Newsletter: 15 October 2007

Content:

1.  Heard in the Community

Planet Gentoo

Gentoo Arch Testing

x86 team member Christian Faulhammer describes the methods that the Architecture teams take to ensure that stable packages are indeed, stable. He details each step, noting that many of them boring and repetative. GATT, the Gentoo Arch Testing Tool, developed by Matthias Langer is introduced as a utility to automatically deal with many of the tasks an Arch Tester would face. Its functions are examined and a screencast made showing GATT in action.

Linux 2.6.23

To coincide with the new release of the kernel, Daniel Drake, the gentoo-sources maintainer, lists the the changes in this release over 2.6.22. This includes the replacement of vesafb-tng with uvesafb.

Gentoo Forums

Choice of Kernel

A lighthearted thread with a poll sets to find out which variety of the kernel most Gentoo users prefer. gentoo-sources are the most popular, but a significant proportion use something else. What do you use?

The Gospel of Blocked Packages

A thread was started on the Gentoo Forums, with the common question of how to deal with blockers, in this instance kdebase-kioslaves. Its method of presentation however was more creative than usual, using a biblical dialog between an individual and Portage as the device to convey the difficulty faces in finding a solution. The style was continued by some responders to the thread, making for an entertaining read.

2.  Gentoo in the Press

fit-PC

ExtremeTech reviewed the fit-PC, a tiny AMD Geode-based system that consumes only 3-5W of power - and only costs $285. Despite its tiny size, it packs in a 40GB hard drive, two ethernet ports, two USB ports, a VGA connector, audio jacks, and 256MB memory, making it perfect for use as a dedicated web browser/email machine, a firewall/router, and other non-intensive tasks. The fit-PC supports either Linux or Windows, and is rumored to be available with Gentoo Linux.

Although manufacturer CompuLab has already sold out of the fit-PC, more units should be available later in December.

3.  Tips and Tricks

Apache Configs shortened -- mod_macro overview

Many people have lengthy configs stating the same blocks over and over again just changed by domain name and home directory.

A bit in the dark this problem has been adressed by Fabien Coelho.

I hate copy-paste. When configuring the apache server I often have to copy-paste some parts, especially with virtual hosts to enable similar features or options. In order to avoid this, I would need some kind of macro capabilities in the server runtime configuration files. [...]

—Fabien Coelho

To stay with the philosophy of keeping simple, he just introduced two new "commands":

  • <Macro ...> ... </Macro>
  • Use ...

So let's get to a real-world example:

Code Listing 3.1: Sample mod_macro usage

<Macro VHostCGI $customer $domain>
<VirtualHost $domain:80>
  ServerName $domain
  ServerAlias www.$domain
  DocumentRoot /vaw/www/$customer/docroot/$domain/
  ScriptAlias /cgi-bin/ /var/www/$customer/cgi-bin/
  ErrorLog /var/log/apache/$customer/logs/$domain-error.log
  CustomLog /var/log/apache/$customer/logs/$domain-access.log combined
  <Directory /var/www/$customer/cgi-bin/>
    Options ExecCGI
  </Directory>
</VirtualHost>
</Macro>

Use VHostCGI customer1 example.com
Use VHostCGI customer15 sample.net
Use VHostCGI customer122 iamanexampletoo.org

Another example would be locking some directories if applicable:

Code Listing 3.2: An alternate example of mod_macro usage

<Macro PasswordProtect>
AuthName "Restricted area"
AuthType Basic
AuthUserFile /var/www/.htpasswd
require valid-user
</Macro>

<Directory /var/www/localhost/docroot>
  Options Indexes
</Directory>
<Directory /var/www/localhost/docroot/internal>
  Use PasswordProtect
  Options -Indexes
</Directory>
<Directory /var/www/localhost/docroot/downloads>
  Use PasswordProtect
  Options +FollowSymLinks
</Directory>

As you can see, you can easily overview what happens and you don't need any copy & paste sections :)

To get it going on Gentoo, just do emerge mod_macro and enable it in etc/conf.d/apache with -D MACRO

More information about the module can be found at its homepage

4.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • none this week

Adds

The following developers recently joined the Gentoo project:

  • none this week

Changes

The following developers recently changed roles within the Gentoo project:

  • none this week

5.  Gentoo security

KDM: Local privilege escalation

KDM allows logins without password under certain circumstances allowing a local user to gain elevated privileges.

For more information, please see the GLSA Announcement

X.Org X server: Composite local privilege escalation

A vulnerability has been discovered in the Composite extension of the X.Org X server, allowing for a local privilege escalation.

For more information, please see the GLSA Announcement

Balsa: Buffer overflow

Balsa is vulnerable to a buffer overflow allowing for the user-assisted execution of arbitrary code.

For more information, please see the GLSA Announcement

util-linux: Local privilege escalation

The mount and umount programs might allow local attackers to gain root privileges.

For more information, please see the GLSA Announcement

The Sleuth Kit: Integer underflow

An integer underflow vulnerability has been reported in The Sleuth Kit allowing for the user-assisted execution of arbitrary code.

For more information, please see the GLSA Announcement

PDFKit, ImageKits: Buffer overflow

PDFKit and ImageKits are vulnerable to an integer overflow and a stack overflow allowing for the user-assisted execution of arbitrary code.

For more information, please see the GLSA Announcement

TikiWiki: Arbitrary command execution

Tikiwiki contains a command injection vulnerability which may allow remote execution of arbitrary code.

For more information, please see the GLSA Announcement

TRAMP: Insecure temporary file creation

The TRAMP package for GNU Emacs insecurely creates temporary files.

For more information, please see the GLSA Announcement

Star: Directory traversal vulnerability

A directory traversal vulnerability has been discovered in Star.

For more information, please see the GLSA Announcement

OpenOffice.org: Heap-based buffer overflow

A heap-based buffer overflow vulnerability has been discovered in OpenOffice.org, allowing for the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

MLDonkey: Privilege escalation

The Gentoo MLDonkey ebuild adds a user to the system with a valid login shell and no password.

For more information, please see the GLSA Announcement

HPLIP: Privilege escalation

The hpssd daemon might allow local attackers to execute arbitrary commands with root privileges.

For more information, please see the GLSA Announcement

ImageMagick: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in ImageMagick, possibly resulting in arbitrary code execution or a Denial of Service.

For more information, please see the GLSA Announcement

Qt: Buffer overflow

An off-by-one vulnerability has been discovered in Qt, possibly resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code

A format string error has been discovered in Sylpheed and Claws Mail, potentially leading to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

6.  Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Removals:

Package: Removal date: Contact:
www-client/planet 10 Oct 2007 Steve Dibb
games-sports/sturmbahnfahrer 14 Oct 2007 Michael Sterrett

Additions:

Package: Addition date: Contact:
sys-kernel/kccmp 08 Oct 2007 Mike Pagano
dev-php/PEAR-Text_Figlet 08 Oct 2007 Anant Narayanan
dev-php/PEAR-Image_Text 08 Oct 2007 Anant Narayanan
dev-php/PEAR-Text_CAPTCHA 08 Oct 2007 Anant Narayanan
net-im/jabberd2 08 Oct 2007 Krzysiek Pawlik
x11-themes/camaelon-themes 08 Oct 2007 Bernard Cafarelli
media-plugins/vdr-menuorg 08 Oct 2007 Matthias Schwarzott
virtual/editor 10 Oct 2007 Christian Faulhammer
profiles/default-darwin 10 Oct 2007 Christian Faulhammer
profiles/embedded 10 Oct 2007 Christian Faulhammer
virtual/blas 10 Oct 2007 Sebastien Fabbro
virtual/cblas 10 Oct 2007 Sebastien Fabbro
app-portage/portpeek 10 Oct 2007 Mike Pagano
dev-python/pygtksourceview 10 Oct 2007 Rémi Cardona
app-office/rubrica 10 Oct 2007 Christian Faulhammer
app-text/rarian 12 Oct 2007 Rémi Cardona
app-emacs/bm 13 Oct 2007 Ulrich Müller
java-virtuals/javamail 14 Oct 2007 Alistair Bush
app-text/texlive-core 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-base 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-basic 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-latex 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-fontsrecommended 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-fontsextra 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-metapost 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langgreek 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-context 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-bibtexextra 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-latex3 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-pstricks 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-formatsextra 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-omega 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-xetex 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-texinfo 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-science 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-publishers 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-psutils 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-plainextra 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-pictures 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-music 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-mathextra 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-latexrecommended 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-latexextra 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-games 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-humanities 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-genericrecommended 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-genericextra 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-htmlxml 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-bulgarian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langafrican 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langarab 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langarmenian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-chinese 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langcjk 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langcroatian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langcyrillic 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langczechslovak 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langdanish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langdutch 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langfinnish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langfrench 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langgerman 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langhebrew 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langhungarian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langindic 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langitalian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langlatin 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langmanju 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langmongolian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langnorwegian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langother 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langpolish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langportuguese 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langspanish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langswedish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langtibetan 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langukenglish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-langvietnamese 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-czechslovak 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-dutch 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-english 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-finnish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-french 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-german 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-greek 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-italian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-japanese 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-korean 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-mongolian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-polish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-portuguese 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-russian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-spanish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-thai 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-turkish 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-ukrainian 14 Oct 2007 Alexis Ballier
dev-texlive/texlive-documentation-vietnamese 14 Oct 2007 Alexis Ballier
virtual/latex-base 14 Oct 2007 Alexis Ballier
net-print/cupsddk 14 Oct 2007 Wolfram Schlich
net-p2p/btg 14 Oct 2007 Christoph Mende

Last Rites

Package: Removal date: Contact:
dev-lang/anubis 08 Nov 2007 Samuli Suominen
app-emacs/ses 09 Nov 2007 Ulrich Mueller
app-editors/pico 10 Nov 2007 Christian Faulhammer
app-misc/gfontview 10 Nov 2007 Stefan Schweizer
sys-kernel/ck-sources 10 Nov 2007 Michael Marineau

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 07 October 2007 and 13 October 2007, activity on the site has resulted in:

  • 473 new bugs during this period
  • 291 bugs closed or resolved during this period
  • 19 previously closed bugs were reopened this period
  • 79 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 82 bugs marked as duplicates during this period

Of the 9617 currently open bugs: 11 are labeled 'blocker', 102 are labeled 'critical', and 331 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated October 15, 2007

Summary: This is the Gentoo Weekly Newsletter for the week of 15 October 2007.

Chris Gianelloni
Editor

Christina Gianelloni
Editor

Peter Weller
Editor

Mark Kowarsky
Author

Joshua Saddler
Author

Markus Ullmann
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.