Weekly Edition
Return to the Distributions page
| |||||||||||||
Gentoo Weekly Newsletter - Volume 2, Issue 47
--------------------------------------------------------------------------- Gentoo Weekly Newsletter http://www.gentoo.org/news/en/gwn/current.xml This is the Gentoo Weekly Newsletter for the week of November 24th, 2003. --------------------------------------------------------------------------- ============== 1. Gentoo News ============== Summary ------- * Gentoo Managers' Meeting Summary - 17 November 2003 * Gentoo Desktop update Gentoo Managers' Meeting Summary - 17 November 2003 --------------------------------------------------- A log[1] and summary[2] of last week's Managers' Meeting have been posted on the Gentoo Managers' Meetings[3] page. During the meeting, three issues were discussed before the floor was opened. First, Daniel Robbins[4] spoke about Catalyst, a new system for building LiveCDs and stage tarballs. Catalyst, a rewrite of the original "stager" code used to build the stage1, stage2, and stage3 tarballs, will be a single modular program able to reliably and repeatably build stages, livecds, and package sets for all architectures. Next, Sven Vermeulen[5] announced that the installation section of the Gentoo Handbook[6] was ready for mass consumption. Finally, infrastructure lead Kurt Lieber[7] asked what was being done to facilitate QA for Gentoo, and was answered by Seemant Kulleen[8], who said that releng was handling QA by developing catalyst and similar tools, and that ideas were being tossed around in #gentoo-qa and in conversations with developers. 1. http://www.gentoo.org/proj/en/devrel/manager-meetings/logs/2003/20031117.tx t 2. http://www.gentoo.org/proj/en/devrel/manager-meetings/summaries/2003/200311 17.xml 3. http://www.gentoo.org/proj/en/devrel/manager-meetings/ 4. drobbins@gentoo.org 5. swift@gentoo.org 6. http://www.gentoo.org/doc/en/handbook/index.xml 7. klieber@gentoo.org 8. seemant@gentoo.org Gentoo Desktop update --------------------- Status Report There has been quite a bit of work done in the Gentoo Desktop world during the last several weeks. A number of developers from the Gentoo Desktop team have banded together to ensure that every package pertaining to running Gentoo on the desktop is sufficiently maintained. This team has begun forming new herds (collections of related ebuilds maintained by a group of interested developers), updating forgotten packages to newer versions, testing said packages, marking some of them stable, and closing bugs. The current target categories are x11-misc, x11-wm, and x11-plugins. Who wants to be a Gentoo Developer? We are looking for at least two intelligent, dedicated people to join in this effort. First, the KDE team is short of help, and would appreciate an able volunteer. Second, the gnustep herd, which comprises gnustep, afterstep, windowmaker, and some related apps, is fairly inactive, so we would like one more person to fill this position. Other positions may be available, so don't hesitate to contact tseng on IRC at #gentoo-desktop, or send an email to Brandon Hale[9]. 9. tseng@gentoo.org Qualified applicants will preferably be long-time users of Linux as a desktop OS. Strong troubleshooting skills are required, as the selected applicants will be working to resolve bug reports from other users. Familiarity with Bugzilla and cvs are also a plus, and fluency in the English language is greatly preferred. ================================= 2. Featured Developer of the Week ================================= Featured Developer is on hiatus this week. ================== 3. Gentoo Security ================== GLSA: apache ------------ Quote from http://httpd.apache.org/dev/dist/Announcement: This version of Apache is principally a bug and security fix release. A partial summary of the bug fixes is given at the end of this document. A full listing of changes can be found in the CHANGES file. Of particular note is that 1.3.29 addresses and fixes 1 potential security issue: * CAN-2003-0542 (cve.mitre.org): Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. We consider Apache 1.3.29 to be the best version of Apache 1.3 available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family. * Packages Affected: <apache-1.3.29 * Rectification: emerge sync; emerge -pv apache; emerge '>=net-www/apache-1.3.29'; emerge clean; /etc/init.d/apache restart * GLSA Announcement[10] 10. http://article.gmane.org/gmane.linux.gentoo.announce/263 GLSA: kdebase ------------- Firstly, versions of KDM <= 3.1.3 are vulnerable to a privilege escalation bug with a specific configuration of PAM modules. Users who do not use PAM with KDM and users who use PAM with regular Unix crypt/MD5 based authentication methods are not affected. Secondly, KDM uses a weak cookie generation algorithm. It is advised that users upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable source of entropy to improve security. Please look at http://www.kde.org/info/security/advisory-20030916-1.txt for the KDE Security Advisory and source patch locations for older versions of KDE. * Packages Affected: <=3.1.3 * Rectification: emerge --sync; emerge '>=kde-base/kde-3.1.4'; emerge clean * GLSA Announcement[11] 11. http://article.gmane.org/gmane.linux.gentoo.announce/264 GLSA: opera ----------- The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the malicious HREF on a web site. Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for further details. * Severity: High - buffer overflows rendering certain HREFs * Packages Affected: 7.11, 7.20 * Rectification: emerge --sync; emerge '>=net-www/opera-7.22'; emerge clean * GLSA Announcement[12] 12. http://article.gmane.org/gmane.linux.gentoo.announce/265 GLSA: hylafax ------------- During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default hylafax configuration. SuSE-SA:2003:045 outlines the problem, and is available at http://lwn.net/Articles/57562/ * Severity: Normal - Remote code exploit untriggerable in default configuration * Packages Affected: <=4.1.7 * Rectification: emerge --sync; emerge '>=net-misc/hylafax-4.1.8'; emerge clean * GLSA Announcement[13] 13. http://article.gmane.org/gmane.linux.gentoo.announce/266 New Security Bug Reports ------------------------ The following new security bugs were posted this week: * sys-libs/pam[14] * net-www/jboss[15] * sys-libs/pam[16] 14. http://bugs.gentoo.org/show_bug.cgi?id=28407 15. http://bugs.gentoo.org/show_bug.cgi?id=30554 16. http://bugs.gentoo.org/show_bug.cgi?id=31877 ========================= 4. Heard in the Community ========================= Beyond X "Can I use this without blowing a hole in my PC?" was the spontaneous first reaction to port001[17]'s announcement of ebuilds for Keith Packard's alternative Xserver[18] (formerly known as kdrive), including the Render extension and a 32 bits X Visual for presenting alpha-blended content to the screen. The forum thread started last Sunday, is quite lively and an absolute must for anyone who wants to have a go at translucent windows... The ebuild's actual author spyderous[19] and thread initiator port001 are still around answering questions: 17. http://forums.gentoo.org/profile.php?mode=viewprofile&u=11355 18. http://freedesktop.org/Software/xserver 19. http://forums.gentoo.org/profile.php?mode=viewprofile&u=16592 * Freedesktop.org XServer ebuilds[20] * Spyderous' repository and instructions[21] 20. http://forums.gentoo.org/viewtopic.php?t=106391 21. http://dev.gentoo.org/~spyderous/overlay-freedesktop Power Profiles for Laptops Well rooted in the tradition of donating excellent documentation to the Forum section of the same name, optilude[22] has deposited a collection of scripts for power management on laptop and notebooks, addressing CPU frequency throttles and backlight adjustments, but potentially including other funtions, too.: 22. http://forums.gentoo.org/profile.php?mode=viewprofile&u=1707 * [SCRIPTS] Power profiles for laptops[23] 23. http://forums.gentoo.org/viewtopic.php?t=106835 gentoo-user ----------- Dangers of unmerging? Quoting the Portage Manual: 'Unmerging packages can be dangerous...removal of various libraries may cause software to fail". User list member Jason presented that this is a fundamental shortcoming in Portage. Check out how others felt about this topic here[24]. 24. http://article.gmane.org/gmane.linux.gentoo.user/55063 ======================= 5. Gentoo International ======================= Vienna Gentoo Linux Users Group (VGLUG) Meeting in December The Vienna crowd continues to pick the strangest of places for their venues. This time (Tuesday 2 December, 19:00 hours) it's going to be at the Cafe Oskar[25], a peculiar joint where - judging from the pictures on their website - part of the crowd consistently seems to enjoy dancing on tables while being inappropriately clad for temperatures outside. Stow those notebooks away, Gentoomen... Questions, remarks, RSVPs to the Forum coordination thread[26]. 25. http://oskar-cafe.at 26. http://forums.gentoo.org/viewtopic.php?p=659182#659182 ================ 6. Portage Watch ================ Portage Watch is on hiatus this week. =========== 7. Bugzilla =========== Summary ------- * Statistics * Closed Bug Ranking * New Bug Rankings Statistics ---------- The Gentoo community uses Bugzilla (bugs.gentoo.org[27]) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 14 November 2003 and 20 November 2003, activity on the site has resulted in: 27. http://bugs.gentoo.org * 457 new bugs during this period * 296 bugs closed or resolved during this period * 11 previously closed bugs were reopened this period Of the 4145 currently open bugs: 106 are labeled 'blocker', 189 are labeled 'critical', and 319 are labeled 'major'. Closed Bug Rankings ------------------- The developers and teams who have closed the most bugs during this period are: * AMD64 Porting Team[28], with 39 closed bugs[29] * Markus Nigbur[30], with 15 closed bugs[31] * Mozilla Gentoo Team[32], with 12 closed bugs[33] * Gentoo Games[34], with 12 closed bugs[35] * Gentoo KDE Team[36], with 11 closed bugs[37] * Portage Team[38], with 11 closed bugs[39] 28. amd64@gentoo.org 29. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch field=bug_status&chfieldfrom=2003-11-14&chfieldto=2003-11-20&resolution=FIX ED&assigned_to=amd64@gentoo.org 30. pYrania@gentoo.org 31. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch field=bug_status&chfieldfrom=2003-11-14&chfieldto=2003-11-20&resolution=FIX ED&assigned_to=pYrania@gentoo.org 32. mozilla@gentoo.org 33. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch field=bug_status&chfieldfrom=2003-11-14&chfieldto=2003-11-20&resolution=FIX ED&assigned_to=mozilla@gentoo.org 34. games@gentoo.org 35. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch field=bug_status&chfieldfrom=2003-11-14&chfieldto=2003-11-20&resolution=FIX ED&assigned_to=games@gentoo.org 36. kde@gentoo.org 37. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch field=bug_status&chfieldfrom=2003-11-14&chfieldto=2003-11-20&resolution=FIX ED&assigned_to=kde@gentoo.org 38. dev-portage@gentoo.org 39. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch field=bug_status&chfieldfrom=2003-11-14&chfieldto=2003-11-20&resolution=FIX ED&assigned_to=dev-portage@gentoo.org New Bug Rankings ---------------- The developers and teams who have been assigned the most new bugs during this period are: * Net-Dialup Team[40], with 15 new bugs[41] * Net-Mail Packages[42], with 13 new bugs[43] * Martin Schlemmer[44], with 13 new bugs[45] * Portage team[46], with 8 new bugs[47] 40. net-dialup@gentoo.org 41. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-11-14&chfieldto=2003-11 -20&assigned_to=net-dialup@gentoo.org 42. net-mail@gentoo.org 43. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-11-14&chfieldto=2003-11 -20&assigned_to=net-mail@gentoo.org 44. azarah@gentoo.org 45. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-11-14&chfieldto=2003-11 -20&assigned_to=azarah@gentoo.org 46. dev-portage@gentoo.org 47. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s tatus=REOPENED&chfield=assigned_to&chfieldfrom=2003-11-14&chfieldto=2003-11 -20&assigned_to=dev-portage@gentoo.org ================== 8. Tips and Tricks ================== Killing a Hung Virtual Console This week's tip shows you how to restore a hung virtual console (without rebooting). To do this, you need sys-apps/lsof from portage. Using lsof, find the login processes of the hung console. --------------------------------------------------------------------------- | Code Listing 8.1: | | Example: (hung console is /dev/vc/3) | --------------------------------------------------------------------------- | | |# lsof /dev/vc/3 | |COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME | |login 7114 root 0u CHR 4,3 17 /dev/vc/3 | |login 7114 root 1u CHR 4,3 17 /dev/vc/3 | |login 7114 root 2u CHR 4,3 17 /dev/vc/3 | |zsh 30630 david 0u CHR 4,3 17 /dev/vc/3 | |zsh 30630 david 1u CHR 4,3 17 /dev/vc/3 | |zsh 30630 david 2u CHR 4,3 17 /dev/vc/3 | |zsh 30630 david 10u CHR 4,3 17 /dev/vc/3 | | | --------------------------------------------------------------------------- Kill the processes associated with this login and the console should respawn. --------------------------------------------------------------------------- | Code Listing 8.2: | | Killing the virtual console processes | --------------------------------------------------------------------------- | | | # kill -9 7114 30630 | | | --------------------------------------------------------------------------- ========================== 9. Moves, Adds and Changes ========================== Moves ----- The following developers recently left the Gentoo team: * none this week Adds ---- The following developers recently joined the Gentoo Linux team: * none this week Changes ------- The following developers recently changed roles within the Gentoo Linux project. * none this week ===================== 10. Contribute to GWN ===================== Interested in contributing to the Gentoo Weekly Newsletter? Send us an email[48]. 48. gwn-feedback@gentoo.org ================ 11. GWN Feedback ================ Please send us your feedback[49] and help make the GWN better. 49. gwn-feedback@gentoo.org ================================ 12. GWN Subscription Information ================================ To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under. =================== 13. Other Languages =================== The Gentoo Weekly Newsletter is also available in the following languages: * Dutch[50] * English[51] * German[52] * French[53] * Japanese[54] * Italian[55] * Polish[56] * Portuguese (Brazil)[57] * Portuguese (Portugal)[58] * Russian[59] * Spanish[60] * Turkish[61] 50. http://www.gentoo.org/news/be/gwn/gwn.xml 51. http://www.gentoo.org/news/en/gwn/gwn.xml 52. http://www.gentoo.org/news/de/gwn/gwn.xml 53. http://www.gentoo.org/news/fr/gwn/gwn.xml 54. http://www.gentoo.org/news/ja/gwn/gwn.xml 55. http://www.gentoo.org/news/it/gwn/gwn.xml 56. http://www.gentoo.org/news/pl/gwn/gwn.xml 57. http://www.gentoo.org/news/br/gwn/gwn.xml 58. http://www.gentoo.org/news/pt/gwn/gwn.xml 59. http://www.gentoo.org/news/ru/gwn/gwn.xml 60. http://www.gentoo.org/news/es/gwn/gwn.xml 61. http://www.gentoo.org/news/tr/gwn/gwn.xml Yuji Carlos Kosugi <carlos@gentoo.org> - Editor AJ Armstrong <aja@clanarmstrong.com> - Contributor Brian Downey <bdowney@briandowney.net> - Contributor Luke Giuliani <cold_flame@email.com> - Contributor Shawn Jonnet <shawn.jonnet@verizon.net> - Contributor Michael Kohl <citizen428@gentoo.org> - Contributor Kurt Lieber <klieber@gentoo.org> - Contributor Rafael Cordones Marcos <rcm@sasaska.net> - Contributor David Narayan <david@phrixus.net> - Contributor Gerald J Normandin Jr. <gerrynjr@gentoo.org> - Contributor Ulrich Plate <plate@gentoo.org> - Contributor Mathy Vanvoorden <matje@lanzone.be> - Dutch Translation Hendrik Eeckhaut <Hendrik.Eeckhaut@UGent.be> - Dutch Translation Jorn Eilander <sephiroth@quicknet.nl> - Dutch Translation Bernard Kerckenaere <bernieke@bernieke.com> - Dutch Translation Peter ter Borg <peter@daborg.nl> - Dutch Translation Jochen Maes <linux@sejo.be> - Dutch Translation Roderick Goessen <rgoessen@home.nl> - Dutch Translation Gerard van den Berg <gerard@steelo.net> - Dutch Translation Matthieu Montaudouin <mat@frheaven.com> - French Translation Xavier Neys <neysx@gentoo.org> - French Translation Martin Prieto <riverdale@linuxmail.org> - French Translation Antoine Raillon <cabec2@pegase.net> - French Translation Sebastien Cevey <seb@cine7.net> - French Translation Jean-Christophe Choisy <mabouya@petitefleure.org> - French Translation Thomas Raschbacher <lordvan@gentoo.org> - German Translation Steffen Lassahn <madeagle@gentoo.org> - German Translation Matthias F. Brandstetter <haim@gentoo.org> - German Translation Lukas Domagala <Cyrik@gentoo.org> - German Translation Tobias Scherbaum <dertobi123@gentoo.org> - German Translation Daniel Gerholdt <Sputnik1969@gentoo.org> - German Translation Marc Herren <dj-submerge@gentoo.org> - German Translation Tobias Matzat <SirSeoman@gentoo.org> - German Translation Marco Mascherpa <mush@monrif.net> - Italian Translation Claudio Merloni <paper@tiscali.it> - Italian Translation Christian Apolloni <bsolar@bluewin.ch> - Italian Translation Stefano Lucidi <stefano.lucidi@gentoo-italia.org> - Italian Translation Yoshiaki Hagihara <hagi@p1d.com> - Japanese Translation Katsuyuki Konno <katuyuki@siva.ddo.jp> - Japanese Translation Yuji Carlos Kosugi <carlos@gentoo.org> - Japanese Translation Yasunori Fukudome <yasunori@mail.portland.co.uk> - Japanese Translation Takashi Ota <088@t.email.ne.jp> - Japanese Translation Radoslaw Janeczko <sototh@gts.pl> - Polish Translation Lukasz Strzygowski <lucass.home@pf.pl> - Polish Translation Michal Drobek <veng@wp.pl> - Polish Translation Adam Lyjak <apo@cyberpunk.net.pulawy.pl> - Polish Translation Krzysztof Klimonda <cthulhu@emusearch.net> - Polish Translation Atila "Jedi" Bohlke Vasconcelos <bohlke@inf.ufrgs.br> - Portuguese (Brazil) Translation Eduardo Belloti <dudu@datavibe.net> - Portuguese (Brazil) Translation Jo達o Rafael Moraes Nicola <joaoraf@rudah.com.br> - Portuguese (Brazil) Translation Marcelo Gon巽alves de Azambuja <mgazambuja@terra.com.br> - Portuguese (Brazil) Translation Otavio Rodolfo Piske <angusy@gentoobr.org> - Portuguese (Brazil) Translation Pablo N. Hess -- NatuNobilis <natunobilis@gentoobr.org> - Portuguese (Brazil) Translation Pedro de Medeiros <pzilla@yawl.com.br> - Portuguese (Brazil) Translation Ventura Barbeiro <venturasbarbeiro@ig.com.br> - Portuguese (Brazil) Translation Bruno Ferreira <blueroom@digitalmente.net> - Portuguese (Portugal) Translation Gustavo Felisberto <humpback@felisberto.net> - Portuguese (Portugal) Translation Jos辿 Costa <jose_costa@netcabo.pt> - Portuguese (Portugal) Translation Luis Medina <metalgodin@linuxmail.org> - Portuguese (Portugal) Translation Ricardo Loureiro <rjlouro@rjlouro.org> - Portuguese (Portugal) Translation Sergey Galkin <gals_home@list.ru> - Russian Translator Sergey Kuleshov <svyatogor@gentoo.org> - Russian Translator Alex Spirin <asp13@mail.ru> - Russian Translator Dmitry Suzdalev <dimsuz@mail.ru> - Russian Translator Anton Vorovatov <mazurous@mail.ru> - Russian Translator Denis Zaletov <dzaletov@rambler.ru> - Russian Translator Lanark <lanark@lanark.com.ar> - Spanish Translation Fernando J. Pereda <ferdy@ferdyx.org> - Spanish Translation Lluis Peinado Cifuentes <lpeinado@uoc.edu> - Spanish Translation Zephryn Xirdal T <ZEPHRYNXIRDAL@telefonica.net> - Spanish Translation Guillermo Juarez <katossi@usuarios.retecal.es> - Spanish Translation Jes炭s Garc鱈a Crespo <correo@sevein.com> - Spanish Translation Carlos Castillo <carlos@castillobueno.com> - Spanish Translation Julio Castillo <julio@castillobueno.com> - Spanish Translation Sergio G坦mez <s3r@fibertel.com.ar> - Spanish Translation Aycan Irican <aycan@core.gen.tr> - Turkish Translation Bugra Cakir <bugra@myrealbox.com> - Turkish Translation Cagil Seker <cagils@biznet.com.tr> - Turkish Translation Emre Kazdagli <emre@core.gen.tr> - Turkish Translation Evrim Ulu <evrim@core.gen.tr> - Turkish Translation Gursel Kaynak <gurcell@core.gen.tr> - Turkish Translation (Log in to post comments)
|
|||||||||||||