Gentoo Weekly Newsletter 20 September 2004

   Gentoo Weekly Newsletter: September 20, 2004

   1. Gentoo News

   First Official Gentoo User Survey

   The Gentoo User Survey has been released. This survey is meant to get
   some feedback from Gentoo Linux users and give us a feel on how Gentoo
   is being used and what we can do to improve. The survey should take
   around ten minutes to complete and will be available through the rest
   of September. Upon registering for the survey at our new [1]Survey
   site an activation code will be sent to your email address.

   Forum Platform Embellishments

   As reported three weeks ago, the forums [2]have been moved to new
   hardware lately. However, many users were still experiencing
   [3]sluggish behaviour. Now the Forum administrators have looked a
   little closer into this and started to analyse the problem. They
   decided not to prune forums because they don't wanted to lose any
   information that could be of any help to the users. Analysis of the
   database showed that some tables had become very choppy and filled
   with search terms hardly anyone would ever use for a search, or the
   terms, if used at all, wouldn't produce usable results. [4]Robert Coie
   created a list containing the top 256 words used in posts and broke it
   down to only a handful of useful search terms. On Wednesday last week,
   15 September, he [5]dropped all useless words from the wordmatch
   tables and registered them in the stopword list so that in future
   these words will stay ignored. Rac thus reduced search index volume by
   about 20 percent, and the forums became much snappier immediately.

   Benefitting from the few hours that the Forums were read-only on that
   same day, fellow admin [6]Christian Hartmann applied some patches to
   the phpBB sources that reduce the hits on the database server by
   caching and prestoring those tables almost every page relies on. The
   patches make the Forum software query the database server about 50,000
   times less per hour. The search for more opportunities to tweak
   performance is still on, with the aim of pushing the Forum's
   responsiveness even beyond the level of three years ago when there was
   only a handful of users.

   2. Gentoo Security

   Samba: Denial of Service vulnerabilities

   Two Denial of Service vulnerabilities have been found and fixed in
   Samba.

   For more information, please see the [7]GLSA Announcement

   SUS: Local root vulnerability

   SUS contains a string format bug that could lead to local privilege
   escalation.

   For more information, please see the [8]GLSA Announcement

   cdrtools: Local root vulnerability in cdrecord if set SUID root

   cdrecord, if manually set SUID root, is vulnerable to a local root
   exploit allowing users to escalate privileges.

   For more information, please see the [9]GLSA Announcement

   Heimdal: ftpd root escalation

   Several bugs exist in the Heimdal ftp daemon which could allow a
   remote attacker to gain root privileges.

   For more information, please see the [10]GLSA Announcement

   mpg123: Buffer overflow vulnerability

   mpg123 decoding routines contain a buffer overflow bug that might lead
   to arbitrary code execution.

   For more information, please see the [11]GLSA Announcement

   Apache 2, mod_dav: Multiple vulnerabilities

   Several vulnerabilities have been found in Apache 2 and mod_dav for
   Apache 1.3 which could allow a remote attacker to cause a Denial of
   Service or a local user to get escalated privileges.

   For more information, please see the [12]GLSA Announcement

   phpGroupWare: XSS vulnerability in wiki module

   The phpGroupWare software contains a cross site scripting
   vulnerability in the wiki module.

   For more information, please see the [13]GLSA Announcement

   SnipSnap: HTTP response splitting

   SnipSnap is vulnerable to HTTP response splitting attacks such as web
   cache poisoning, cross-user defacement, and cross-site scripting.

   For more information, please see the [14]GLSA Announcement

   3. Featured Developer of the Week

   NN - Your Name Here?

   No featured developer this week. If you're a Gentoo developer and you
   would like to see your portrait here, please contact [15]the GWN team.

   4. Heard in the Community

   gentoo-user

   Comparing Gentoo with Debian

   Just about everyone in the Linux community has heard of Debian Linux.
   It has been a cornerstone in the Linux distribution world. This week,
   a rather diverse thread developed from the question of what advantages
   Gentoo has over Debian. In the end it really all comes down to
   personal choice; and whatever distribution is right for the job.
     * [16]vs. Debian

   gentoo-dev

   GCC 3.4 goes ~x86

   After much discussion, GCC 3.4.0 is considered stable enough to be
   used in ~x86. A few apps like OpenOffice and Sun Java2 SDK still break
   since GCC 3.4 has stricter syntax checking. It still has some SSE2
   bugs, too, most noticeable in xorg / xfree, and some 64bit bugs,
   resulting in some package up/down/cross-grading.
     * [17]GCC 3.4 goes ~x86

   Portage 2.0.51 becoming stable

   The .51 series of portage has reached _pre23 and is now considered
   almost stable enough for most uses. Among the many changes are
   performance enhancements (faster dependency calculation), some cool
   new features (rebuilding of packages when USE flags have changed, GPG
   signature verification) and FHS compliance have been introduced.
     * [18]Portage 2.0.51 becoming stable

   experimental ConfCache patch

   Stuart Herbert writes: "GNU autoconf is a bottleneck for compiling
   packages - especially on multi-processor boxes. It supports the idea
   of a cache, but provides no tools for maintaining the cache at all.
   I've put together an experimental patch for Portage 2.0.50-r10, which
   maintains a cache for configure to reuse."
     * [19]experimental ConfCache patch

   Portage prelink patch?

   Every now and then requests for direct portage support for prelink are
   heard. As it seems, this functionality is mostly included, but still
   not completely supported. The best course of action now seems to be
   running prelink manually after large updates.
     * [20]Portage prelink patch?

   5. Gentoo International

   Germany: International Gentoo PPC Developer Meeting 30 September

   [21]Kransberg Castle is going to be the venue for an impromptu
   GentooPPC developer meeting scheduled for the 30th of this month.
   Hosted by GWN editor Ulrich Plate, at least five Gentoo PPC developers
   including Damien Krotkine (France), David Holm (Sweden), Luca Barbato
   (Italy), Lars Weiler (Germany) and Bryon Roche (USA) will have dinner,
   drinks and talks all evening, starting around 19:00. Benjamin Judas of
   Gentoo Release Enginering will make a special appearance, too. The
   event marks the closing day of the [22]Freescale Smart Networks
   Developer Conference in near-by Frankfurt, and it's open for people
   with an interest in Gentoo PPC, active developers and users alike. If
   you happen to be in the area and would like to attend the meeting,
   register with [23]Ulrich Plate, especially if you need accomodation.

   6. Bugzilla

   Summary
     * [24]Statistics
     * [25]Closed Bug Ranking
     * [26]New Bug Rankings

   Statistics

   The Gentoo community uses Bugzilla ([27]bugs.gentoo.org) to record and
   track bugs, notifications, suggestions and other interactions with the
   development team. Between 12 September 2004 and 18 September
   2004,activity on the site has resulted in:
     * 729 new bugs during this period
     * 289 bugs closed or resolved during this period
     * 25 previously closed bugs were reopened this period

   Of the 7369 currently open bugs: 140 are labeled 'blocker', 216 are
   labeled 'critical', and 589 are labeled 'major'.

   Closed Bug Rankings

   The developers and teams who have closed the most bugs during this
   period are:
     * [28]Gentoo Games, with 19 [29]closed bugs
     * [30]Jeremy Huddleston, with 18 [31]closed bugs
     * [32]Gentoo KDE team, with 17 [33]closed bugs
     * [34]Java team, with 16 [35]closed bugs
     * [36]Gentoo Security, with 13 [37]closed bugs
     * [38]AMD64 Porting Team, with 10 [39]closed bugs
     * [40]GCC Porting Team, with 8 [41]closed bugs
     * [42]Alpha Porters, with 8 [43]closed bugs

   New Bug Rankings

   The developers and teams who have been assigned the most new bugs
   during this period are:
     * [44]Net-Mail Packages, with 25 [45]new bugs
     * [46]Gentoo X-windows packagers, with 20 [47]new bugs
     * [48]Gentoo's Team for Core System packages, with 17 [49]new bugs
     * [50]Gentoo KDE team, with 15 [51]new bugs
     * [52]Portage team, with 15 [53]new bugs
     * [54]Mozilla Gentoo Team, with 14 [55]new bugs
     * [56]Gentoo Linux Gnome Desktop Team, with 14 [57]new bugs
     * [58]AMD64 Porting Team, with 12 [59]new bugs

   7. Tips and Tricks

   Using Unison to Synchronize Two Directories

   A very common question often asked in the Forums and on IRC is how to
   synchronize directories and files on a host or between different
   hosts. [60]Unison is a robust user-level file-synchronization tool
   that works cross-platform available under the GNU Public License.

   Unison offers a textural interface an an interface based on Gtk. If
   you want to use the Gtk interface make sure to compile unison with gtk
   useflag enabled.

   Code listing 7.1: Install unison
   # emerge unison

   To get in touch with the usage of unison we’ll create two
   directories, create some files and sync them with the help of unison.

   Code listing 7.2: Creating some test files and directories
# mkdir testdir1
# touch testdir1/foo testdir1/bar
# mkdir testdir1/null
# touch testdir1/null/foobar
# mkdir testdir2

   Now we want to synchronize testdir1 and testdir2 so that these
   directorys will contain the same files after unison finishes.

   Code listing 7.3: Running unison for the first time
// We will use the textclient in this example:
# unison -ui text testdir1 testdir2
[...]
testdir1       testdir2
file     ---->            bar  [f]
file     ---->            foo  [f]
dir      ---->            null  [f]
[...]
#

   The output of unison tells us that it successfully copied 2 files (bar
   and foo) and 1 directory from testdir1 to testdir2.

   For tutorials and more information about the usage of unison check the
   [61]Unison - User Manual and Reference.

   8. Moves, Adds, and Changes

   Moves

   The following developers recently left the Gentoo team:
     * None this week

   Adds

   The following developers recently joined the Gentoo Linux team:
     * None this week

   Changes

   The following developers recently changed roles within the Gentoo
   Linux project:
     * None this week

   9. Contribute to GWN

   Interested in contributing to the Gentoo Weekly Newsletter? Send us an
   [62]email.

   10. GWN Feedback

   Please send us your [63]feedback and help make the GWN better.

   11. GWN Subscription Information

   To subscribe to the Gentoo Weekly Newsletter, send a blank email to
   [64]gentoo-gwn-subscribe@gentoo.org.

   To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
   [65]gentoo-gwn-unsubscribe@gentoo.org from the email address you are
   subscribed under.

   12. Other Languages

   The Gentoo Weekly Newsletter is also available in the following
   languages:
     * [66]Danish
     * [67]Dutch
     * [68]English
     * [69]German
     * [70]French
     * [71]Japanese
     * [72]Italian
     * [73]Polish
     * [74]Portuguese (Brazil)
     * [75]Portuguese (Portugal)
     * [76]Russian
     * [77]Spanish
     * [78]Turkish

   line
                      Updated 20 September 2004
   line
   [79]Ulrich Plate
   Editor
   [80]Brian Downey
   Author
   [81]Christian Hartmann
   Author
   [82]Patrick Lauer
   Author
   [83]Emmet Wagle
   Author
   line
   Summary: This is the Gentoo Weekly Newsletter for the week of 20
   September 2004.
   line

   Donate to support our development efforts.
   Make payments with PayPal - it's fast, free and secure!
   line
                     [84]The Gentoo Linux Store
   line
   [85]php|architect

   php|architect is the monthly magazine for PHP professionals, available
   worldwide in print and electronic format. A percentage of all the
   sales will be donated back into the Gentoo project.
   line
   [86]Tek Alchemy

   Tek Alchemy offers dedicated servers and other hosting solutions
   running Gentoo Linux.
   line
   [87]DDR Memory at Crucial.com

   Purchase RAM from Crucial.com and a percentage of your sale will go
   towards further Gentoo Linux development.
   line
   [88]Win4Lin at NeTraverse

   Win4Lin from NeTraverse lets you run Windows applications under Gentoo
   Linux at native speeds.
   line
   Copyright 2001-2003 Gentoo Technologies, Inc. Questions, Comments,
   Corrections? Email [89]www@gentoo.org.

References

   1. http://survey.gentoo.org/index.php?sid=3
   2. http://www.gentoo.org/news/en/gwn/20040830-newsletter.xml
   3. http://forums.gentoo.org/viewtopic.php?p=1534764#1534764
   4. mailto:rac@gentoo.org
   5. http://forums.gentoo.org/viewtopic.php?t=223469
   6. mailto:ian@gentoo.org
   7. http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml
   8. http://www.gentoo.org/security/en/glsa/glsa-200409-17.xml
   9. http://www.gentoo.org/security/en/glsa/glsa-200409-18.xml
  10. http://www.gentoo.org/security/en/glsa/glsa-200409-19.xml
  11. http://www.gentoo.org/security/en/glsa/glsa-200409-20.xml
  12. http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
  13. http://www.gentoo.org/security/en/glsa/glsa-200409-22.xml
  14. http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml
  15. mailto:gwn-feedback@gentoo.org
  16. http://thread.gmane.org/gmane.linux.gentoo.user/98856
  17. http://thread.gmane.org/gmane.linux.gentoo.devel/21195
  18. http://thread.gmane.org/gmane.linux.gentoo.devel/21204
  19. http://thread.gmane.org/gmane.linux.gentoo.devel/21171
  20. http://thread.gmane.org/gmane.linux.gentoo.devel/21251
  21. http://www.schloss-kransberg.de/
  22. http://www.freescale.com/webapp/sps/site/overview.jsp?nod...
  23. mailto:plate@gentoo.org
  24. file://localhost/home/uli/gwn/20040920-newsletter.html#doc_chap1_sect2
  25. file://localhost/home/uli/gwn/20040920-newsletter.html#doc_chap1_sect3
  26. file://localhost/home/uli/gwn/20040920-newsletter.html#doc_chap1_sect4
  27. http://bugs.gentoo.org/
  28. mailto:games@gentoo.org
  29. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&...
  30. mailto:eradicator@gentoo.org
  31. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&...
  32. mailto:kde@gentoo.org
  33. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&...
  34. mailto:java@gentoo.org
  35. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&...
  36. mailto:security@gentoo.org
  37. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&...
  38. mailto:amd64@gentoo.org
  39. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&...
  40. mailto:gcc-porting@gentoo.org
  41. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&...
  42. mailto:alpha@gentoo.org
  43. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&...
  44. mailto:net-mail@gentoo.org
  45. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug...
  46. mailto:x11@gentoo.org
  47. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug...
  48. mailto:base-system@gentoo.org
  49. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug...
  50. mailto:kde@gentoo.org
  51. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug...
  52. mailto:dev-portage@gentoo.org
  53. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug...
  54. mailto:mozilla@gentoo.org
  55. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug...
  56. mailto:gnome@gentoo.org
  57. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug...
  58. mailto:amd64@gentoo.org
  59. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug...
  60. http://www.cis.upenn.edu/~bcpierce/unison/
  61. http://www.cis.upenn.edu/~bcpierce/unison/download/stable...
  62. mailto:gwn-feedback@gentoo.org
  63. mailto:gwn-feedback@gentoo.org
  64. mailto:gentoo-gwn-subscribe@gentoo.org
  65. mailto:gentoo-gwn-unsubscribe@gentoo.org
  66. http://www.gentoo.org/news/da/gwn/gwn.xml
  67. http://www.gentoo.org/news/be/gwn/gwn.xml
  68. http://www.gentoo.org/news/en/gwn/gwn.xml
  69. http://www.gentoo.org/news/de/gwn/gwn.xml
  70. http://www.gentoo.org/news/fr/gwn/gwn.xml
  71. http://www.gentoo.org/news/ja/gwn/gwn.xml
  72. http://www.gentoo.org/news/it/gwn/gwn.xml
  73. http://www.gentoo.org/news/pl/gwn/gwn.xml
  74. http://www.gentoo.org/news/br/gwn/gwn.xml
  75. http://www.gentoo.org/news/pt/gwn/gwn.xml
  76. http://www.gentoo.org/news/ru/gwn/gwn.xml
  77. http://www.gentoo.org/news/es/gwn/gwn.xml
  78. http://www.gentoo.org/news/tr/gwn/gwn.xml
  79. mailto:plate@gentoo.org
  80. mailto:bdowney@briandowney.net
  81. mailto:ian@gentoo.org
  82. mailto:patrick@gentoo.org
  83. mailto:ewagle@email.com
  84. http://store.gentoo.org/
  85. http://www.phparch.com/bannerclick.php?AID=68&BID=1&...
  86. http://www.tek.net/
  87. http://www.qksrv.net/click-477620-5032687
  88. http://www.netraverse.com/gentoo.htm
  89. mailto:www@gentoo.org

--
gentoo-gwn@gentoo.org mailing list