GWN 27 September 2004
Uit Gentoo Linux Wiki
== Gentoo News == Gentoo documentation revisited The first thing many visitors to the Gentoo website will notice when opening the Gentoo Handbook or any other piece of documentation these days is a little......
Inhoud |
[bewerken] Gentoo security
Foomatic: Arbitrary command exec foomatic
The foomatic-rip filter in foomatic-filters contains a vulnerability which may allow arbitrary command execution on the print server.
For more information, please see the GLSA Announcement
CUPS: Denial of service vulnerability
A vulnerability in CUPS allows remote attackers to cause a denial of service when sending a carefully-crafted UDP packet to the IPP port.
For more information, please see the GLSA Announcement
Mozilla, Firefox, Thunderbird, Epiphany vulnerability fixes
New releases of Mozilla, Epiphany, Mozilla Thunderbird, and Mozilla Firefox fix several vulnerabilities, including the remote execution of arbitrary code.
For more information, please see the GLSA Announcement
glFTPd: Local buffer overflow vulnerability
glFTPd is vulnerable to a local buffer overflow which may allow arbitrary code execution.
For more information, please see the GLSA Announcement
GTK+ 2, gdk-pixbuf: multiple vulnerabilities
The GdkPixbuf library, which is also included in GTK+ 2, contains several vulnerabilities that could lead to a Denial of Service or the execution of arbitrary code.
For more information, please see the GLSA Announcement
FreeRADIUS: Multiple Denial of Service vulnerabilities
Multiple Denial of Service vulnerabilities were found and fixed in FreeRADIUS.
For more information, please see the GLSA Announcement
xine-lib: Multiple vulnerabilities
xine-lib contains several vulnerabilities potentially allowing the execution of arbitrary code.
For more information, please see the GLSA Announcement
jabberd 1.x: Denial of Service vulnerability
The jabberd server was found to be vulnerable to a remote Denial of Service attack.
For more information, please see the GLSA Announcement
getmail: Filesystem overwrite vulnerability
getmail contains a vulnerability that could potentially allow any local user to create or overwrite files in any directory on the system. This flaw can be escalated further and possibly lead to a complete system compromise.
For more information, please see the GLSA Announcement
Apache: Exposure of protected directories
A bug in the way Apache handles the Satisfy directive can lead to the exposure of protected directories to unauthorized users.
For more information, please see the GLSA Announcement
[bewerken] Heard in the community
Web forums
Portage 2.0.51_rc1 trials and tribulations
The new Portage version is rippling the surface of more than one forum these days. Check for new features, bugs, and bugs that really are features at one of the threads below:
* portage_2.0.51_rc1 and virtuals * Portage 2.0.51 Question * Neue Funktionen und Optionen in Portage 2.0.51(German) * Nuove funzioni e opzioni di Portage 2.0.51(Italian)
gentoo-user
Alsa and the 2.6 Kernel
Upgrading to the 2.6 kernel series brings a lot of benefits. Better performance under load, a simplified compilation process, and ALSA sound drivers included in the kernel. List contributor Greg wondered if after upgrading the user-land ALSA headers and libraries were necessary. Check the thread to find out!
* alsa and 2.6
gentoo-dev
Xorg takes the place of xfree as default for the x11 virtual
* Xorg as Default X11 Virtual
Hardened toolchain reorganization
Solar had previously announced that the hardened toolchain might be dropped, but reconsidered when many developers and users gave very positive feedback. As it stands now, the Gentoo Hardened subproject does not have the manpower to do everything at once, so every bit of support, especially with bug hunting and fixing is wanted.
* Hardened Toolchain
Stack-smash protection by default?
This long and controversial thread was started upon someone asking a rather innocent question: Shouldn't Gentoo offer stack-smash protection ("-fstack-protector" CFLAG) by default, since most vulnerabilities are still buffer overflows? Stack-smash protection can adversely affect performance, it offers protection against a class of exploits, enabling it may protect users, at little extra cost.
* Stack Smash Protection
USE="acl" likely to be removed from profiles
All profiles and stage2 / stage3 set USE="acl", but most users will not need it, and some complications may happen during install. Therefore this flag has been removed from the 2004.3 x86 profile; most likely the other profiles will do the same.
* USE="acl" Dropped
Moving /usr/qt and /usr/kde for better FHS compliance?
The FHS (File Hierarchy Standard) defines default locations for most files in a linux system. Is the Gentoo strategy of using /usr/qt/x.y and /usr/kde/x.y to allow different KDE and QT versions to coexist a violation of the FHS?
* Qt/KDE and FHS
[bewerken] Gentoo International
Italy: Impressions from Linux World Expò - The Gechi LWE movie
The Gechi (Gentoo Channel Italia) activists have veni to the Linux World Expo (Milano edition), and have both vidi and vici... To provide a virtual experience of their introductory Gentoo presentation they've set up four movie versions of the speech given by Forum user .:deadhead:.. Kindly refrain from clicking any of the links listed below if your bandwidth doesn't allow for large downloads, or you don't have 54 minutes to watch their endeavours:
* Gechi Presentation at LWE Milano 2004 (different formats, 20 to 330 MB)
Germany: Gentoo PPC developer meeting update
Both Belgians on the Gentoo PPC team, Pieter van den Abeele (pvdabeel) and Jochen Maes (SeJo), have announced their presence at the GentooPPC developer meeting scheduled for Thursday this week, 30 September, bringing the number of participants to double digits (from almost as many different countries). You can still register for this event at Kransberg Castle (near Frankfurt am Main) with Ulrich Plate.
[bewerken] Gentoo in the press
Linux Gazette: September 2004 (issue no. 106)
Mike Orr (aka Sluggo) wrote an article about Installing Gentoo - "still my favourite distro" - for this month's Linux Gazette. He describes the installation process of a desktop system on two different PCs, both dual-booting Windows, one Pentium III with 1 GHz and a brandnew 2.6 GHz Pentium4 with two monitors.
Linux+ 02/2004 (September 2004)
This month the Polish magazine Linux+ (also distributed in German and Czech versions) comes bundled with two DVDs, one of which has Gentoo Linux 2004.1 for x86 (stages 1 and 3 included) on it, with an updated Portage and an extra-check of software dependencies. The printed edition includes an article describing the installation from DVD, the official handbook and additional installation guides can always be found at the Gentoo website.
[bewerken] Bugzilla
Summary
* Statistics * Closed Bug Ranking * New Bug Rankings
Statistics
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 19 September 2004 and 25 September 2004, activity on the site has resulted in:
* 680 new bugs during this period * 505 bugs closed or resolved during this period * 15 previously closed bugs were reopened this period
Of the 7133 currently open bugs: 135 are labeled 'blocker', 220 are labeled 'critical', and 562 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period are:
* Gentoo KDE team, with 31 closed bugs * PPC Porters, with 25 closed bugs * ppc64 architecture team, with 21 closed bugs * Greg Kroah-Hartman, with 21 closed bugs * Gentoo Games, with 18 closed bugs * Gentoo Security, with 17 closed bugs * Java team, with 17 closed bugs * Perl Devs @ Gentoo, with 16 closed bugs
New bug rankings
The developers and teams who have been assigned the most new bugs during this period are:
* Mozilla Gentoo Team, with 19 new bugs * Gentoo Linux Gnome Desktop Team, with 18 new bugs * Gentoo X-windows packagers, with 16 new bugs * Gentoo KDE team, with 14 new bugs * AMD64 Porting Team, with 14 new bugs * media-video herd, with 10 new bugs * Gentoo's Team for Core System packages, with 10 new bugs * PHP Bugs, with 7 new bugs
[bewerken] Tips and tricks
Roaming network profiles for laptops with Quickswitch
Every Laptop user knows what I am talking about by saying that switching network profiles is a real problem and hard to keep track of when doing it manually. This is where Quickswitch comes in. Quickswitch is a utility that not only makes laptop users' everyday life easier by letting them create and use roaming network profiles, but it also has built-in support for multiple network cards, wireless LAN configurations, different kernel parameters, support for X configurations, Netscape preferences, Samba shares and so on and so forth.
Sounds good? Want to learn how to use it? Read on:
Code Listing 7.1: Installing Quickswitch
- emerge quickswitch
Now we need to tell quickswitch about all the network settings we want to be able to switch to. Quickswitch can be configured using it configuration file in /etc/quickswitch/switchto.conf. There is also a sample configuration in /etc/quickswitch/switchto.conf.sample.
Code Listing 7.2: Setting up the quickswitch configuration in /etc/quickswitch/switchto.conf
// # This is the default configuration: [config] device=eth0 // # Path to save last known good configuration... servicefilename=/etc/quickswitch/switchto.last
// # This is our profile called "home": [home] description=home address=192.168.0.25 netmask=255.255.255.0 gateway=192.168.0.1 dns1=195.62.99.42 dns2=195.62.97.177
// # This is our profile called "work": [work] description=work address=10.16.3.114 netmask=255.255.255.0 gateway=10.16.3.249 dns1=195.62.99.42
We are finished with the configuration now. Let's test if it works.
Code Listing 7.3: Using switchto to switch to another profile
// Switch to "work" profile:
- switchto work
// Switch to "home" profile:
- switchto home
Use ifconfig and route to make sure that switchto correctly applied the settings the first time. Everythings ok? Well done!
Quickswitch offers two more ways of how to switch your profile.
1. switcher is a simple curses based GUI to switch between your profiles. 2. TraySwitcher is a more sophisticated Gnome tray applet.
To learn how Quickswitch easily lets you create profiles that also switch Samba, X configurations and even more. Take a look at the well documented /etc/quickswitch/switchto.conf.sample sample configuration file and visit the Quickswitch project homepage.
[bewerken] Moves, adds, and changes
Moves
The following developers recently left the Gentoo team:
* None this week
Adds
The following developers recently joined the Gentoo Linux team:
* None this week
Changes
The following developers recently changed roles within the Gentoo Linux project:
* None this week
[bewerken] Contribute to GWN
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
[bewerken] GWN feedback
Please send us your feedback and help make the GWN better.
[bewerken] GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
