From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <> X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: *** X-Spam-Status: No, score=3.7 required=5.0 tests=DEAR_SOMETHING,DMARC_NONE, DSN_NO_MIMEVERSION,FREEMAIL_FROM,MAILING_LIST_MULTI, MIME_HEADER_CTYPE_ONLY autolearn=no autolearn_force=no version=4.0.0 Received: from www.fastmail.fm (fastmail.fm [209.61.183.86]) by chiba.3jane.net (Postfix) with ESMTP id 98FC7AC4F5 for ; Wed, 14 Aug 2002 19:46:43 -0500 (CDT) Received: from www.fastmail.fm (localhost [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 04F666DACE for ; Wed, 14 Aug 2002 19:46:36 -0500 (CDT) Received: from server2.fastmail.fm (server2.internal [10.202.2.133]) by www.fastmail.fm (Postfix) with ESMTP id 794696DABF for ; Wed, 14 Aug 2002 19:46:33 -0500 (CDT) Received: by server2.fastmail.fm (Postfix, from userid 99) id 7DDF893874; Wed, 14 Aug 2002 19:46:32 -0500 (CDT) Content-Type: multipart/report; boundary="_----------=_1029372392751865"; report-type="delivery-status" From: "Mail Delivery System" To: gentoo-dev@gentoo.org Message-Id: <20020815004632.7DDF893874@server2.fastmail.fm> Date: Wed, 14 Aug 2002 19:46:32 -0500 (CDT) Subject: [gentoo-dev] Undelivered Mail Returned to Sender Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux developer list List-Unsubscribe: , List-Archive: X-Archives-Salt: 17b8cece-e129-4da5-b8fd-898cafecc727 X-Archives-Hash: b43b0b52083248067d9a66d5fb6f3198 This is a multi-part message in MIME format. --_----------=_1029372392751865 Content-Description: Notification Content-Type: text/plain This is the Postfix program at host fastmail.fm. I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the message returned below. The Postfix program : data format error. Command output: devx0000: Mailbox does not exist --_----------=_1029372392751865 Content-Description: Delivery error report Content-Type: message/delivery-status Reporting-MTA: dns; fastmail.fm Arrival-Date: Thu, 15 Aug 2002 12:46 AM Final-Recipient: rfc822; devx0000@fastmail.fm Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; data format error. Command output: devx0000: Mailbox does not exist --_----------=_1029372392751865 Content-Description: Undelivered Message Content-Type: message/rfc822 Return-Path: Received: from www.fastmail.fm (server1.internal [10.202.2.132]) by server2.fastmail.fm (Cyrus v2.1.5) with LMTP; Mon, 22 Jul 2002 12:05:16 -0500 X-Sieve: CMU Sieve 2.2 Received: from www.fastmail.fm (server1.internal [10.202.2.132]) by www.fastmail.fm (Cyrus v2.1.3) with LMTP; Mon, 22 Jul 2002 12:05:16 -0500 Received: from www.fastmail.fm (localhost [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 769646DB47 for ; Mon, 22 Jul 2002 12:05:03 -0500 (CDT) X-Mail-from: gentoo-dev-admin@gentoo.org X-Delivered-to: X-Spam-score: 9.4 X-Spam: spam SPAM: ---- Start SpamAssassin results SPAM: 9.4 hits, 5 required; SPAM: * 0.5 -- From: does not include a real name SPAM: * -0.7 -- BODY: Contains 'Dear Somebody' SPAM: * 4.6 -- BODY: Claims compliance with senate bill 1618 SPAM: * 2.8 -- BODY: Claims compliance with SPAM regulations SPAM: * 1.1 -- BODY: A word in all caps repeated on the line SPAM: * 0.4 -- BODY: Contains 'G.a.p.p.y-T.e.x.t' SPAM: * 0.2 -- BODY: Uses words and phrases which indicate porn (14) SPAM: * 0.5 -- Uses words and phrases which indicate porn (3) SPAM: SPAM: ---- End of SpamAssassin results Received: from wallace.eclinic.com.au (unknown [203.63.55.34]) by www.fastmail.fm (Postfix) with SMTP id C32686DB70 for ; Mon, 22 Jul 2002 12:05:01 -0500 (CDT) Received: (qmail 16351 invoked by uid 1008); 22 Jul 2002 17:04:45 -0000 Delivered-To: linuxgamers-dev@linuxgamers.net Received: (qmail 16347 invoked by uid 64014); 22 Jul 2002 17:04:44 -0000 Received: from gentoo-dev-admin@gentoo.org by wallace with qmail-scanner-0.96 (uvscan: v4.1.00/v4126. . Clean. Processed in 7.248411 secs); 22 Jul 2002 17:04:44 -0000 Received: from chiba.3jane.net (nobody@64.57.168.198) by 203.63.55.34 with SMTP; 22 Jul 2002 17:04:37 -0000 Received: from chiba.3jane.net (localhost [127.0.0.1]) by chiba.3jane.net (Postfix) with ESMTP id 49142AC613; Mon, 22 Jul 2002 12:01:13 -0500 (CDT) From: gentoo-dev-request@gentoo.org Subject: gentoo-dev digest, Vol 1 #424 - 8 msgs Reply-To: gentoo-dev@gentoo.org X-Mailer: Mailman v2.0.6 MIME-version: 1.0 Content-type: text/plain To: gentoo-dev@gentoo.org Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux developer list List-Unsubscribe: , List-Archive: Message-Id: <20020722170113.49142AC613@chiba.3jane.net> Date: Mon, 22 Jul 2002 12:01:13 -0500 (CDT) Send gentoo-dev mailing list submissions to gentoo-dev@gentoo.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.gentoo.org/mailman/listinfo/gentoo-dev or, via email, send a message with subject or body 'help' to gentoo-dev-request@gentoo.org You can reach the person managing the list at gentoo-dev-admin@gentoo.org When replying, please edit your Subject line so it is more specific than "Re: Contents of gentoo-dev digest..." Today's Topics: 1. Re: graphical installer (Gaarde) 2. Re: graphical installer (Bart Verwilst) 3. Gentoo Installer Madness (Bart Verwilst) 4. Re: Gentoo Installer Madness (Pierre-Henri Jondot) 5. H E L L O ! (ADRIAN POPOVICIU) 6. new iso question... (Michael Cummings) 7. [gentoo-announce] GLSA: PHP contains a vulnerable data handler that could allow remote compromise (Ferry Meyndert) --__--__-- Message: 1 Date: Sun, 21 Jul 2002 11:08:27 -0700 (PDT) From: Gaarde To: gentoo-dev@gentoo.org Subject: [gentoo-dev] Re: graphical installer Somewhere in the thread that speaks of a graphical installer mentioned device-detection. We can use this work elsewhere. Create 'sane defaults' for the kernel .config ... selecting which nic, framebuffer, DRI, apic, mtrr, etc ... ANYTHING that can be detected. As a part of the installer, have a 'wizard' that walks one through the kernel configure/compile itself maybe? ===== --- "To thine own self be true." - Shakespeare __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com --__--__-- Message: 2 From: Bart Verwilst Reply-To: verwilst@gentoo.org To: gentoo-dev@gentoo.org Subject: Re: [gentoo-dev] graphical installer Date: Sun, 21 Jul 2002 20:37:16 +0200 On Sunday 21 July 2002 20:08, Gaarde wrote: || Somewhere in the thread that speaks of a graphical installer mentioned || device-detection. || || We can use this work elsewhere. Create 'sane defaults' for the kernel || .config ... selecting which nic, framebuffer, DRI, apic, mtrr, etc ... || ANYTHING that can be detected. As a part of the installer, have a || 'wizard' that walks one through the kernel configure/compile itself mayb= e? Nope, we're using redhat's anaconda as base, that has autodetection and suc= h,=20 and it's in python (i think). But that's more davoid's work now, since i'm planning the GUI now. =2D-=20 Bart Verwilst Gentoo Linux Developer, Release Coordinator Gent, Belgium --__--__-- Message: 3 From: Bart Verwilst Reply-To: verwilst@gentoo.org To: gentoo-dev@gentoo.org Date: Sun, 21 Jul 2002 23:58:46 +0200 Subject: [gentoo-dev] Gentoo Installer Madness Ugh.. Ok.. over to plan B. :o) I'll try to take a look at the code, davoid, could i count on you to guide = me=20 into this project? Ok. If somebody is willing to sign up for the installer creation, mail me i= n=20 person (again, sorry :o( ) with the first part of the subject "INSTALLER",= =20 that way i can sort this stuff, and keep em in a seperate folder, so i don'= t=20 lose it :o) I can use quite some help :o) See ya! On Sunday 21 July 2002 23:16, Faust Tanasescu wrote: || Hello, || || I am sorry to announce this but I will be on hiatus for some time. This = is || due to the fact that my slow machine can't me used with gentoo for the || moment. Another reason is me starting to get pissed at the Linux kernel || and at the way the devs are working on it (kernel.org dudes). They add || functionality, drivers making the whole thing slower and more unstable. || That's my own opinion, just take a look at this "you have to recompile a || module for each krnel version you have" that is made so for epople who || release binary-only versions of their drivers for Linux. Anyways, I am a || little pissed. The main reason for my hiatus is because I have discovered || FreeBSD and fallen in love with it. It's robust, mature and has the late= st || applications. It does everything I want for the moment and more. As far = as || Gentoo goes, maybe I will be back to hack something when I get a new || machine and change my opinion about the Linux kernel. For instance || consider this bloat factor: apps now have to tell the kernel what type of || apps they are so they get proper scheduling. This is bloatware. Linux is= a || windows replacement and going closer and closer to that 40mb of || kernel-space of WInXP... Anyways, I won't spoil your fun w/ gentoo, I am || only telling you that I have changed my mind about working on this || installer. || || Thanks! || davoid || || || From: Bart Verwilst || || >Reply-To: verwilst@gentoo.org || >To: || >Subject: Re: [gentoo-dev] I am not a touch typest. Wish I were. || >Date: Sat, 20 Jul 2002 23:57:13 +0200 || > || >We're working on a graphical installer... || >I'm planning to make it easier to install than Windows :) || >Ofcourse this will be optional, and the current install will always be || >available, and that's a garantee! :o) || > || >PS: This is a calling to everybody interessed, if you have ideas, || > drawings from the layout, you're a talented graphics dude, or somethin= g, || > don't hesitate to email me directly, we can use some help on this one = :) || > || >Thanks! || > || >On Saturday 20 July 2002 13:26, Troy Dack wrote: || >|| ----- Original Message ----- || >|| From: "D. Carrico" || >|| To: || >|| Sent: Saturday, July 20, 2002 5:14 PM || >|| Subject: [gentoo-dev] I am not a touch typest. Wish I were. || >|| || >|| > Gentoo, || >|| > || >|| > I love your distribution, but can you get the install down to at || >|| > least || > || >a || > || >|| > couple of scripts? || >|| || >|| Don, || >|| You won't like this answer .... || >|| || >|| Hopefully not! || >|| || >|| Gentoo is not meant to be a point & click or type "go" to install ty= pe || > || >of || > || >|| distribution. The beauty and power of linux lies in the fact that || >|| there are distributions available that cater to everyone's taste. || >|| || >|| If you would like an install of Gentoo that only requires running a || > || >couple || > || >|| of scripts, then write them yourself and submit them through || >|| bugs.gentoo.org. I'm sure there are others who would find them || >|| helpful. || >|| || >|| -- || >|| Troy || >|| || >|| Children seldom misquote you. In fact, they usually || >|| repeat word for word what you shouldn't have said. || >|| || >|| http://linuxserver.tkdack.com || >|| http://gentoo.tkdack.com || >|| || >|| || >|| || >|| _______________________________________________ || >|| gentoo-dev mailing list || >|| gentoo-dev@gentoo.org || >|| http://lists.gentoo.org/mailman/listinfo/gentoo-dev || > || >-- || >Bart Verwilst || >Gentoo Linux Developer, Release Coordinator || >Gent, Belgium || >_______________________________________________ || >gentoo-dev mailing list || >gentoo-dev@gentoo.org || >http://lists.gentoo.org/mailman/listinfo/gentoo-dev || || _________________________________________________________________ || Send and receive Hotmail on your mobile device: http://mobile.msn.com =2D-=20 Bart Verwilst Gentoo Linux Developer, Release Coordinator Gent, Belgium --__--__-- Message: 4 Date: Mon, 22 Jul 2002 10:02:54 +0000 From: Pierre-Henri Jondot To: verwilst@gentoo.org, gentoo-dev@gentoo.org Subject: Re: [gentoo-dev] Gentoo Installer Madness On Sun, 21 Jul 2002 23:58:46 +0200 Bart Verwilst wrote: > Ugh.. Ok.. over to plan B. :o) > > I'll try to take a look at the code, davoid, could i count on you to guide > me into this project? > > Ok. If somebody is willing to sign up for the installer creation, mail me > in person (again, sorry :o( ) with the first part of the subject > "INSTALLER", that way i can sort this stuff, and keep em in a seperate > folder, so i don't lose it :o) I can use quite some help :o) > > See ya! > I won't mind the abandon of a graphical installer... I don't think we need it, neither do newbies. I'd rather think the efforts should go to the documentation (various parts of it) which must stay up-to-date with the development of gentoo. (I remember some newbies having an issue with the fdisk type numbers of partition, entering 0x83 rather than 83 for example.) This is true for the installation instructions as well as the devel docs which should follow portage, ebuilds policies, evolutions. The installation is, as it is, quite simple and its ability to be used in a chrooted environment from another installation (or another distribution) is unvaluable. By all means, this feature must remain intact. For those who can't afford to have two distributions installed (they will be less and less) or that are just installing gentoo as their first linux distribution, what is sorely needed in the isos right now is some other means to connect to internet, pppoe, pptp, isdn... A propos : I had patched the small 1.2 iso adding pppoe support (rp-pppoe binaries and instructions) a few weeks ago, I added (eugenesan asked me to help him to do that) pptp support a few days ago. Iso, containing only ix86 stage 1 for gentoo 1.2 is there http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/ gentoo-pppoe-pptp.iso You could have a look there too : http://forums.gentoo.org/viewtopic.php?t=8805 Right now, I've no idea if this second iso works or not, nobody having reported about it (But the first did, that I'm sure). If you're willing to test it, please report and tell me (on the forums or to my email) if it works for you or not. (Does it boot ? (hope so !) Were you able to initiate internet connection ? What about the installation instructions ?) -- Pierre-Henri Jondot Page perso : http://perso.wanadoo.fr/phj --__--__-- Message: 5 From: "ADRIAN POPOVICIU" To: Date: Mon, 22 Jul 2002 11:22:10 +0300 Reply-To: "ADRIAN POPOVICIU" Subject: [gentoo-dev] H E L L O ! Dipl. eng. POPOVICIU ADRIAN R O M A N I A July 22, 2002 Dear Sir, I learn recently about you from Internet network. My name is POPOVICIU ADRIAN. I graduated engineering at the electronic and electrotechnic faculty, speciality radioelectronics, in Europe (Bucharest). I have more 10 years work experience like tehnical support for instrumentation, computers, office devices and general electronic & electrical equipments. I looking to get a new job. If you wish I can to send you my CV and my own WEB page address. If you have a job opportunity please send an email at my address: apopovici@keysys.ro I can submit (if it is necessary) very good recommendations. With best greetings Yours sincerely Adrian Popoviciu PS Under Bill S.1618 TITLE III SECTION 301. Per Section 301, Paragraph (a) (2) (C) proposed by the 105th US Congress any email or Mass Marketing email CANNOT BE CONSIDERED SPAM as long as the sender includes contact information and a method of removal. ______________________________________ Because You'll receive this email just once, You don't need to remove this email address from future mailings. ------------------------------------------------------------ This E-Mail is intended for the use of the addressee only and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use or dissemination of this communication is strictly prohibited. If you receive this transmission in error, please notify us immediately then delete this E-Mail --__--__-- Message: 6 Date: Mon, 22 Jul 2002 07:38:11 -0400 From: Michael Cummings To: gentoo-dev@gentoo.org Reply-To: mcummings@datanode.net Subject: [gentoo-dev] new iso question... Ok, maybe this is out there and I've just missed it. If so, burn me at the stake, flame me, yada yada yada. I know there are iso's for the basic (stage1), and an iso for the stage2&3 that is specific to the optimized (but particular hardware) user, but are there gentoo isos that contain tarballs of the "common" get up and go packages from stage 2 and 3? Here's my line of thought...user wants to install gentoo, but has intermittent or lackluster access from the system in question. the iso with stages 2 and 3 isn't good for his hardware, which only leaves him the stage1 - which requires internet access. Would it be possible to have a monthly iso that contains the stage 2 and 3 source packages? Or am I completely off my rocker, and that's what's on the other iso and I've just been loopy thinking that they were precompiled packages? This third iso wouldn't have to be billed as up to date, just usable. I know that personally, this would have come in handy when building a box that had a linksys wireless card - couldn't get online until the linksys was working, but couldn't get the linksys working until i was online (the wireless utils built into the cd, at least at 1.1a, weren't right for the hardware in question). Thanks, Mike --__--__-- Message: 7 From: Ferry Meyndert To: gentoo-announce@gentoo.org Date: 22 Jul 2002 17:41:05 +0200 Subject: [gentoo-dev] [gentoo-announce] GLSA: PHP contains a vulnerable data handler that could allow remote compromise - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------- PACKAGE :php,mod_php SUMMARY :Vulnerable data handler DATE :2002-07-22 16:51:00 - -------------------------------------------------------------------- OVERVIEW E-matters has discovered a serious vulnerability within the default version of PHP. Depending on the processor architecture it may be possible for a remote attacker to either crash or compromise the web server. DETAIL PHP 4.2.0 introduced a completely rewritten multipart/form-data POST handler.While I was working on the code in my role as PHP developer i found a bug within the way the mime headers are processed. A malformed POST request can trigger an error condition, that is not correctly handled. Due to this bug it could happen that an uninitialised struct gets appended to the linked list of mime headers.When the lists gets cleaned or destroyed PHP tries to free the pointers that are expected in the struct. Because of the lack of initialisation those pointers contain stuff that was left on the stack by previous function calls. On the IA32 architecture (aka. x86) it is not possible to control what will end up in the uninitialised struct because of the stack layout. All possible code paths leave illegal addresses within the struct and PHP will crash when it tries to free them. Unfortunately the situation is absolutely different if you look on a solaris sparc installation. Here it is possible for an attacker to free chunks of memory that are full under his control. This is most probably the case for several more non IA32 architectures. Please note that exploitability is not only limited to systems that are running malloc()/free() implementations that are known to be vulnerable to control structure overwrites. This is because the internal PHP memory managment implements its own linked list system that can be used to overwrite nearly arbitrary memory addresses. SOLUTION It is recommended that all Gentoo Linux users update their systems as follows. emerge --clean rsync emerge php mod_php emerge clean Manually: Download the new php package here and follow in file instructions: http://www.php.net/distributions/php-4.2.2.tar.gz Workaround: If the PHP applications on an affected web server do not rely on HTTP POST input from user agents, it is often possible to deny POST requests on the web server. In the Apache web server, for example, this is possible with the following code included in the main configuration file or a top-level . htaccess file: Order deny,allow Deny from all Note that an existing configuration and/or .htaccess file may have parameters contradicting the example given above. - -------------------------------------------------------------------- Ferry Meyndert m0rpheus@gentoo.org http://www.gentoo.org/~m0rpheus - -------------------------------------------------------------------- _______________________________________________ gentoo-announce mailing list gentoo-announce@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-announce --__--__-- _______________________________________________ gentoo-dev mailing list gentoo-dev@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-dev End of gentoo-dev Digest --_----------=_1029372392751865--