1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of June 21st, 2004. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo News |
9 |
============== |
10 |
|
11 |
Announcing Wasabi 0.2 |
12 |
--------------------- |
13 |
|
14 |
We're very pleased to announce that version 0.2 of Wasabi[1] has been |
15 |
released. We introduced[2] Wasabi two weeks ago: it's a log monitoring |
16 |
program initially developed for Gentoo infrastructure servers and now |
17 |
hosted by Gentoo. Designed to watch one or more log files for lines |
18 |
matching a regular expression, it can be set to send a notification email |
19 |
whenever a matching line occurs, or to report on such lines periodically. |
20 |
Changes in version 0.2 include multiple file support, large performance |
21 |
gains, and better signal handling. For more information, read the |
22 |
announcement[3] posted to gentoo-announce. |
23 |
|
24 |
1. http://www.gentoo.org/proj/en/infrastructure/wasabi/index.xml |
25 |
2. http://www.gentoo.org/news/en/gwn/20040607-newsletter.xml |
26 |
3. http://article.gmane.org/gmane.linux.gentoo.announce/373 |
27 |
|
28 |
Gentoo Linux seeking new kernel developers |
29 |
------------------------------------------ |
30 |
|
31 |
The Gentoo Linux project is currently seeking for new developers |
32 |
interested in helping the kernel team. We're looking for developers with a |
33 |
lot of kernel experience as well as experience writing ebuilds. Interested |
34 |
parties should send mail to recruiters@g.o. |
35 |
|
36 |
================== |
37 |
2. Gentoo Security |
38 |
================== |
39 |
|
40 |
Squirrelmail: Another XSS vulnerability |
41 |
--------------------------------------- |
42 |
|
43 |
Squirrelmail fails to properly sanitize user input, which could lead to a |
44 |
compromise of webmail accounts. |
45 |
|
46 |
For more information, please see the GLSA Announcement[4] |
47 |
|
48 |
4. http://www.gentoo.org/security/en/glsa/glsa-200406-08.xml |
49 |
|
50 |
Horde-Chora: Remote code execution |
51 |
---------------------------------- |
52 |
|
53 |
A vulnerability in Chora allows remote code execution and file upload. |
54 |
|
55 |
For more information, please see the GLSA Announcement[5] |
56 |
|
57 |
5. http://www.gentoo.org/security/en/glsa/glsa-200406-09.xml |
58 |
|
59 |
Gallery: Privilege escalation vulnerability |
60 |
------------------------------------------- |
61 |
|
62 |
There is a vulnerability in the Gallery photo album software which may |
63 |
allow an attacker to gain administrator privileges within Gallery. |
64 |
|
65 |
For more information, please see the GLSA Announcement[6] |
66 |
|
67 |
6. http://www.gentoo.org/security/en/glsa/glsa-200406-10.xml |
68 |
|
69 |
Horde-IMP: Input validation vulnerability |
70 |
----------------------------------------- |
71 |
|
72 |
An input validation vulnerability has been discovered in Horde-IMP. |
73 |
|
74 |
For more information, please see the GLSA Announcement[7] |
75 |
|
76 |
7. http://www.gentoo.org/security/en/glsa/glsa-200406-11.xml |
77 |
|
78 |
Webmin: Multiple vulnerabilities |
79 |
-------------------------------- |
80 |
|
81 |
Webmin contains two security vulnerabilities which could lead to a Denial |
82 |
of Service attack and information disclosure. |
83 |
|
84 |
For more information, please see the GLSA Announcement[8] |
85 |
|
86 |
8. http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml |
87 |
|
88 |
Squid: NTLM authentication helper buffer overflow |
89 |
------------------------------------------------- |
90 |
|
91 |
Squid contains a bug where it fails to properly check bounds of the 'pass' |
92 |
variable. |
93 |
|
94 |
For more information, please see the GLSA Announcement[9] |
95 |
|
96 |
9. http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml |
97 |
|
98 |
aspell: Buffer overflow in word-list-compress |
99 |
--------------------------------------------- |
100 |
|
101 |
A bug in the aspell utility word-list-compress can allow an attacker to |
102 |
execute arbitrary code. |
103 |
|
104 |
For more information, please see the GLSA Announcement[10] |
105 |
|
106 |
10. http://www.gentoo.org/security/en/glsa/glsa-200406-14.xml |
107 |
|
108 |
Usermin: Multiple vulnerabilities |
109 |
--------------------------------- |
110 |
|
111 |
Usermin contains two security vulnerabilities which could lead to a Denial |
112 |
of Service attack and information disclosure. |
113 |
|
114 |
For more information, please see the GLSA Announcement[11] |
115 |
|
116 |
11. http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml |
117 |
|
118 |
========================= |
119 |
3. Heard in the Community |
120 |
========================= |
121 |
|
122 |
Web Forums |
123 |
---------- |
124 |
|
125 |
USE="-offensive" |
126 |
|
127 |
Imagine working in a US corporation. Imagine further that you've convinced |
128 |
your boss that Linux is your operating system of choice, and you've even |
129 |
managed to sneek a Gentoo installation into a predominantly red-hatted |
130 |
environment. And then you emerge Windowmaker, just when your boss glances |
131 |
over your shoulder... Sexually explicit material packaged in a window |
132 |
manager has stirred a controversy in the forums that oscillates between |
133 |
calls for "emerge unmerge Janet Jackson" and the introduction of a new USE |
134 |
flag that bans or allows emerging offensive material: |
135 |
|
136 |
* Prude alert: Sexually explicit wm themes in emerge[12] |
137 |
12. http://forums.gentoo.org/viewtopic.php?t=187352 |
138 |
|
139 |
|
140 |
gentoo-user |
141 |
----------- |
142 |
|
143 |
Removing old Kernel Source Trees |
144 |
|
145 |
When upgrading your kernel sources, Gentoo will keep your old source trees |
146 |
around, including in portage. This[13] thread has some pointers on how to |
147 |
manage your kernel sources effectively. |
148 |
|
149 |
13. |
150 |
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=28tk1-6Qx-9% |
151 |
40gated-at.bofh.it&prev=/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie%3 |
152 |
DUTF-8%26group%3Dlinux.gentoo.user%26start%3D25 |
153 |
|
154 |
Simultaneous Emerges? |
155 |
|
156 |
Is it safe to run multiple 'emerge' commands at once? Find out[14] here! |
157 |
|
158 |
14. |
159 |
http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&threadm=27M5k-6cu-9% |
160 |
40gated-at.bofh.it&prev=/groups%3Fdq%3D%26num%3D25%26hl%3Den%26lr%3D%26ie%3 |
161 |
DUTF-8%26group%3Dlinux.gentoo.user%26start%3D100 |
162 |
|
163 |
=========== |
164 |
4. Bugzilla |
165 |
=========== |
166 |
|
167 |
Summary |
168 |
------- |
169 |
|
170 |
* Statistics |
171 |
* Closed Bug Ranking |
172 |
* New Bug Rankings |
173 |
|
174 |
Statistics |
175 |
---------- |
176 |
|
177 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[15]) to record and |
178 |
track bugs, notifications, suggestions and other interactions with the |
179 |
development team. Between 12 June 2004 and 18 June 2004, activity on the |
180 |
site has resulted in: |
181 |
|
182 |
15. http://bugs.gentoo.org |
183 |
|
184 |
* 580 new bugs during this period |
185 |
* 363 bugs closed or resolved during this period |
186 |
* 13 previously closed bugs were reopened this period |
187 |
|
188 |
Of the 6502 currently open bugs: 130 are labeled 'blocker', 190 are |
189 |
labeled 'critical', and 514 are labeled 'major'. |
190 |
|
191 |
Closed Bug Rankings |
192 |
------------------- |
193 |
|
194 |
The developers and teams who have closed the most bugs during this period |
195 |
are: |
196 |
|
197 |
* Jeremy Huddleston[16], with 32 closed bugs[17] |
198 |
* Perl Devs @ Gentoo[18], with 25 closed bugs[19] |
199 |
* AMD64 Porting Team[20], with 14 closed bugs[21] |
200 |
* Gentoo X-windows Packagers[22], with 13 closed bugs[23] |
201 |
* Mozilla Gentoo Team[24], with 12 closed bugs[25] |
202 |
* Gentoo KDE Team[26], with 12 closed bugs[27] |
203 |
16. eradicator@g.o |
204 |
17. |
205 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
206 |
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX |
207 |
ED&assigned_to=eradicator@g.o |
208 |
18. perl@g.o |
209 |
19. |
210 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
211 |
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX |
212 |
ED&assigned_to=perl@g.o |
213 |
20. amd64@g.o |
214 |
21. |
215 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
216 |
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX |
217 |
ED&assigned_to=amd64@g.o |
218 |
22. xfree@g.o |
219 |
23. |
220 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
221 |
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX |
222 |
ED&assigned_to=xfree@g.o |
223 |
24. mozilla@g.o |
224 |
25. |
225 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
226 |
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX |
227 |
ED&assigned_to=mozilla@g.o |
228 |
26. kde@g.o |
229 |
27. |
230 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch |
231 |
field=bug_status&chfieldfrom=2004-06-12&chfieldto=2004-06-18&resolution=FIX |
232 |
ED&assigned_to=kde@g.o |
233 |
|
234 |
|
235 |
New Bug Rankings |
236 |
---------------- |
237 |
|
238 |
The developers and teams who have been assigned the most new bugs during |
239 |
this period are: |
240 |
|
241 |
* Web-Apps Herd[28], with 27 new bugs[29] |
242 |
* Gentoo's Team for Core System packages[30], with 23 new bugs[31] |
243 |
* AMD64 Porting Team[32], with 21 new bugs[33] |
244 |
* Gentoo Linux Gnome Desktop Team[34], with 17 new bugs[35] |
245 |
* Java Team[36], with 12 new bugs[37] |
246 |
28. webapps-request@g.o |
247 |
29. |
248 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
249 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06 |
250 |
-18&assigned_to=webapps-request@g.o |
251 |
30. base-system@g.o |
252 |
31. |
253 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
254 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06 |
255 |
-18&assigned_to=base-system@g.o |
256 |
32. amd64@g.o |
257 |
33. |
258 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
259 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06 |
260 |
-18&assigned_to=amd64@g.o |
261 |
34. gnome@g.o |
262 |
35. |
263 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
264 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06 |
265 |
-18&assigned_to=gnome@g.o |
266 |
36. java@g.o |
267 |
37. |
268 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s |
269 |
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-06-12&chfieldto=2004-06 |
270 |
-18&assigned_to=java@g.o |
271 |
|
272 |
================== |
273 |
5. Tips and Tricks |
274 |
================== |
275 |
|
276 |
Tips and Tricks is on hiatus this week. |
277 |
|
278 |
=========================== |
279 |
6. Moves, Adds, and Changes |
280 |
=========================== |
281 |
|
282 |
Moves |
283 |
----- |
284 |
|
285 |
The following developers recently left the Gentoo team: |
286 |
|
287 |
* Troy Dack (tad) - testing and tweaking |
288 |
|
289 |
Adds |
290 |
---- |
291 |
|
292 |
The following developers recently joined the Gentoo Linux team: |
293 |
|
294 |
* None this week |
295 |
|
296 |
Changes |
297 |
------- |
298 |
|
299 |
The following developers recently changed roles within the Gentoo Linux |
300 |
project: |
301 |
|
302 |
* None this week |
303 |
|
304 |
==================== |
305 |
7. Contribute to GWN |
306 |
==================== |
307 |
|
308 |
Interested in contributing to the Gentoo Weekly Newsletter? Send us an |
309 |
email[38]. |
310 |
|
311 |
38. gwn-feedback@g.o |
312 |
|
313 |
=============== |
314 |
8. GWN Feedback |
315 |
=============== |
316 |
|
317 |
Please send us your feedback[39] and help make the GWN better. |
318 |
|
319 |
39. gwn-feedback@g.o |
320 |
|
321 |
=============================== |
322 |
9. GWN Subscription Information |
323 |
=============================== |
324 |
|
325 |
To subscribe to the Gentoo Weekly Newsletter, send a blank email to |
326 |
gentoo-gwn-subscribe@g.o. |
327 |
|
328 |
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to |
329 |
gentoo-gwn-unsubscribe@g.o from the email address you are |
330 |
subscribed under. |
331 |
|
332 |
=================== |
333 |
10. Other Languages |
334 |
=================== |
335 |
|
336 |
The Gentoo Weekly Newsletter is also available in the following languages: |
337 |
|
338 |
* Danish[40] |
339 |
* Dutch[41] |
340 |
* English[42] |
341 |
* German[43] |
342 |
* French[44] |
343 |
* Japanese[45] |
344 |
* Italian[46] |
345 |
* Polish[47] |
346 |
* Portuguese (Brazil)[48] |
347 |
* Portuguese (Portugal)[49] |
348 |
* Russian[50] |
349 |
* Spanish[51] |
350 |
* Turkish[52] |
351 |
40. http://www.gentoo.org/news/da/gwn/gwn.xml |
352 |
41. http://www.gentoo.org/news/be/gwn/gwn.xml |
353 |
42. http://www.gentoo.org/news/en/gwn/gwn.xml |
354 |
43. http://www.gentoo.org/news/de/gwn/gwn.xml |
355 |
44. http://www.gentoo.org/news/fr/gwn/gwn.xml |
356 |
45. http://www.gentoo.org/news/ja/gwn/gwn.xml |
357 |
46. http://www.gentoo.org/news/it/gwn/gwn.xml |
358 |
47. http://www.gentoo.org/news/pl/gwn/gwn.xml |
359 |
48. http://www.gentoo.org/news/br/gwn/gwn.xml |
360 |
49. http://www.gentoo.org/news/pt/gwn/gwn.xml |
361 |
50. http://www.gentoo.org/news/ru/gwn/gwn.xml |
362 |
51. http://www.gentoo.org/news/es/gwn/gwn.xml |
363 |
52. http://www.gentoo.org/news/tr/gwn/gwn.xml |
364 |
|
365 |
Yuji Carlos Kosugi <carlos@g.o> - Editor |
366 |
AJ Armstrong <aja@×××××××××××××.com> - Contributor |
367 |
Brian Downey <bdowney@×××××××××××.net> - Contributor |
368 |
Kurt Lieber <klieber@g.o> - Contributor |
369 |
David Narayan <david@×××××××.net> - Contributor |
370 |
Ulrich Plate <plate@g.o> - Contributor |
371 |
Sven Vermeulen <swift@g.o> - Contributor |
372 |
Simon Holm Thagersen <simon@××××××.net> - Danish Translation |
373 |
Jesper Brodersen <broeman@g.o> - Danish Translation |
374 |
Arne Mejlholm <aaby@g.o> - Danish Translation |
375 |
Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation |
376 |
Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation |
377 |
Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation |
378 |
Peter ter Borg <peter@××××××.nl> - Dutch Translation |
379 |
Jochen Maes <linux@××××.be> - Dutch Translation |
380 |
Roderick Goessen <rgoessen@××××.nl> - Dutch Translation |
381 |
Gerard van den Berg <gerard@××××××.net> - Dutch Translation |
382 |
Matthieu Montaudouin <mat@××××××××.com> - French Translation |
383 |
Xavier Neys <neysx@g.o> - French Translation |
384 |
Martin Prieto <riverdale@×××××××××.org> - French Translation |
385 |
Antoine Raillon <cabec2@××××××.net> - French Translation |
386 |
Sebastien Cevey <seb@×××××.net> - French Translation |
387 |
Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation |
388 |
Thomas Raschbacher <lordvan@g.o> - German Translation |
389 |
Steffen Lassahn <madeagle@g.o> - German Translation |
390 |
Matthias F. Brandstetter <haim@g.o> - German Translation |
391 |
Lukas Domagala <Cyrik@g.o> - German Translation |
392 |
Tobias Scherbaum <dertobi123@g.o> - German Translation |
393 |
Daniel Gerholdt <Sputnik1969@g.o> - German Translation |
394 |
Marc Herren <dj-submerge@g.o> - German Translation |
395 |
Tobias Matzat <SirSeoman@g.o> - German Translation |
396 |
Marco Mascherpa <mush@××××××.net> - Italian Translation |
397 |
Claudio Merloni <paper@×××××××.it> - Italian Translation |
398 |
Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation |
399 |
Katuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation |
400 |
Hiroyuki Takeda <hiro@××××××××××××××.jp> - Japanese Translation |
401 |
Masato Hatakeyama <hatake@×××××××××××.jp> - Japanese Translation |
402 |
Masayoshi Nakamura <masayang@×××××××××.com> - Japanese Translation |
403 |
Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation |
404 |
Tomoyuki Sakurai <web-gentoo-doc-jp@××××××××××××.nu> - Japanese Translation |
405 |
Lukasz Strzygowski <lucass@××××××.pl> - Polish Translation |
406 |
Karol Goralski <gooroo@××××××.pl> - Polish Translation |
407 |
Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese |
408 |
(Brazil) Translation |
409 |
Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation |
410 |
Jo??o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil) |
411 |
Translation |
412 |
Marcelo Gon??alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese |
413 |
(Brazil) Translation |
414 |
Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil) |
415 |
Translation |
416 |
Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese |
417 |
(Brazil) Translation |
418 |
Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation |
419 |
Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil) |
420 |
Translation |
421 |
Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal) |
422 |
Translation |
423 |
Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal) |
424 |
Translation |
425 |
Jos?? Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation |
426 |
Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation |
427 |
Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation |
428 |
Aleksandr Martyncev <amncorp@××.ru> - Russian Translator |
429 |
Sergey Galkin <gals_home@××××.ru> - Russian Translator |
430 |
Sergey Kuleshov <svyatogor@g.o> - Russian Translator |
431 |
Alex Spirin <asp13@××××.ru> - Russian Translator |
432 |
Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator |
433 |
Lanark <lanark@××××××××××.ar> - Spanish Translation |
434 |
Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation |
435 |
Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation |
436 |
Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation |
437 |
Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation |
438 |
Jes??s Garc??a Crespo <correo@××××××.com> - Spanish Translation |
439 |
Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation |
440 |
Julio Castillo <julio@×××××××××××××.com> - Spanish Translation |
441 |
Sergio G??mez <s3r@××××××××××××.ar> - Spanish Translation |
442 |
Aycan Irican <aycan@××××××××.tr> - Turkish Translation |
443 |
Bugra Cakir <bugra@×××××××××.com> - Turkish Translation |
444 |
Cagil Seker <cagils@××××××××××.tr> - Turkish Translation |
445 |
Emre Kazdagli <emre@××××××××.tr> - Turkish Translation |
446 |
Evrim Ulu <evrim@××××××××.tr> - Turkish Translation |
447 |
Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation |