1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of 19 December 2005. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo news |
9 |
============== |
10 |
|
11 |
Documentation project status update |
12 |
----------------------------------- |
13 |
|
14 |
Another update from the busy Gentoo documentation project has been |
15 |
published last weekend, this one filled mostly with modifications to |
16 |
existing guides. Some of those have already been featured in past GWNs, |
17 |
like the GCC upgrading guide[1], while others have passed mostly |
18 |
unnoticed, but deserve a much broader audience, like the Gentoo home |
19 |
router guide[2] featuring instructions how to configure a kernel for |
20 |
ADSL/PPPoE connectivity. Have a look at the whole status update[3] for |
21 |
more changes to several pieces of documentation. |
22 |
1. http://www.gentoo.org/doc/en/gcc-upgrading.xml |
23 |
2. http://www.gentoo.org/doc/en/home-router-howto.xml |
24 |
3. http://www.gentoo.org/proj/en/gdp/status/status_20051216.xml |
25 |
|
26 |
As with every work in progress, your input is much appreciated: after the |
27 |
removal of stage 1 and 2 instructions from the handbook (now part of the |
28 |
Gentoo FAQ[4]), the GDP has set off on a mission to write an entirely new |
29 |
bootstrapping guide. The new document will discuss the reasons for |
30 |
bootstrapping, the creation of installation media for unsupported |
31 |
platforms and other topics. A draft bootstrapping guide[5] is now waiting |
32 |
for your feedback; please contact Sven Vermeulen[6] if you're |
33 |
knowledgeable about these things and would like to comment on the current |
34 |
state of the document. |
35 |
4. http://www.gentoo.org/doc/en/faq.xml |
36 |
5. http://www.gentoo.org/doc/en/draft/bootstrapping-guide.xml |
37 |
6. swift@g.o |
38 |
|
39 |
======================= |
40 |
2. Gentoo international |
41 |
======================= |
42 |
|
43 |
Germany: Gentoo Summer Camp errata |
44 |
---------------------------------- |
45 |
|
46 |
GSC initiator and German Gentoo Forum moderator slick[7] points to an |
47 |
important error that slipped through quality control in the previous GWN: |
48 |
"Cold beverages are unfortunately not included in the 10 Euro |
49 |
participation fee per person and night," he says. These and other details, |
50 |
like the final venue, who to bring and what to expect is being discussed |
51 |
at the GSC organizers' forum[8] (German and English). |
52 |
7. http://forums.gentoo.org/profile.php?mode=viewprofile&u=18822 |
53 |
8. http://gsc2006.nachtnebelnelken.de |
54 |
|
55 |
====================== |
56 |
3. Gentoo in the press |
57 |
====================== |
58 |
|
59 |
Genesi press release (18 December 2005) |
60 |
--------------------------------------- |
61 |
|
62 |
Gentoo developer Pieter Van den Abeele[9] appears in a picture from the |
63 |
first Power.org investor community event last week in Palo Alto, shot |
64 |
during a presentation of his Gentoo-driven Genesi Home Media Center[10], a |
65 |
feature-rich digital video recorder based on the PegasosPPC platform. The |
66 |
station's internal design won an award[11] at the Freescale conference in |
67 |
June, and is hand-made on order, with a brushed aluminium case thrown in |
68 |
for good measure. Gentoo-sponsor Genesi's press release describes the |
69 |
POWER venture capital symposium as "presenting proof points for potential |
70 |
investors in the Power.org community" and links to a presentation on |
71 |
"Building Future Products; Tools, enablement, community, accelerators." |
72 |
9. pvdabeel@g.o |
73 |
10. http://www.genesippc.com/press.php?date=20051218 |
74 |
11. http://www.gentoo.org/news/en/gwn/20050627-newsletter.xml#doc_chap1 |
75 |
|
76 |
KDE.news (15 December 2005) |
77 |
--------------------------- |
78 |
|
79 |
KDE Developer Navindra Umanee[12] announces the move of KDE Dot News |
80 |
servers[13] to being hosted at the OSUOSL[14] (Oregon State University |
81 |
Open Source Labs). He is "truly impressed" by the combination of Gentoo |
82 |
Linux provided by the OSL in a Xen virtual machine: "Xen is completely |
83 |
transparent to the typical VM user and if I didn't know better I'd think |
84 |
we had a dedicated machine," says Navindra. This is the first Gentoo |
85 |
server he's encountered so far, and compiling everything from source "is |
86 |
starting to get a little old," but emerge has won a new fan nonetheless: |
87 |
"It has been extremely easy to pull in and configure any extra software we |
88 |
needed -- a simple emerge usually does the trick." |
89 |
12. navindra@×××.org |
90 |
13. http://dot.kde.org/1134714488/ |
91 |
14. http://osuosl.org/ |
92 |
|
93 |
========================= |
94 |
4. Gentoo developer moves |
95 |
========================= |
96 |
|
97 |
Moves |
98 |
----- |
99 |
|
100 |
The following developers recently left the Gentoo project: |
101 |
|
102 |
* None this week |
103 |
|
104 |
Adds |
105 |
---- |
106 |
|
107 |
The following developers recently joined the Gentoo project: |
108 |
|
109 |
* None this week |
110 |
|
111 |
Changes |
112 |
------- |
113 |
|
114 |
The following developers recently changed roles within the Gentoo project: |
115 |
|
116 |
* None this week |
117 |
|
118 |
================== |
119 |
5. Gentoo Security |
120 |
================== |
121 |
|
122 |
Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation |
123 |
------------------------------------------------------------------------ |
124 |
|
125 |
Openswan and IPsec-Tools suffer from an implementation flaw which may |
126 |
allow a Denial of Service attack. |
127 |
|
128 |
For more information, please see the GLSA Announcement[15] |
129 |
15. http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml |
130 |
|
131 |
Xmail: Privilege escalation through sendmail |
132 |
-------------------------------------------- |
133 |
|
134 |
The sendmail program in Xmail is vulnerable to a buffer overflow, |
135 |
potentially resulting in local privilege escalation. |
136 |
|
137 |
For more information, please see the GLSA Announcement[16] |
138 |
16. http://www.gentoo.org/security/en/glsa/glsa-200512-05.xml |
139 |
|
140 |
Ethereal: Buffer overflow in OSPF protocol dissector |
141 |
---------------------------------------------------- |
142 |
|
143 |
Ethereal is missing bounds checking in the OSPF protocol dissector that |
144 |
could lead to abnormal program termination or the execution of arbitrary |
145 |
code. |
146 |
|
147 |
For more information, please see the GLSA Announcement[17] |
148 |
17. http://www.gentoo.org/security/en/glsa/glsa-200512-06.xml |
149 |
|
150 |
OpenLDAP, Gauche: RUNPATH issues |
151 |
-------------------------------- |
152 |
|
153 |
OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the |
154 |
"portage" group to escalate privileges. |
155 |
|
156 |
For more information, please see the GLSA Announcement[18] |
157 |
18. http://www.gentoo.org/security/en/glsa/glsa-200512-07.xml |
158 |
|
159 |
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities |
160 |
--------------------------------------------------- |
161 |
|
162 |
Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and |
163 |
Poppler potentially resulting in the execution of arbitrary code. |
164 |
|
165 |
For more information, please see the GLSA Announcement[19] |
166 |
19. http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml |
167 |
|
168 |
cURL: Off-by-one errors in URL handling |
169 |
--------------------------------------- |
170 |
|
171 |
cURL is vulnerable to local arbitrary code execution via buffer overflow |
172 |
due to the insecure parsing of URLs. |
173 |
|
174 |
For more information, please see the GLSA Announcement[20] |
175 |
20. http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml |
176 |
|
177 |
Opera: Command-line URL shell command injection |
178 |
----------------------------------------------- |
179 |
|
180 |
Lack of URL validation in Opera command-line wrapper could be abused to |
181 |
execute arbitrary commands. |
182 |
|
183 |
For more information, please see the GLSA Announcement[21] |
184 |
21. http://www.gentoo.org/security/en/glsa/glsa-200512-10.xml |
185 |
|
186 |
=========== |
187 |
6. Bugzilla |
188 |
=========== |
189 |
|
190 |
Statistics |
191 |
---------- |
192 |
|
193 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[22]) to record and |
194 |
track bugs, notifications, suggestions and other interactions with the |
195 |
development team. Between 04 December 2005 and 11 December 2005, activity |
196 |
on the site has resulted in: |
197 |
22. http://bugs.gentoo.org |
198 |
|
199 |
* 740 new bugs during this period |
200 |
* 373 bugs closed or resolved during this period |
201 |
* 29 previously closed bugs were reopened this period |
202 |
|
203 |
Of the 9124 currently open bugs: 96 are labeled 'blocker', 195 are labeled |
204 |
'critical', and 542 are labeled 'major'. |
205 |
|
206 |
Closed bug rankings |
207 |
------------------- |
208 |
|
209 |
The developers and teams who have closed the most bugs during this period |
210 |
are: |
211 |
|
212 |
* Java team[23], with 22 closed bugs[24] |
213 |
* Greg Kroah-Hartman[25], with 17 closed bugs[26] |
214 |
* Gentoo KDE team[27], with 12 closed bugs[28] |
215 |
* Gentoo Developer Relations Team[29], with 12 closed bugs[30] |
216 |
* Gentoo's Team for Core System packages[31], with 12 closed bugs[32] |
217 |
* AMD64 Porting Team[33], with 11 closed bugs[34] |
218 |
* Gentoo X-windows packagers[35], with 10 closed bugs[36] |
219 |
* AMD64 Testing Team[37], with 10 closed bugs[38] |
220 |
23. java@g.o |
221 |
24. |
222 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=java@g.o |
223 |
25. gregkh@g.o |
224 |
26. |
225 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=gregkh@g.o |
226 |
27. kde@g.o |
227 |
28. |
228 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=kde@g.o |
229 |
29. devrel@g.o |
230 |
30. |
231 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=devrel@g.o |
232 |
31. base-system@g.o |
233 |
32. |
234 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=base-system@g.o |
235 |
33. amd64@g.o |
236 |
34. |
237 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=amd64@g.o |
238 |
35. x11@g.o |
239 |
36. |
240 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=x11@g.o |
241 |
37. amd64-test@g.o |
242 |
38. |
243 |
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=amd64-test@g.o |
244 |
|
245 |
New bug rankings |
246 |
---------------- |
247 |
|
248 |
The developers and teams who have been assigned the most new bugs during |
249 |
this period are: |
250 |
|
251 |
* Default Assignee for New Packages[39], with 30 new bugs[40] |
252 |
* Default Assignee for Orphaned Packages[41], with 15 new bugs[42] |
253 |
* X11 External Driver Maintainers[43], with 12 new bugs[44] |
254 |
* Mozilla Gentoo Team[45], with 11 new bugs[46] |
255 |
* Gentoo Sound Team[47], with 8 new bugs[48] |
256 |
* Gentoo KDE team[49], with 8 new bugs[50] |
257 |
* Saleem A.[51], with 7 new bugs[52] |
258 |
* Gentoo Linux Gnome Desktop Team[53], with 6 new bugs[54] |
259 |
39. maintainer-wanted@g.o |
260 |
40. |
261 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=maintainer-wanted@g.o |
262 |
41. maintainer-needed@g.o |
263 |
42. |
264 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=maintainer-needed@g.o |
265 |
43. x11-drivers@g.o |
266 |
44. |
267 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=x11-drivers@g.o |
268 |
45. mozilla@g.o |
269 |
46. |
270 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=mozilla@g.o |
271 |
47. sound@g.o |
272 |
48. |
273 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=sound@g.o |
274 |
49. kde@g.o |
275 |
50. |
276 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=kde@g.o |
277 |
51. compnerd@g.o |
278 |
52. |
279 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=compnerd@g.o |
280 |
53. gnome@g.o |
281 |
54. |
282 |
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=gnome@g.o |
283 |
|
284 |
=============== |
285 |
7. GWN feedback |
286 |
=============== |
287 |
|
288 |
Please send us your feedback[55] and help make the GWN better. |
289 |
55. gwn-feedback@g.o |
290 |
|
291 |
=============================== |
292 |
8. GWN subscription information |
293 |
=============================== |
294 |
|
295 |
To subscribe to the Gentoo Weekly Newsletter, send a blank email to |
296 |
gentoo-gwn+subscribe@g.o. |
297 |
|
298 |
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to |
299 |
gentoo-gwn+unsubscribe@g.o from the email address you are |
300 |
subscribed under. |
301 |
|
302 |
================== |
303 |
9. Other languages |
304 |
================== |
305 |
|
306 |
The Gentoo Weekly Newsletter is also available in the following languages: |
307 |
|
308 |
* Danish[56] |
309 |
* Dutch[57] |
310 |
* English[58] |
311 |
* German[59] |
312 |
* French[60] |
313 |
* Korean[61] |
314 |
* Japanese[62] |
315 |
* Italian[63] |
316 |
* Polish[64] |
317 |
* Portuguese (Brazil)[65] |
318 |
* Portuguese (Portugal)[66] |
319 |
* Russian[67] |
320 |
* Spanish[68] |
321 |
* Turkish[69] |
322 |
56. http://www.gentoo.org/news/da/gwn/gwn.xml |
323 |
57. http://www.gentoo.org/news/nl/gwn/gwn.xml |
324 |
58. http://www.gentoo.org/news/en/gwn/gwn.xml |
325 |
59. http://www.gentoo.org/news/de/gwn/gwn.xml |
326 |
60. http://www.gentoo.org/news/fr/gwn/gwn.xml |
327 |
61. http://www.gentoo.org/news/ko/gwn/gwn.xml |
328 |
62. http://www.gentoo.org/news/ja/gwn/gwn.xml |
329 |
63. http://www.gentoo.org/news/it/gwn/gwn.xml |
330 |
64. http://www.gentoo.org/news/pl/gwn/gwn.xml |
331 |
65. http://www.gentoo.org/news/pt_br/gwn/gwn.xml |
332 |
66. http://www.gentoo.org/news/pt/gwn/gwn.xml |
333 |
67. http://www.gentoo.org/news/ru/gwn/gwn.xml |
334 |
68. http://www.gentoo.org/news/es/gwn/gwn.xml |
335 |
69. http://www.gentoo.org/news/tr/gwn/gwn.xml |
336 |
|
337 |
Ulrich Plate <plate@g.o> - Editor |
338 |
Chris White <chriswhite@g.o> - Author |
339 |
|
340 |
-- |
341 |
gentoo-gwn@g.o mailing list |