Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-gwn
Navigation:
Lists: gentoo-gwn: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-gwn@g.o
From: Ulrich Plate <plate@g.o>
Subject: Gentoo Weekly Newsletter 25 April 2005
Date: Tue, 26 Apr 2005 01:27:45 +0200
---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 25 April 2005.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
Project Dolphin: Experimental rescue CD
---------------------------------------
  
Benjamin Judas[1] announced last Friday that the release-engineering team 
has created a new experimental subproject called "Project Dolphin" in 
order to provide a feature-enhanced LiveCD version targeted at system 
rescue. Much like the unofficial French SysRescueCD[2] that is also based 
on the Gentoo LiveCD, Project Dolphin aims at offering all the tools 
needed for the recovery of broken installations, failing harddisks or 
other systems in need of rescue. 

 1. beejay@g.o
 2. http://www.sysresccd.org/
 
Figure 1.1: Project Dolphin - LiveCD for rescue missions
http://www.gentoo.org/images/gwn/20050425_pd.png
 
Highlights of the CD include zsh, samba, bacula, mc, dar, mutt, xfsdump, 
ide-smart, netcat, nmap, chrootkit, partimage, ncftp, centericq, 
bind-tools, alsa-utils, mpg321. A very early test ISO image, actively 
soliciting testers, has been made available in the experimental section of 
the Gentoo mirrors[3] for download, in the /experimental/x86/livecd/x86 
path. Users are strongly encouraged to submit comments to a freshly 
introduced meta-bug[4], either to report problems or to request feature 
additions. Thanks a lot for your support! 

 3. http://www.gentoo.org/main/en/mirrors.xml
 4. http://bugs.gentoo.org/show_bug.cgi?id=90053
    
International Gentoo mailing list additions
-------------------------------------------
  
Two new mailing lists have been made available last week: The Dutch 
version of the Gentoo Weekly Newsletter is now distributed in plain text 
version via e-mail, at gentoo-gwn-nl@g.o, shortly after being 
translated from the English original. As all other newsletter lists, it is 
for distribution only. Dutch and Flemish speaking readers of the GWN can 
subscribe to the new list by sending an e-mail to 
gentoo-gwn-nl-subscribe@g.o and following the instructions in the 
confirmation message they'll receive. 
 
A regular support and discussion list has been set up for all Russian 
Gentoo users, as Konstantin V. Arkhipov[5] announced last week. 
gentoo-user-ru@g.o can be subscribed by sending a blank message to 
gentoo-user-ru-subscribe@g.o. A full list of official Gentoo 
mailing lists, both English and non-English ones, is available along with 
usage instructions at the mailing list page[6]. 

 5. voxus@g.o
 6. http://www.gentoo.org/main/en/lists.xml
    
========================
2. Developer of the week
========================
  
"Gentoo is Zen applied to software" -- Patrick Lauer (bonsaikitten)
-------------------------------------------------------------------
  
Figure 2.1: Patrick Lauer aka Bonsaikitten
http://www.gentoo.org/images/gwn/20050425_bonsaikitten.jpg
 
This week's featured developer is bonsaikitten[7], who goes by the name 
Patrick Lauer in real life. He has no allegiance pledged to any particular 
faction of Gentoo devhood, but likes to work on a bit of everything. Since 
late 2004 he is also a regular contributor to the GWN, in particular the 
gentoo-dev mailing list summaries and this column, the dev-of-the-week, 
are usually authored by him. 

 7. patrick@g.o
 
Patrick operates the gentooexperimental.org[8] server, offering ressources 
for weird and unfinished ideas, including (but not limited to) tinderbox, 
the script repository[9] and future (web-)rsync replacement candidates. 
Planet Gentoo was first hosted on Patrick's server before being moved onto 
official hardware managed by the Gentoo infrastructure team. 

 8. http://gentooexperimental.org
 9. 
 
During the day he's a student of Computer Science at the RWTH Aachen, 
Germany, where he has started writing his thesis on "anonymous networks", 
leaving precious little time for everything else, but after four and a 
half years at the university he feels ready to move on. His computing 
environment is a room full of crummy old hardware, a Quad Xeon, two 
Athlons, and (courtesy of the CS faculty of his university) a 16-CPU 
cluster. 
 
He is a user of blackbox, firefox, licq, sometimes konqueror, and -- due 
to vendor lock-in -- evolution, which seems to get less useful with every 
revision, "as do all gnomes and trolls," says Patrick. He likes to work in 
Python, but other languages are no problem, either - "unless they are 
called Java and need longish incantations for every single statement." 
When the weather permits he can be found mountainbiking in the woods and 
fields around Aachen. He also enjoys good food, good (Belgian) beer, and 
the presence of preferably highly intelligent and sexy women (although the 
latter does not happen as often as desired). His motto is borrowed from 
Alfred Lord Tennyson: "It is better to have loved and lost than never to 
have loved at all." 
    
=========================
3. Heard in the community
=========================
  
gentoo-dev
----------
  
Some new xorg ebuilds
 
For all those that desparately need the newest and most bleeding edge 
stuff, Donnie Berkholz[10] has put some new xorg ebuilds in portage. Bug 
reports are appreciated. Especially the 6.8.99.* snapshots might be 
interesting to try out - but be warned, it might break ... 

 10. spyderous@g.o
 
 * new xorg ebuilds [11] 
 11. http://thread.gmane.org/gmane.linux.gentoo.devel/27145

 
Category rename
 
Since there are many proxies (but not all of them www only), the www-proxy 
category might be renamed to net-proxy. All the SOCKS, www, ftp etc. 
proxies will then be easy to find in their new category. 
 
 * Category rename [12] 
 12. http://thread.gmane.org/gmane.linux.gentoo.devel/27153

 
Gentoo as a development platform
 
Daniel Drake[13] starts a discussion on how to use Gentoo as a development 
platform where you usually have to pull in various fixes from CVS. How do 
you keep everything under portage's control while still being able to fix 
things? Does portage support live CVS ebuilds in a sane fashion? Read on 
to find out more. 

 13. dsd@g.o
 
 * Gentoo as development platform [14] 
 14. http://thread.gmane.org/gmane.linux.gentoo.devel/27088

 
Apache problems
 
As some of you might have noticed, the Gentoo Apache team has done some 
quite extensive changes to the newest versions of Apache. This was done 
for various reasons, including (but not limited to) easier maintenance. 
This has caused various problems since there is no easy migration path, 
and most users don't want to throw away their apache config and start from 
scratch. Because of this the newest versions are package.mask'ed until 
this situation is resolved. 
 
 * package.mask'ing the new apache ebuilds [15] 
 * new apache stuff in testing[16] 
 15. http://thread.gmane.org/gmane.linux.gentoo.devel/27071
 16. http://thread.gmane.org/gmane.linux.gentoo.devel/27208

    
=======================
4. Gentoo International
=======================
  
Switzerland: Pentoo - Gentoo-based intrusion detection LiveCD
-------------------------------------------------------------
  
"Pentoo"[17] is an acronym for "PENetration on genTOO". It is based on 
kernel version 2.6.10, uses the Gnome desktop environment, and aims to 
provide a complete platform for intrusion detection, penetration-testing 
and security assessment. The content of the LiveCD can be updated, 
allowing for up-to-date fingerprint and vulnerability databases, for tools 
that require regular updates like the Nessus plugins, or scanner 
fingerprint files, metasploit etc. Users can optionaly store data on USB 
sticks for non-volatile storage support. Pentoo's author, Michael 
Zanetta[18], emphasizes that "it has to be considered beta as I have not 
much time to test it carefully," so feedback and comments are very 
welcome, at bugs@... A roadmap for the project[19] is available, 
too. 

 17. http://www.netsc.ch/pentoo/
 18. grimmlin@...
 19. http://www.netsc.ch/pentoo/project.txt
 
Figure 4.1: Penetration testing based on Gentoo: Swiss 'Pentoo'
http://www.gentoo.org/images/gwn/20050425_pentoo.png
    
======================
5. Gentoo in the press
======================
  
Somos libres (25 April 2005, in Spanish)
----------------------------------------
  
Today's edition of the Peruvian "Free and Open Software User Group" 
website at Somos Libres has an interview with Daniel Oliveira,[20] one of 
the heads of the Gentoo spin-off project Ututo[21] developed at and around 
the university of Buenos Aires in neighboring Argentina. Oliveira, who 
represents a core team of 37 developers busy pushing Ututo to individual 
users, but also into municipal services and small and medium enterprises 
in Argentina, explains the history and the current status of the project. 

 20. http://somoslibres.org/modules.php?name=News&file=article&sid=518
 21. https://e.ututo.org.ar/indexes.html
    
===========================
6. Moves, adds, and changes
===========================
  
Moves
-----
  
The following developers recently left the Gentoo team: 
 
 * None this week  
    
Adds
----
  
The following developers recently joined the Gentoo Linux team: 
 
 * Herbie Hopkins (Herbs) - AMD64  
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project:
 
 * None this week  
    
==================
7. Gentoo security
==================
  
phpMyAdmin: Cross-site scripting vulnerability
----------------------------------------------
  
phpMyAdmin is vulnerable to a cross-site scripting attack. 
 
For more information, please see the GLSA Announcement[22] 

 22. http://www.gentoo.org/security/en/glsa/glsa-200504-08.xml
    
Axel: Vulnerability in HTTP redirection handling
------------------------------------------------
  
A buffer overflow vulnerability has been found in Axel which could lead to 
the execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[23] 

 23. http://www.gentoo.org/security/en/glsa/glsa-200504-09.xml
    
Gld: Remote execution of arbitrary code
---------------------------------------
  
Gld contains several serious vulnerabilities, potentially resulting in the 
execution of arbitrary code as the root user. 
 
For more information, please see the GLSA Announcement[24] 

 24. http://www.gentoo.org/security/en/glsa/glsa-200504-10.xml
    
JunkBuster: Multiple vulnerabilities
------------------------------------
  
JunkBuster is vulnerable to a heap corruption vulnerability, and under 
certain configurations may allow an attacker to modify settings. 
 
For more information, please see the GLSA Announcement[25] 

 25. http://www.gentoo.org/security/en/glsa/glsa-200504-11.xml
    
rsnapshot: Local privilege escalation
-------------------------------------
  
rsnapshot allows a local user to take ownership of local files, resulting 
in privilege escalation. 
 
For more information, please see the GLSA Announcement[26] 

 26. http://www.gentoo.org/security/en/glsa/glsa-200504-12.xml
    
OpenOffice.Org: DOC document Heap Overflow
------------------------------------------
  
OpenOffice.Org is vulnerable to a heap overflow when processing DOC 
documents, which could lead to arbitrary code execution. 
 
For more information, please see the GLSA Announcement[27] 

 27. http://www.gentoo.org/security/en/glsa/glsa-200504-13.xml
    
monkeyd: Multiple vulnerabilities
---------------------------------
  
Format string and Denial of Service vulnerabilities have been discovered 
in the monkeyd HTTP server, potentially resulting in the execution of 
arbitrary code. 
 
For more information, please see the GLSA Announcement[28] 

 28. http://www.gentoo.org/security/en/glsa/glsa-200504-14.xml
    
PHP: Multiple vulnerabilities
-----------------------------
  
Several vulnerabilities were found and fixed in PHP image handling 
functions, potentially resulting in Denial of Service conditions or the 
remote execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[29] 

 29. http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml
    
CVS: Multiple vulnerabilities
-----------------------------
  
Several serious vulnerabilities have been found in CVS, which may allow an 
attacker to remotely compromise a CVS server or cause a DoS. 
 
For more information, please see the GLSA Announcement[30] 

 30. http://www.gentoo.org/security/en/glsa/glsa-200504-16.xml
    
XV: Multiple vulnerabilities
----------------------------
  
Multiple vulnerabilities have been discovered in XV, potentially resulting 
in the execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[31] 

 31. http://www.gentoo.org/security/en/glsa/glsa-200504-17.xml
    
Mozilla Firefox, Mozilla Suite: Multiple vulnerabilities
--------------------------------------------------------
  
New Mozilla Firefox and Mozilla Suite releases fix new security 
vulnerabilities, including memory disclosure and various ways of executing 
JavaScript code with elevated privileges. 
 
For more information, please see the GLSA Announcement[32] 

 32. http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml
    
MPlayer: Two heap overflow vulnerabilities
------------------------------------------
  
Two vulnerabilities have been found in MPlayer which could lead to the 
remote execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[33] 

 33. http://www.gentoo.org/security/en/glsa/glsa-200504-19.xml
    
openMosixview: Insecure temporary file creation
-----------------------------------------------
  
openMosixview and the openMosixcollector daemon are vulnerable to symlink 
attacks, potentially allowing a local user to overwrite arbitrary files. 
 
For more information, please see the GLSA Announcement[34] 

 34. http://www.gentoo.org/security/en/glsa/glsa-200504-20.xml
    
RealPlayer, Helix Player: Buffer overflow vulnerability
-------------------------------------------------------
  
RealPlayer and Helix Player are vulnerable to a buffer overflow that could 
lead to remote execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[35] 

 35. http://www.gentoo.org/security/en/glsa/glsa-200504-21.xml
    
KDE kimgio: PCX handling buffer overflow
----------------------------------------
  
KDE fails to properly validate input when handling PCX images, potentially 
resulting in the execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[36] 

 36. http://www.gentoo.org/security/en/glsa/glsa-200504-22.xml
    
Kommander: Insecure remote script execution
-------------------------------------------
  
Kommander executes remote scripts without confirmation, potentially 
resulting in the execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[37] 

 37. http://www.gentoo.org/security/en/glsa/glsa-200504-23.xml
    
===========
8. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[38]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 17 April 2005 and 24 April 2005, activity on the 
site has resulted in: 

 38. http://bugs.gentoo.org
 
 * 817 new bugs during this period 
 * 493 bugs closed or resolved during this period 
 * 14 previously closed bugs were reopened this period 
 
Of the 8497 currently open bugs: 89 are labeled 'blocker', 231 are labeled 
'critical', and 628 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * media-video herd[39], with 44 closed bugs[40]  
 * AMD64 Porting Team[41], with 43 closed bugs[42]  
 * Gentoo Sound Team[43], with 19 closed bugs[44]  
 * Gentoo Security[45], with 18 closed bugs[46]  
 * Jeremy Huddleston[47], with 16 closed bugs[48]  
 * Java team[49], with 13 closed bugs[50]  
 * Gentoo Science Related Packages[51], with 12 closed bugs[52]  
 * Daniel Black[53], with 12 closed bugs[54]  
 39. media-video@g.o
 40. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-17&chfieldto=2005-04-24&resolution=FIXED&assigned_to=media-video@g.o
 41. amd64@g.o
 42. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-17&chfieldto=2005-04-24&resolution=FIXED&assigned_to=amd64@g.o
 43. sound@g.o
 44. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-17&chfieldto=2005-04-24&resolution=FIXED&assigned_to=sound@g.o
 45. security@g.o
 46. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-17&chfieldto=2005-04-24&resolution=FIXED&assigned_to=security@g.o
 47. eradicator@g.o
 48. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-17&chfieldto=2005-04-24&resolution=FIXED&assigned_to=eradicator@g.o
 49. java@g.o
 50. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-17&chfieldto=2005-04-24&resolution=FIXED&assigned_to=java@g.o
 51. sci@g.o
 52. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-17&chfieldto=2005-04-24&resolution=FIXED&assigned_to=sci@g.o
 53. dragonheart@g.o
 54. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-04-17&chfieldto=2005-04-24&resolution=FIXED&assigned_to=dragonheart@g.o

    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * Gentoo Linux bug wranglers[55], with 19 new bugs[56]  
 * Mozilla Gentoo Team[57], with 13 new bugs[58]  
 * media-video herd[59], with 13 new bugs[60]  
 * Gentoo Sound Team[61], with 11 new bugs[62]  
 * Jeremy Huddleston[63], with 11 new bugs[64]  
 * Television related Applications in Gentoo's Portage[65], with 10 new 
bugs[66]  
 * Gentoo KDE team[67], with 9 new bugs[68]  
 * Gentoo Linux Gnome Desktop Team[69], with 9 new bugs[70]  
 55. bug-wranglers@g.o
 56. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-17&chfieldto=2005-04-24&assigned_to=bug-wranglers@g.o
 57. mozilla@g.o
 58. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-17&chfieldto=2005-04-24&assigned_to=mozilla@g.o
 59. media-video@g.o
 60. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-17&chfieldto=2005-04-24&assigned_to=media-video@g.o
 61. sound@g.o
 62. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-17&chfieldto=2005-04-24&assigned_to=sound@g.o
 63. eradicator@g.o
 64. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-17&chfieldto=2005-04-24&assigned_to=eradicator@g.o
 65. media-tv@g.o
 66. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-17&chfieldto=2005-04-24&assigned_to=media-tv@g.o
 67. kde@g.o
 68. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-17&chfieldto=2005-04-24&assigned_to=kde@g.o
 69. gnome@g.o
 70. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-04-17&chfieldto=2005-04-24&assigned_to=gnome@g.o

    
===============
9. GWN feedback
===============
   
Please send us your feedback[71] and help make the GWN better.

 71. gwn-feedback@g.o
    
================================
10. GWN subscription information
================================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-subscribe@g.o. 
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@g.o from the email address you are 
subscribed under. 
    
===================
11. Other languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[72]  
 * Dutch[73]  
 * English[74]  
 * German[75]  
 * French[76]  
 * Japanese[77]  
 * Italian[78]  
 * Polish[79]  
 * Portuguese (Brazil)[80]  
 * Portuguese (Portugal)[81]  
 * Russian[82]  
 * Spanish[83]  
 * Turkish[84]  
 72. http://www.gentoo.org/news/da/gwn/gwn.xml
 73. http://www.gentoo.org/news/nl/gwn/gwn.xml
 74. http://www.gentoo.org/news/en/gwn/gwn.xml
 75. http://www.gentoo.org/news/de/gwn/gwn.xml
 76. http://www.gentoo.org/news/fr/gwn/gwn.xml
 77. http://www.gentoo.org/news/ja/gwn/gwn.xml
 78. http://www.gentoo.org/news/it/gwn/gwn.xml
 79. http://www.gentoo.org/news/pl/gwn/gwn.xml
 80. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
 81. http://www.gentoo.org/news/pt/gwn/gwn.xml
 82. http://www.gentoo.org/news/ru/gwn/gwn.xml
 83. http://www.gentoo.org/news/es/gwn/gwn.xml
 84. http://www.gentoo.org/news/tr/gwn/gwn.xml

   
Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author

-- 
gentoo-gwn@g.o mailing list

Navigation:
Lists: gentoo-gwn: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Gentoo Weekly Newsletter 18 April 2005
Next by thread:
Gentoo Weekly Newsletter 2 May 2005
Previous by date:
Gentoo Weekly Newsletter 18 April 2005
Next by date:
Gentoo Weekly Newsletter 2 May 2005


Updated Jun 17, 2009

Summary: Archive of the gentoo-gwn mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.