1 |
--------------------------------------------------------------------------- |
2 |
Gentoo Weekly Newsletter |
3 |
http://www.gentoo.org/news/en/gwn/current.xml |
4 |
This is the Gentoo Weekly Newsletter for the week of 1 August 2005. |
5 |
--------------------------------------------------------------------------- |
6 |
|
7 |
============== |
8 |
1. Gentoo News |
9 |
============== |
10 |
|
11 |
Gentoo Developer Conference in San Francisco |
12 |
-------------------------------------------- |
13 |
|
14 |
A full day Developer (and User) Conference will be held in conjunction |
15 |
with LinuxWorld Expo 2005[1] in San Francisco on August 12th. The |
16 |
conference will feature presentations from members of the development |
17 |
team, as well as time for bug squashing, chit-chat, and key signing. If |
18 |
you will be in the bay area, seats are still available and advance |
19 |
registration is $10. Lunch will be included in the conference, along with |
20 |
a conference T-shirt. For those who can not make it in person, the event |
21 |
will be webcast. |
22 |
|
23 |
1. http://www.linuxworldexpo.com/live/12/events/12SFO05A |
24 |
|
25 |
More information can be found at http://devconference.gentoo.org[2] |
26 |
|
27 |
2. http://devconference.gentoo.org/ |
28 |
|
29 |
The event is sponsored by Global Netoptex Inc., a long time supporter of |
30 |
Gentoo's core infrastructure, and Indiana University, who will be |
31 |
providing webcast capabilities for the event. |
32 |
|
33 |
Wanted: Translators for German documentation |
34 |
-------------------------------------------- |
35 |
|
36 |
The German translation team is looking for new translators. According to |
37 |
our webstats the German docs are the most read after its original language |
38 |
English. So they should be updated as good as possible, but unfortunately |
39 |
some of them are already badly outdated. For updating the translations |
40 |
some more helping hands and brains are needed. If you are good in English |
41 |
and German and want to help out, please send an email to the German lead |
42 |
translator Tobias Scherbaum[3]. |
43 |
|
44 |
3. dertobi123@g.o |
45 |
|
46 |
====================================================================== |
47 |
2. Gentoo Stories: Full success for the monthly Bugday since two years |
48 |
====================================================================== |
49 |
|
50 |
Bugday[4] developers Bryan Østergaard[5] and Scott Shawcroft[6] sent us an |
51 |
article about the monthly Gentoo Bugday. This covers the success during |
52 |
the last two years, shows some nice numbers and will give you a look into |
53 |
the future for the Bugday. |
54 |
|
55 |
4. http://bugday.gentoo.org/ |
56 |
5. kloeri@g.o |
57 |
6. tannewt@g.o |
58 |
|
59 |
Second Bugday anniversary! |
60 |
-------------------------- |
61 |
|
62 |
August 6th, 2005 marks another exciting milestone for the Gentoo Bugday |
63 |
project - a very successful project that helps bring the community a bit |
64 |
closer. |
65 |
|
66 |
A trip down memory lane… |
67 |
------------------------ |
68 |
|
69 |
It all started as an idea by Gentoo Developer Brian Jackson[7] a little |
70 |
more than two years ago. Digging in various mailing lists the first traces |
71 |
seems to be from around July 2003 when Brian posted a request for comments |
72 |
to the gentoo-dev mailing-list on GLEP 6[8]. The thread can be read at in |
73 |
the gmane archive[9]. Everybody seemed to like the idea and the GLEP was |
74 |
accepted in record time - it took less than a month from submitting the |
75 |
GLEP to getting it accepted. |
76 |
|
77 |
7. iggy@g.o |
78 |
8. http://glep.gentoo.org/glep-0006.html |
79 |
9. http://thread.gmane.org/gmane.linux.gentoo.devel/9880 |
80 |
|
81 |
The very first Gentoo Bugday was held on August 2, 2003 and was quite |
82 |
successful in many ways. Lots of bugs were fixed and several new devs were |
83 |
recruited. |
84 |
|
85 |
When Brian Jackson took a brief break as a Gentoo Developer, Bryan |
86 |
Østergaard took over coordinating Bugday activities and have been in |
87 |
charge of Bugday since May 2004. |
88 |
|
89 |
The next big chance came in September 2004 with the grand opening of |
90 |
http://bugday.gentoo.org[10]. The website was mostly implemented by Bjarke |
91 |
Istrup Pedersen[11] and looked almost exactly like it does today. |
92 |
|
93 |
10. http://bugday.gentoo.org/ |
94 |
11. gurligebis@g.o |
95 |
|
96 |
Bugday in numbers |
97 |
----------------- |
98 |
|
99 |
Figuring out how many bugs are squashed due to Bugday is probably |
100 |
impossible but there's some interesting (or at least amusing numbers) to |
101 |
be gained from bugzilla. Asking bugzilla how many bugs (in a closed state) |
102 |
were changed during every Bugday so far, we will get a few (not very |
103 |
scientific) statistics: |
104 |
|
105 |
Most bugs closed during one Bugday period: 344 (feb 2005) Least bugs |
106 |
closed: 124 (aug 2003) Average bugs closed per Bugday: 229 Average bugs |
107 |
closed in 2003: 173 Average bugs closed in 2004: 226 Average bugs closed |
108 |
in 2005: 274 Developers recruited from participating in Bugday: 15+ |
109 |
|
110 |
Looking forward |
111 |
--------------- |
112 |
|
113 |
Fast forwarding to summer 2005 Bryan slowly realised that he needed some |
114 |
help if he wanted to take Bugday any further. So he recruited Scott |
115 |
Shawcroft[12] and Bjarke Istrup Pedersen[13] to help with a few of Bryan's |
116 |
ideas. Fortunately they have a few ideas of their own as well! |
117 |
|
118 |
12. tannewt@g.o |
119 |
13. gurligebis@g.o |
120 |
|
121 |
One of the main goals of holding Bugdays is to build the community while |
122 |
solving bugs. In its current state Bugday participation is limited. With |
123 |
some changes we hope to increase involvement, build the community and |
124 |
groom new developers. Some of the changes we plan on implementing include |
125 |
a from-scratch rebuild of the website and an IRC interface to the new site. |
126 |
|
127 |
Our goal with the new website is to provide more direction for Bugday |
128 |
participants and allowing a greater degree of participation. One way we |
129 |
are going to do that is by classifying bugs by level of difficulty and the |
130 |
coding-language requirements of bugs. This should allow users to filter |
131 |
bugs by their own skill level. |
132 |
|
133 |
In addition to bug classification we are also going to provide a bug |
134 |
voting interface. In short, it will allow users to vote for their favorite |
135 |
bug(s) and thus (hopefully) increase the chance that somebody submits a |
136 |
fix for that bug. We hope this will get some of the more annoying bugs |
137 |
fixed quickly as it should be evident which bugs people want the most to |
138 |
get fixed. It's important to note that this 'bug voting' feature will only |
139 |
be implemented on the Bugday website[14]. |
140 |
|
141 |
14. http://bugday.gentoo.org |
142 |
|
143 |
We hope some of the planned website features will be ready by September |
144 |
and would appreciate all comments, suggestions and questions regarding |
145 |
current and upcoming Bugdays. |
146 |
|
147 |
Join us on irc.freenode.net at #gentoo-bugs[15] and check out the website |
148 |
at http://bugday.gentoo.org[16]. |
149 |
|
150 |
15. irc://irc.freenode.net/gentoo-bugs |
151 |
16. http://bugday.gentoo.org/ |
152 |
|
153 |
Remember, everyone is invited to celebrate both the two year anniversary |
154 |
and a new beginning for Bugdays on the upcoming Saturday! |
155 |
|
156 |
======================================================= |
157 |
3. User Stories: Interview with George K. Thiruvathukal |
158 |
======================================================= |
159 |
|
160 |
This time in featured Gentoo User Stories we present you George K. |
161 |
Thiruvathukal, professor of computer science at Loyola University Chicago. |
162 |
Gentoo Developer Patrick Lauer[17] did the interview which has been |
163 |
arranged with the help of Gentoo Developer Mike Doty[18]: |
164 |
|
165 |
17. patrick@g.o |
166 |
18. kingtaco@g.o |
167 |
|
168 |
Tell us about you. Who are you, where do you work? |
169 |
|
170 |
”I'm a professor of computer science at Loyola University Chicago. We're |
171 |
based in…ehem…Chicago, IL USA.“ |
172 |
|
173 |
What is your job? What computer-related tasks does that involve? |
174 |
|
175 |
”Professor and Graduate Program Director. I'm also the de facto director |
176 |
of computer systems who has a lab manager, Miao Ye, working with me on |
177 |
Linux and open source stuff. Because my research is in parallel and |
178 |
distributed systems, I basically have spent about one third of my life as |
179 |
a sysadmin/hacker.“ |
180 |
|
181 |
When did you discover Linux? When Gentoo? What convinced you of Gentoo? |
182 |
|
183 |
”I discovered Linux in 1991. I was working in a company while completing |
184 |
my Ph.D. studies here in Chicago. A colleague of mine and I installed one |
185 |
of Linus' early kernels and were hooked ever since. I started using Gentoo |
186 |
a couple of years ago at the steadfast insistence of one of my students, |
187 |
Sean McGuire. I had already realized (Sean just pushed me over the edge!!) |
188 |
that most of the other distros, while nicely packaged in some cases, were |
189 |
not using a good foundational approach that made it easy to build |
190 |
everything from source and keep packages up-to-date. Worse, the other |
191 |
approaches were fundamentally limited for my work in high-performance |
192 |
computing, which depends on being able to squeeze every last drop of |
193 |
performance when absolutely required. I was particularly with Gentoo's |
194 |
ability to compile both kernel and packages easily for the processor |
195 |
(family) of interest. |
196 |
|
197 |
At present, two small computing clusters are running Gentoo exclusively. |
198 |
Mike Doty (KingTaco) and I are working on a completely PXE/netbooted |
199 |
setup, which should be deployed within the next few weeks.“ |
200 |
|
201 |
On what machines have you deployed Gentoo? What are your plans for the |
202 |
future? |
203 |
|
204 |
”Everything Linux in our department is running Gentoo—even our Linux lab |
205 |
machines. We have a transparent setup that uses OpenLDAP as the |
206 |
authentication strategy, large-scale storage running on Dell PowerEdge |
207 |
servers (yes, we got Gentoo working on them with some minor pain/suffering |
208 |
along the way.) and several home built servers for e-mail and web access. |
209 |
|
210 |
My future plan—a dream at this point—is to have a 1000+ 64-bit system |
211 |
running Gentoo. :-) Think big!“ |
212 |
|
213 |
How do you handle updates etc.? |
214 |
|
215 |
”Eek, I knew you would ask me a tough question. Well, at present, we sync |
216 |
metadata automatically on most critical servers at least once a month. |
217 |
With system/world updates, we do tend to exercise caution on critical |
218 |
systems, and limit updates to once every 3-6 months. With more |
219 |
experimental machines (ok, our clusters) we update early/often. As we're |
220 |
now going to more of a netbooted setup, we can prepare the image (more or |
221 |
less once) and then just reboot machines to absorb the updates. |
222 |
|
223 |
Obviously, updating /etc files is one of my minor gripes with Gentoo, but |
224 |
I am seeing this as an opportunity to help the Gentoo team in the future. |
225 |
As I do a ton of work with Python and XML, I have in mind a tool that, I |
226 |
think, will make /etc maintenance a little less troublesome and |
227 |
error-prone.“ |
228 |
|
229 |
In general, what problems did you encounter? Where does Linux (and Gentoo |
230 |
in general) have advantages? |
231 |
|
232 |
”In general, we've encountered few problems. I feel particularly blessed |
233 |
that I still have good hacking/coding instincts as I am now in my late |
234 |
30's and trying to keep up with all you crazy 20-somethings. I'm also |
235 |
blessed to have had talented folks like Mike and Sean around to help with |
236 |
certain kernel and desktop matters.“ |
237 |
|
238 |
Where does Linux fail? What (solution|deployment|hack) are you most proud |
239 |
of? |
240 |
|
241 |
”I'm most proud of our LDAP setup. The Gentoo documentation at the time |
242 |
more or less said it couldn't be done, and I was able to get it |
243 |
working—and securely, to boot. There were some broken ACLs that I was able |
244 |
to fix and demonstrate are working properly. We now use it for many of our |
245 |
systems within the department. |
246 |
|
247 |
I'm also proud of the work I've done with my colleague, Prof. Konstantin |
248 |
Läufer, which amounts to having built our own "hosting" service within the |
249 |
department. We are able to do v-hosting of various community/academic |
250 |
portals within our department, which includes e-mail, web, and content |
251 |
management via Plone. All of it works entirely on Gentoo, better yet.“ |
252 |
|
253 |
I heard that you made some computers available for Gentoo development - |
254 |
what convinced you to do this? What hardware? What do you get in return? |
255 |
|
256 |
”Well, a big part of my university is an emphasis on service to others. |
257 |
It's our great honor to repurpose the Sun E250 hardware for Gentoo |
258 |
development purposes. We hope that one day students who want to study |
259 |
about open source technologies will consider our department as a good |
260 |
choice. Not only do we teach about open source in many of our classes, we |
261 |
actually use it!“ |
262 |
|
263 |
How are the responses from others when they hear that you are using Gentoo |
264 |
on "critical" systems? How do you see the OpenSource / commercial software |
265 |
split? Any reasons to (not) use OpenSource? |
266 |
|
267 |
”Well, most people assumed I was insane to begin with, so the responses |
268 |
are about the same. :-) My view is that you are at risk regardless of what |
269 |
you use for critical systems. If you don't keep software up-to-date, keep |
270 |
track of key security advisories, or don't employ best practices, can you |
271 |
really say that you are committed to "mission critical" results? |
272 |
|
273 |
Our view is that critical systems also require the best hardware. In |
274 |
reality, the OS is only as good as what it's running on. For critical |
275 |
systems, we use high-end hardware with strong processor, memory, and I/O |
276 |
performance. I've seen no evidence that Gentoo is any more or less secure |
277 |
than the others. Seemingly, the folks at Gentoo think security is |
278 |
important, judging by the weekly updates mentioned in the newsletter. Are |
279 |
all of the other distributions doing the same thing to keep their users |
280 |
informed? |
281 |
|
282 |
We don't discriminate against commercial software. However, in a time |
283 |
where budgets are tight, there needs to be a case that commercial software |
284 |
is worth the trouble. Also, I wish to point out that students get plenty |
285 |
of support for the commercial alternatives (and way of thinking) from our |
286 |
IS department, which provides ample support for the Windows desktop. Our |
287 |
CS department also has a membership in the MSDN Academic Alliance so our |
288 |
students can choose to learn about open source or commercial technologies. |
289 |
We're not ideologues but think our students should learn about open source |
290 |
as part of a CS education.“ |
291 |
|
292 |
What are your experiences with support? What makes Gentoo good, what makes |
293 |
it difficult? What (dis)advantages would a commercial distribution like |
294 |
RedHat or SuSE offer? |
295 |
|
296 |
”Gentoo does need to rethink a few things: |
297 |
|
298 |
1. Syncing metadata is beginning to take too long. This isn't a big deal |
299 |
when there is one system, but it's a big deal when there are many. There |
300 |
should be a clear/documented way to sync one "master" copy, which can be |
301 |
used to perform local syncs. |
302 |
|
303 |
2. The /etc updating problem is a serious one for servers. I have a |
304 |
workaround but often find myself having to check manually to ensure key |
305 |
/etc files (e.g. conf.d/net, fstab, and modules.autoload.d/kernel-2.6) |
306 |
don't get broken.“ |
307 |
|
308 |
Thank you for the interview. |
309 |
|
310 |
========================= |
311 |
4. Heard in the community |
312 |
========================= |
313 |
|
314 |
gentoo-dev |
315 |
---------- |
316 |
|
317 |
Hold on portage feature requests |
318 |
|
319 |
Portage developer Jason Stubbs[19] let us know, that the portage-dev-team |
320 |
does not accept or include any new feature requests until further notice. |
321 |
Currently there are more than 300 feature requests which hold back |
322 |
critical portage-fixing. More portage-developers are welcome! |
323 |
|
324 |
19. jstubbs@g.o |
325 |
|
326 |
* Hold on portage feature requests[20] |
327 |
20. http://article.gmane.org/gmane.linux.gentoo.devel/30042 |
328 |
|
329 |
|
330 |
News on PHP5 support on Gentoo |
331 |
|
332 |
Stuart Herbert [21], Developer for webapps and PHP, summed up the |
333 |
situation with PHP-support in Gentoo and the situation with PHP5. If you |
334 |
are interested in PHP5 and want to help with testing, you should read |
335 |
Stuart's announcement. |
336 |
|
337 |
21. stuart@g.o |
338 |
|
339 |
* News on PHP5 support on Gentoo[22] |
340 |
22. http://article.gmane.org/gmane.linux.gentoo.devel/30050 |
341 |
|
342 |
|
343 |
Using the ChangeLog as a pre-emerge notice |
344 |
|
345 |
Gentoo-User Alec Warner asked for the possibility to use the ChangeLogs as |
346 |
a kind of pre-emerge notice with critical changes to the package, as you |
347 |
can list them simply with emerge -l <package>. |
348 |
|
349 |
* Changelogs[23] |
350 |
23. http://article.gmane.org/gmane.linux.gentoo.devel/30017 |
351 |
|
352 |
|
353 |
======================= |
354 |
5. Gentoo International |
355 |
======================= |
356 |
|
357 |
USA: LinuxWorld Conference & Expo in San Francisco |
358 |
-------------------------------------------------- |
359 |
|
360 |
Like every year there will be the LWE SF[24] in the Moscone Center, this |
361 |
time from August 8 until 11. And like the last years, Gentoo will be |
362 |
present again with a booth. It's not large, but suitable enough for an x86 |
363 |
and ppc demo and some give-aways. |
364 |
|
365 |
24. http://www.linuxworldexpo.com/live/12/events/12SFO05A |
366 |
|
367 |
If you happen to be registering for an "Exhibit Hall" badge for the |
368 |
upcoming LinuxWorld Expo in San Francisco, use priority code N0339 to let |
369 |
them know that you're coming to support Gentoo! |
370 |
|
371 |
Germany: Two regional Gentoo User Meetings |
372 |
------------------------------------------ |
373 |
|
374 |
On Thursday August 4, there will be a meeting of the |
375 |
Cologne/Bonn-community[25]. But neither in Cologne nor in Bonn they will |
376 |
meet in an all-you-can-eat Chinese Restaurant in Siegburg. |
377 |
|
378 |
25. http://forums.gentoo.org/viewtopic.php?t=40510 |
379 |
|
380 |
The next day, Friday August 5, the well-known Ruhrpott-community[26] meets |
381 |
in Oberhausen. With nine Gentoo Developers (and another nine Users) |
382 |
attending the last meeting it was probably the biggest Developer-meeting |
383 |
outside larger events like fairs! |
384 |
|
385 |
26. http://forums.gentoo.org/viewtopic.php?t=94915 |
386 |
|
387 |
====================== |
388 |
6. Gentoo in the press |
389 |
====================== |
390 |
|
391 |
”Best practices for portable patches“ |
392 |
----------------------------------------- |
393 |
|
394 |
Gentoo Developer Diego Pettenò[27] wrote an article on ”Best practices for |
395 |
portable patches“[28], based mostly on his experience as a Gentoo package |
396 |
maintainer and the Gentoo/BSD port. It offers a nice overview of common |
397 |
problems and how to prevent them, which is especially important for Gentoo |
398 |
as it runs on many different processor architectures. |
399 |
|
400 |
27. flameeyes@g.o |
401 |
28. http://programming.newsforge.com/article.pl?sid=05/07/19/1713230 |
402 |
|
403 |
Gentoo Linux Security Audit Team discovers MySQL flaw |
404 |
----------------------------------------------------- |
405 |
|
406 |
A critical MySQL flaw due to a bug with zlib[29] has been found by Gentoo |
407 |
Linux Security Audit Team member Tavis Ormandy[30]. |
408 |
|
409 |
29. http://www.eweek.com/article2/0,1895,1840084,00.asp |
410 |
30. taviso@g.o |
411 |
|
412 |
================== |
413 |
7. Tips and Tricks |
414 |
================== |
415 |
|
416 |
Catching emerge messages with enotice |
417 |
------------------------------------- |
418 |
|
419 |
Note: Gentoo's Tips and Tricks is not responsible for breaks on your |
420 |
system, although we test the printed Tips and Tricks. The online version |
421 |
should be preferred over the email version, as it may contain updates. |
422 |
|
423 |
One thing portage is lacking for a long time is catching all the notices |
424 |
and warnings during compilation, so that you know what changed during your |
425 |
latest nightly update. You know the bugs where something isn't working any |
426 |
more since the latest update, just because you didn't read the warning |
427 |
that scrolled up the screen while you didn't watched the compile-process? |
428 |
Here is a solution: enotice! |
429 |
|
430 |
enotice is a tiny script from Gentoo Developer Eldad Zack[31] and has been |
431 |
updated by Lindsay Haisley. For installation you should download Thomas |
432 |
Bullinger's enotice installation script[32]. After downloading, call the |
433 |
script: |
434 |
|
435 |
31. http://dev.gentoo.org/~eldad/ |
436 |
32. http://dev.gentoo.org/~eldad/enotice/install-enotice.sh |
437 |
|
438 |
+-------------------------------------------------------------------------+ |
439 |
| Code Listing 7.1: | |
440 |
| Install enotice | |
441 |
+-------------------------------------------------------------------------+ |
442 |
| | |
443 |
|# sh install-enotice.sh | |
444 |
| | |
445 |
+-------------------------------------------------------------------------+ |
446 |
|
447 |
This script downloads and copies enotice to /usr/local/sbin/. It also adds |
448 |
the variable PORT_ENOTICE_DIR to your /etc/make.conf. |
449 |
|
450 |
Now, after your nightly update you can just call enotice, which gives you |
451 |
a nice list of notices and a self-explanatory menu. Usually only warnings |
452 |
will be shown, but you can change the level in order to show also further |
453 |
notices. |
454 |
|
455 |
Finally the GWN team heard rumours that something like enotice will be |
456 |
included into the next big version of portage… |
457 |
|
458 |
=========================== |
459 |
8. Moves, adds, and changes |
460 |
=========================== |
461 |
|
462 |
Moves |
463 |
----- |
464 |
|
465 |
The following developers recently left the Gentoo team: |
466 |
|
467 |
* None this week |
468 |
|
469 |
Adds |
470 |
---- |
471 |
|
472 |
The following developers recently joined the Gentoo Linux team: |
473 |
|
474 |
* New developer: Petteri Räty (Betelgeuse) (Java) |
475 |
* New developer: Fabian Groffen (grobian) (Gentoo/MacOS) |
476 |
* New developer: Jeff Walter (JeffW) (x86 Cobalt RAQ kernels) |
477 |
* New documentation staff: Jan Kundrát (jkt) (Czech translation) |
478 |
* New forums staff: Ioannis Aslanidis (deathwing00) (Greek forums) |
479 |
|
480 |
Changes |
481 |
------- |
482 |
|
483 |
The following developers recently changed roles within the Gentoo Linux |
484 |
project: |
485 |
|
486 |
* None this week |
487 |
|
488 |
================== |
489 |
9. Gentoo security |
490 |
================== |
491 |
|
492 |
fetchmail: Buffer Overflow |
493 |
-------------------------- |
494 |
|
495 |
fetchmail is susceptible to a buffer overflow resulting in a Denial of |
496 |
Service or arbitrary code execution. |
497 |
|
498 |
For more information, please see the GLSA Announcement[33] |
499 |
|
500 |
33. http://www.gentoo.org/security/en/glsa/glsa-200507-21.xml |
501 |
|
502 |
sandbox: Insecure temporary file handling |
503 |
----------------------------------------- |
504 |
|
505 |
The sandbox utility may create temporary files in an insecure manner. |
506 |
|
507 |
For more information, please see the GLSA Announcement[34] |
508 |
|
509 |
34. http://www.gentoo.org/security/en/glsa/glsa-200507-22.xml |
510 |
|
511 |
Kopete: Vulnerability in included Gadu library |
512 |
---------------------------------------------- |
513 |
|
514 |
Kopete is vulnerable to several input validation vulnerabilities which may |
515 |
lead to execution of arbitrary code. |
516 |
|
517 |
For more information, please see the GLSA Announcement[35] |
518 |
|
519 |
35. http://www.gentoo.org/security/en/glsa/glsa-200507-23.xml |
520 |
|
521 |
Mozilla Suite: Multiple vulnerabilities |
522 |
--------------------------------------- |
523 |
|
524 |
Several vulnerabilities in the Mozilla Suite allow attacks ranging from |
525 |
the execution of javascript code with elevated privileges to information |
526 |
leakage. |
527 |
|
528 |
For more information, please see the GLSA Announcement[36] |
529 |
|
530 |
36. http://www.gentoo.org/security/en/glsa/glsa-200507-24.xml |
531 |
|
532 |
Clam AntiVirus: Integer overflows |
533 |
--------------------------------- |
534 |
|
535 |
Clam AntiVirus is vulnerable to integer overflows when handling several |
536 |
file formats, potentially resulting in the execution of arbitrary code. |
537 |
|
538 |
For more information, please see the GLSA Announcement[37] |
539 |
|
540 |
37. http://www.gentoo.org/security/en/glsa/glsa-200507-25.xml |
541 |
|
542 |
GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu |
543 |
library |
544 |
------- |
545 |
|
546 |
GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer |
547 |
overflow which could potentially lead to the execution of arbitrary code |
548 |
or a Denial of Service. |
549 |
|
550 |
For more information, please see the GLSA Announcement[38] |
551 |
|
552 |
38. http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml |
553 |
|
554 |
Ethereal: Multiple vulnerabilities |
555 |
---------------------------------- |
556 |
|
557 |
Ethereal is vulnerable to numerous vulnerabilities potentially resulting |
558 |
in the execution of arbitrary code or abnormal termination. |
559 |
|
560 |
For more information, please see the GLSA Announcement[39] |
561 |
|
562 |
39. http://www.gentoo.org/security/en/glsa/glsa-200507-27.xml |
563 |
|
564 |
AMD64 x86 emulation base libraries: Buffer overflow |
565 |
--------------------------------------------------- |
566 |
|
567 |
The x86 emulation base libraries for AMD64 contain a vulnerable version of |
568 |
zlib which could potentially lead to execution of arbitrary code. |
569 |
|
570 |
For more information, please see the GLSA Announcement[40] |
571 |
|
572 |
40. http://www.gentoo.org/security/en/glsa/glsa-200507-28.xml |
573 |
|
574 |
pstotext: Remote execution of arbitrary code |
575 |
-------------------------------------------- |
576 |
|
577 |
pstotext contains a vulnerability which can potentially result in the |
578 |
execution of arbitrary code. |
579 |
|
580 |
For more information, please see the GLSA Announcement[41] |
581 |
|
582 |
41. http://www.gentoo.org/security/en/glsa/glsa-200507-29.xml |
583 |
|
584 |
============ |
585 |
10. Bugzilla |
586 |
============ |
587 |
|
588 |
Summary |
589 |
------- |
590 |
|
591 |
* Statistics |
592 |
* Closed bug ranking |
593 |
* New bug rankings |
594 |
|
595 |
Statistics |
596 |
---------- |
597 |
|
598 |
The Gentoo community uses Bugzilla (bugs.gentoo.org[42]) to record and |
599 |
track bugs, notifications, suggestions and other interactions with the |
600 |
development team. Between 23 July 2005 and 30 July 2005, activity on the |
601 |
site has resulted in: |
602 |
|
603 |
42. http://bugs.gentoo.org |
604 |
|
605 |
* 792 new bugs during this period |
606 |
* 416 bugs closed or resolved during this period |
607 |
* 23 previously closed bugs were reopened this period |
608 |
|
609 |
Of the 8027 currently open bugs: 111 are labeled 'blocker', 195 are |
610 |
labeled 'critical', and 538 are labeled 'major'. |
611 |
|
612 |
Closed bug rankings |
613 |
------------------- |
614 |
|
615 |
The developers and teams who have closed the most bugs during this period |
616 |
are: |
617 |
|
618 |
* AMD64 Porting Team[43], with 26 closed bugs[44] |
619 |
* Gentoo Security[45], with 20 closed bugs[46] |
620 |
* Xavier Neys[47], with 20 closed bugs[48] |
621 |
* Mozilla Gentoo Team[49], with 16 closed bugs[50] |
622 |
* Gentoo Games[51], with 16 closed bugs[52] |
623 |
* Gentoo KDE team[53], with 15 closed bugs[54] |
624 |
* Sergey Kuleshov[55], with 13 closed bugs[56] |
625 |
* Default Assignee for Orphaned Packages[57], with 12 closed bugs[58] |
626 |
43. amd64@g.o |
627 |
44. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-23&chfieldto=2005-07-30&resolution=FIXED&assigned_to=amd64@g.o |
628 |
45. security@g.o |
629 |
46. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-23&chfieldto=2005-07-30&resolution=FIXED&assigned_to=security@g.o |
630 |
47. neysx@g.o |
631 |
48. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-23&chfieldto=2005-07-30&resolution=FIXED&assigned_to=neysx@g.o |
632 |
49. mozilla@g.o |
633 |
50. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-23&chfieldto=2005-07-30&resolution=FIXED&assigned_to=mozilla@g.o |
634 |
51. games@g.o |
635 |
52. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-23&chfieldto=2005-07-30&resolution=FIXED&assigned_to=games@g.o |
636 |
53. kde@g.o |
637 |
54. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-23&chfieldto=2005-07-30&resolution=FIXED&assigned_to=kde@g.o |
638 |
55. svyatogor@g.o |
639 |
56. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-23&chfieldto=2005-07-30&resolution=FIXED&assigned_to=svyatogor@g.o |
640 |
57. maintainer-needed@g.o |
641 |
58. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-07-23&chfieldto=2005-07-30&resolution=FIXED&assigned_to=maintainer-needed@g.o |
642 |
|
643 |
|
644 |
New bug rankings |
645 |
---------------- |
646 |
|
647 |
The developers and teams who have been assigned the most new bugs during |
648 |
this period are: |
649 |
|
650 |
* Default Assignee for New Packages[59], with 76 new bugs[60] |
651 |
* Default Assignee for Orphaned Packages[61], with 17 new bugs[62] |
652 |
* Stefaan De Roeck[63], with 16 new bugs[64] |
653 |
* Mozilla Gentoo Team[65], with 12 new bugs[66] |
654 |
* Gentoo Toolchain Maintainers[67], with 11 new bugs[68] |
655 |
* Gentoo Sound Team[69], with 11 new bugs[70] |
656 |
* Gentoo Linux Gnome Desktop Team[71], with 9 new bugs[72] |
657 |
* Gentoo Science Related Packages[73], with 8 new bugs[74] |
658 |
59. maintainer-wanted@g.o |
659 |
60. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-23&chfieldto=2005-07-30&assigned_to=maintainer-wanted@g.o |
660 |
61. maintainer-needed@g.o |
661 |
62. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-23&chfieldto=2005-07-30&assigned_to=maintainer-needed@g.o |
662 |
63. stefaan.deroeck@×××××.com |
663 |
64. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-23&chfieldto=2005-07-30&assigned_to=stefaan.deroeck@×××××.com |
664 |
65. mozilla@g.o |
665 |
66. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-23&chfieldto=2005-07-30&assigned_to=mozilla@g.o |
666 |
67. toolchain@g.o |
667 |
68. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-23&chfieldto=2005-07-30&assigned_to=toolchain@g.o |
668 |
69. sound@g.o |
669 |
70. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-23&chfieldto=2005-07-30&assigned_to=sound@g.o |
670 |
71. gnome@g.o |
671 |
72. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-23&chfieldto=2005-07-30&assigned_to=gnome@g.o |
672 |
73. sci@g.o |
673 |
74. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-07-23&chfieldto=2005-07-30&assigned_to=sci@g.o |
674 |
|
675 |
|
676 |
================ |
677 |
11. GWN feedback |
678 |
================ |
679 |
|
680 |
Please send us your feedback[75] and help make the GWN better. |
681 |
|
682 |
75. gwn-feedback@g.o |
683 |
|
684 |
================================ |
685 |
12. GWN subscription information |
686 |
================================ |
687 |
|
688 |
To subscribe to the Gentoo Weekly Newsletter, send a blank email to |
689 |
gentoo-gwn+subscribe@g.o. |
690 |
|
691 |
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to |
692 |
gentoo-gwn+unsubscribe@g.o from the email address you are |
693 |
subscribed under. |
694 |
|
695 |
=================== |
696 |
13. Other languages |
697 |
=================== |
698 |
|
699 |
The Gentoo Weekly Newsletter is also available in the following languages: |
700 |
|
701 |
* Danish[76] |
702 |
* Dutch[77] |
703 |
* English[78] |
704 |
* German[79] |
705 |
* French[80] |
706 |
* Japanese[81] |
707 |
* Italian[82] |
708 |
* Polish[83] |
709 |
* Portuguese (Brazil)[84] |
710 |
* Portuguese (Portugal)[85] |
711 |
* Russian[86] |
712 |
* Spanish[87] |
713 |
* Turkish[88] |
714 |
76. http://www.gentoo.org/news/da/gwn/gwn.xml |
715 |
77. http://www.gentoo.org/news/nl/gwn/gwn.xml |
716 |
78. http://www.gentoo.org/news/en/gwn/gwn.xml |
717 |
79. http://www.gentoo.org/news/de/gwn/gwn.xml |
718 |
80. http://www.gentoo.org/news/fr/gwn/gwn.xml |
719 |
81. http://www.gentoo.org/news/ja/gwn/gwn.xml |
720 |
82. http://www.gentoo.org/news/it/gwn/gwn.xml |
721 |
83. http://www.gentoo.org/news/pl/gwn/gwn.xml |
722 |
84. http://www.gentoo.org/news/pt_br/gwn/gwn.xml |
723 |
85. http://www.gentoo.org/news/pt/gwn/gwn.xml |
724 |
86. http://www.gentoo.org/news/ru/gwn/gwn.xml |
725 |
87. http://www.gentoo.org/news/es/gwn/gwn.xml |
726 |
88. http://www.gentoo.org/news/tr/gwn/gwn.xml |
727 |
|
728 |
|
729 |
Ulrich Plate <plate@g.o> - Editor |
730 |
Patrick Lauer <patrick@g.o> - Author |
731 |
Lars Weiler <pylon@g.o> - Author |
732 |
Corey Shields <cshields@g.o> - Author |
733 |
Bryan Østergaard <kloeri@g.o> - Author |
734 |
Scott Shawcroft <tannewt@g.o> - Author |
735 |
|
736 |
-- |
737 |
gentoo-gwn@g.o mailing list |