Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 29 August 2005
Date: Mon, 29 Aug 2005 00:19:02
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 29 August 2005.
1. Gentoo news
Gentoo documentation updates
The Gentoo documentation has been amazing users ever since the project 
started five years ago, but even for an impressive collection it 
represents today, there's still plenty of room for growth. Even when 
everything else is somewhat slowing down over the summer, the 
documentation team does some catching up with development and continues to 
publish and update texts left and right. Among other things, two entirely 
new guides have been contributed last week: 
 * Ioannis Aslanidis[1], Shyam Mani[2] and Douglas Russell[3] wrote most 
of the new Gentoo Bluetooth guide[4], explaining how to install the 
devices, configure the kernel, and show the whole diversity of Bluetooth.  
 * Chris White[5] has written a complete introductory tutorial on setting 
up MySQL[6]  
 1. deathwing00@g.o
 2. fox2mike@g.o
 3. puggy@g.o
 5. chriswhite@g.o

Tim Yamin's[7] guide on genkernel has been updated again, too, reflecting 
changes that have been introduced for the 2005.1 release. Equally updated 
was the page that collects articles published by Gentoo authors[8] in 
different media, many of them on the IBM developer works pages. By the 
way, if you're interested in popularity statistics of the different items 
on offer at the documentation project, check the Topdocs page[9] once in a 

 7. plasmaroo@g.o
2. Heard in the community
Fixing the TERM mess
Ciaran McCreesh[10] gives an exhaustive explanation of the differences 
between different terminals (e.g. xterm, konsole, Gnome Terminal) and why 
the current behaviour is mostly broken. He also explains the two competing 
methods for finding terminal capabilities (termcap and terminfo) and their 
differences. There are a few possibilities for sorting out this suboptimal 
situation - read on to find out all the details! 

 10. ciaranm@g.o
 * Fixing the TERM mess [11]  

Multiple portage threads
While on the surface Portage development seems to have come to a 
standstill much is happening behind the scenes. Some of the design 
decisions for the upcoming new-and-improved Portage are rather radical or 
will change existing behaviour dramatically enough for multiple threads 
discussing Portage internals and changes this week: 
 * stripping implementation in portage [12] 
 * future restrictions to DISTDIR access from the ebuild env [13] 
 * proposed shift of files in the tree of non profiles files into seperate 
dir [14] 
 * [RFC] EAPI [15] 

[RFC] autotools support eclass
There is a lot of black magic in the build tools known as "autotools". 
While many developers try to stay away from them, some are forced to work 
with them and try to improve the handling of autotools in Gentoo. A 
proposal by Diego Pettenò[16] for an autotools support eclass to help with 
autotools magic is discussed in much detail in this thread. 

 16. flameeyes@g.o
 * [RFC] autotools support eclass [17] 

3. Gentoo international
Sweden: Gentoo-based Mupper rescue CD for PegasosPPC
Figure 3.1: Mupper logo
Last Saturday Mikael Karlsson, known as lisardman to his local Linux User 
Group[18] and others, released version 0.3 of his "Mupper"[19] project. A 
rescue system similar to Dolphin[20] or SystemRescueCd[21], Mupper is also 
based on Gentoo Linux, but designed especially for PegasosPPCs, namely for 
Gentoo sponsor Genesi's Open Desktop Workstations[22]. Mupper carries 
several tools like parted to be expected in rescue media, and offers 
support for the AmigaFFS and many other filesystems. 

4. Gentoo in the press
Linux Journal (25 August 2005)
Just in case you've always wanted to set up and run a call center, Michael 
George's article in Linux Journal[23] tells you how to do it, with a 
little help from his friends Gentoo, the Linux Terminal Server Project, 
soft-phone application kphone, and a few terminals and headsets. The 
result leaves nothing to desire in terms of comfort and usability compared 
to expensive commercial solutions, but the use of readily available 
open-source solutions keeps the project from outgrowing the tight budget 
of the not-for-profit association it's being set up for. 

 23. (26 August 2005)
The Puerto-Rican commercial Gentoo spin-off Vidalinux has released a new 
version 1.2 recently, and author Jem Matzan wrote a review of 
VLOS 1.2[24] that couldn't possibly be any less indulgent. Vidalinux 
(basically Gentoo with Red Hat's Anaconda installer screwed on top) pretty 
much evolves along the same lines as Gentoo itself, but Matzan compares it 
to other commercial vendors, and consequently isn't impressed at all: "The 
changes and enhancements to this edition are significant, but not good 
enough to save this conceptually astute operating system from failure." 
Vidalinux apparently did put some effort into the modification of one of 
the Portage GUI projects -- Porthole[25] -- and rebaptized it Yukiyu, but 
"while it's no trouble to use the preinstalled applications, you'll run 
into problems trying to update current packages or install new software 
through Yukiyu." 

5. Moves, adds, and changes
The following developers recently left the Gentoo team: 
 * Michael Cummings 
The following developers recently joined the Gentoo Linux team: 
 * None this week 
The following developers recently changed roles within the Gentoo Linux 
 * None this week 
6. Gentoo Security
Evolution: Format string vulnerabilities
Evolution is vulnerable to format string vulnerabilities which may result 
in remote execution of arbitrary code. 
For more information, please see the GLSA Announcement[26] 

PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability
The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute 
arbitrary PHP script commands. 
For more information, please see the GLSA Announcement[27] 

TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to 
arbitrary command execution. 
For more information, please see the GLSA Announcement[28] 

Apache 2.0: Denial of Service vulnerability
A bug in Apache may allow a remote attacker to perform a Denial of Service 
For more information, please see the GLSA Announcement[29] 

Tor: Information disclosure
A flaw in Tor leads to the disclosure of information and the loss of 
anonymity, integrity and confidentiality. 
For more information, please see the GLSA Announcement[30] 

libpcre: Heap integer overflow
libpcre is vulnerable to a heap integer overflow, possibly leading to the 
execution of arbitrary code. 
For more information, please see the GLSA Announcement[31] 

PhpWiki: Arbitrary command execution through XML-RPC
PhpWiki includes PHP XML-RPC code which is vulnerable to arbitrary command 
For more information, please see the GLSA Announcement[32] 

7. Bugzilla
 * Statistics 
 * Closed bug ranking 
 * New bug rankings 
The Gentoo community uses Bugzilla ([33]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 21 August 2005 and 28 August 2005, activity on 
the site has resulted in: 

 * 791 new bugs during this period 
 * 391 bugs closed or resolved during this period 
 * 51 previously closed bugs were reopened this period 
Of the 8038 currently open bugs: 103 are labeled 'blocker', 198 are 
labeled 'critical', and 529 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * AMD64 Porting Team[34], with 47 closed bugs[35]  
 * PHP Bugs[36], with 29 closed bugs[37]  
 * Gentoo Science Related Packages[38], with 18 closed bugs[39]  
 * Gentoo Security[40], with 16 closed bugs[41]  
 * Xavier Neys[42], with 15 closed bugs[43]  
 * Gentoo net-p2p team[44], with 15 closed bugs[45]  
 * Gentoo KDE team[46], with 15 closed bugs[47]  
 * Gentoo Games[48], with 15 closed bugs[49]  
 34. amd64@g.o
 36. php-bugs@g.o
 38. sci@g.o
 40. security@g.o
 42. neysx@g.o
 44. net-p2p@g.o
 46. kde@g.o
 48. games@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[50], with 22 new bugs[51]  
 * Perl Devs @ Gentoo[52], with 20 new bugs[53]  
 * media-video herd[54], with 13 new bugs[55]  
 * Gentoo Linux Gnome Desktop Team[56], with 11 new bugs[57]  
 * AMD64 Porting Team[58], with 8 new bugs[59]  
 * Gentoo Toolchain Maintainers[60], with 7 new bugs[61]  
 * Gentoo Sound Team[62], with 7 new bugs[63]  
 * Net-Mail Packages[64], with 7 new bugs[65]  
 50. maintainer-wanted@g.o
 52. perl@g.o
 54. media-video@g.o
 56. gnome@g.o
 58. amd64@g.o
 60. toolchain@g.o
 62. sound@g.o
 64. net-mail@g.o

8. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
9. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[66]  
 * Dutch[67]  
 * English[68]  
 * German[69]  
 * French[70]  
 * Japanese[71]  
 * Italian[72]  
 * Polish[73]  
 * Portuguese (Brazil)[74]  
 * Portuguese (Portugal)[75]  
 * Russian[76]  
 * Spanish[77]  
 * Turkish[78]  

Ulrich Plate <plate@g.o> - Editor
Patrick Lauer <patrick@g.o> - Author
gentoo-gwn@g.o mailing list