Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 19 December 2005
Date: Mon, 19 Dec 2005 23:10:20
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 19 December 2005.
1. Gentoo news
Documentation project status update
Another update from the busy Gentoo documentation project has been 
published last weekend, this one filled mostly with modifications to 
existing guides. Some of those have already been featured in past GWNs, 
like the GCC upgrading guide[1], while others have passed mostly 
unnoticed, but deserve a much broader audience, like the Gentoo home 
router guide[2] featuring instructions how to configure a kernel for 
ADSL/PPPoE connectivity. Have a look at the whole status update[3] for 
more changes to several pieces of documentation. 
As with every work in progress, your input is much appreciated: after the 
removal of stage 1 and 2 instructions from the handbook (now part of the 
Gentoo FAQ[4]), the GDP has set off on a mission to write an entirely new 
bootstrapping guide. The new document will discuss the reasons for 
bootstrapping, the creation of installation media for unsupported 
platforms and other topics. A draft bootstrapping guide[5] is now waiting 
for your feedback; please contact Sven Vermeulen[6] if you're 
knowledgeable about these things and would like to comment on the current 
state of the document. 
 6. swift@g.o
2. Gentoo international
Germany: Gentoo Summer Camp errata
GSC initiator and German Gentoo Forum moderator slick[7] points to an 
important error that slipped through quality control in the previous GWN: 
"Cold beverages are unfortunately not included in the 10 Euro 
participation fee per person and night," he says. These and other details, 
like the final venue, who to bring and what to expect is being discussed 
at the GSC organizers' forum[8] (German and English). 
3. Gentoo in the press
Genesi press release (18 December 2005)
Gentoo developer Pieter Van den Abeele[9] appears in a picture from the 
first investor community event last week in Palo Alto, shot 
during a presentation of his Gentoo-driven Genesi Home Media Center[10], a 
feature-rich digital video recorder based on the PegasosPPC platform. The 
station's internal design won an award[11] at the Freescale conference in 
June, and is hand-made on order, with a brushed aluminium case thrown in 
for good measure. Gentoo-sponsor Genesi's press release describes the 
POWER venture capital symposium as "presenting proof points for potential 
investors in the community" and links to a presentation on 
"Building Future Products; Tools, enablement, community, accelerators." 
 9. pvdabeel@g.o
 11. (15 December 2005)
KDE Developer Navindra Umanee[12] announces the move of KDE Dot News 
servers[13] to being hosted at the OSUOSL[14] (Oregon State University 
Open Source Labs). He is "truly impressed" by the combination of Gentoo 
Linux provided by the OSL in a Xen virtual machine: "Xen is completely 
transparent to the typical VM user and if I didn't know better I'd think 
we had a dedicated machine," says Navindra. This is the first Gentoo 
server he's encountered so far, and compiling everything from source "is 
starting to get a little old," but emerge has won a new fan nonetheless: 
"It has been extremely easy to pull in and configure any extra software we 
needed -- a simple emerge usually does the trick." 
 12. navindra@×××.org
4. Gentoo developer moves
The following developers recently left the Gentoo project: 
 * None this week 
The following developers recently joined the Gentoo project: 
 * None this week 
The following developers recently changed roles within the Gentoo project:
 * None this week 
5. Gentoo Security
Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
Openswan and IPsec-Tools suffer from an implementation flaw which may 
allow a Denial of Service attack. 
For more information, please see the GLSA Announcement[15] 
Xmail: Privilege escalation through sendmail
The sendmail program in Xmail is vulnerable to a buffer overflow, 
potentially resulting in local privilege escalation. 
For more information, please see the GLSA Announcement[16] 
Ethereal: Buffer overflow in OSPF protocol dissector
Ethereal is missing bounds checking in the OSPF protocol dissector that 
could lead to abnormal program termination or the execution of arbitrary 
For more information, please see the GLSA Announcement[17] 
OpenLDAP, Gauche: RUNPATH issues
OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the 
"portage" group to escalate privileges. 
For more information, please see the GLSA Announcement[18] 
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and 
Poppler potentially resulting in the execution of arbitrary code. 
For more information, please see the GLSA Announcement[19] 
cURL: Off-by-one errors in URL handling
cURL is vulnerable to local arbitrary code execution via buffer overflow 
due to the insecure parsing of URLs. 
For more information, please see the GLSA Announcement[20] 
Opera: Command-line URL shell command injection
Lack of URL validation in Opera command-line wrapper could be abused to 
execute arbitrary commands. 
For more information, please see the GLSA Announcement[21] 
6. Bugzilla
The Gentoo community uses Bugzilla ([22]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 04 December 2005 and 11 December 2005, activity 
on the site has resulted in: 
 * 740 new bugs during this period 
 * 373 bugs closed or resolved during this period 
 * 29 previously closed bugs were reopened this period 
Of the 9124 currently open bugs: 96 are labeled 'blocker', 195 are labeled 
'critical', and 542 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Java team[23], with 22 closed bugs[24]  
 * Greg Kroah-Hartman[25], with 17 closed bugs[26]  
 * Gentoo KDE team[27], with 12 closed bugs[28]  
 * Gentoo Developer Relations Team[29], with 12 closed bugs[30]  
 * Gentoo's Team for Core System packages[31], with 12 closed bugs[32]  
 * AMD64 Porting Team[33], with 11 closed bugs[34]  
 * Gentoo X-windows packagers[35], with 10 closed bugs[36]  
 * AMD64 Testing Team[37], with 10 closed bugs[38]  
 23. java@g.o
 25. gregkh@g.o
 27. kde@g.o
 29. devrel@g.o
 31. base-system@g.o
 33. amd64@g.o
 35. x11@g.o
 37. amd64-test@g.o
New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[39], with 30 new bugs[40]  
 * Default Assignee for Orphaned Packages[41], with 15 new bugs[42]  
 * X11 External Driver Maintainers[43], with 12 new bugs[44]  
 * Mozilla Gentoo Team[45], with 11 new bugs[46]  
 * Gentoo Sound Team[47], with 8 new bugs[48]  
 * Gentoo KDE team[49], with 8 new bugs[50]  
 * Saleem A.[51], with 7 new bugs[52]  
 * Gentoo Linux Gnome Desktop Team[53], with 6 new bugs[54]  
 39. maintainer-wanted@g.o
 41. maintainer-needed@g.o
 43. x11-drivers@g.o
 45. mozilla@g.o
 47. sound@g.o
 49. kde@g.o
 51. compnerd@g.o
 53. gnome@g.o
7. GWN feedback
Please send us your feedback[55] and help make the GWN better. 
 55. gwn-feedback@g.o
8. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@g.o from the email address you are 
subscribed under.
9. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[56]  
 * Dutch[57]  
 * English[58]  
 * German[59]  
 * French[60]  
 * Korean[61]  
 * Japanese[62]  
 * Italian[63]  
 * Polish[64]  
 * Portuguese (Brazil)[65]  
 * Portuguese (Portugal)[66]  
 * Russian[67]  
 * Spanish[68]  
 * Turkish[69]  
Ulrich Plate <plate@g.o> - Editor
Chris White <chriswhite@g.o> - Author

gentoo-gwn@g.o mailing list