Gentoo Archives: gentoo-gwn

From: Ulrich Plate <plate@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter 8 May 2006
Date: Mon, 08 May 2006 00:19:48
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 8 May 2006.
1. Gentoo news
Improved Ada support in Portage - split ebuilds for gnat
"New generation" dev-ada/gnat-xxx compilers are now in Portage. They 
follow the upstream more closely (now you get gnat-gcc to follow FSF's 
in-gcc sources, and gnat-gpl to represent "official" AdaCore's code). 
toolchain.eclass procedures are also more closely observed, allowing for 
better integration with system gcc and better multilib support, and the 
new compilers are properly SLOTted and can be installed in parallel (so 
that you can have gnat-gcc-3.4.6, gnat-gcc-4.1.0 and gnat-gpl- 
installed all at once). The selection of the active gnat is performed via 
an eselect-gnat module in the usual manner. Work is under way to enhance 
support for Ada libraries, so that they are built for each installed gnat 
and can be switched on the fly. Anybody interested in helping is cordially 
invited to visit the corresponding bug[1]. This includes a call for a 
long-term Ada maintainer, too. Actual support work should be relatively 
easy now that the transition itself is over, but candidates should be able 
to make sense of the gnatbuild.eclass, gnat.eclass and toolchain.eclass 
(and related), in addition, of course, to generally know your way around 
ebuilds. Contact George Shapovalov[2] if you're interested. 

 2. george@g.o
Gnome 2.14 in Portage
GNOME 2.14 came out of package.mask this weekend. The tracker bug is 
located at bug #119872[3]. Highlights of the release include performance 
boosts and improvements to various applications and routines, and can be 
found at the Gnome website[4]. If you have any problems upgrading, please 
search bugzilla[5] or wander into #gentoo-desktop on 

2. Heard in the community
Joshua Jackson[6] starts a discussion on the heritage and the historic 
"symbols" of Gentoo - Larry the Cow, the floating alien guy and so on. In 
the website redesign some of these have been removed. Should we keep these 
leftovers from the old times or should we move on? 

 6. tsunam@g.o
 * Heritage [7] 

coldplug and hotplug
Our baselayout magician Roy Marples[8] started a discussion on the 
behaviour of hotplug and coldplug - coldplug events can be limited via the 
RC_COLDPLUG variable while hotplug does not. To unify this he proposed a 
few changes, but then the discussion drifted away to problems with udev 
and coldplug: Some users report problems with newer udev versions 
automatically loading drivers and want to be able to completely disable 
this behaviour. 

 8. uberlord@g.o
 * Coldplug and hotplug [9] 

Having fun with compression
As an experiment to see if distfile downloads could be shrunk Patrick 
Lauer[10] did some tests converting from gzip to bzip2 and 7zip formats. 
Over 15GB of .tar.gz files got converted in this experiment, showing on 
average about 15% space reduction. While it is not practical to "just 
convert" all files and no comparison of CPU usage has been done it is 
nevertheless an interesting perspective for people with slower internet 

 10. patrick@g.o
 * Having fun with compression [11] 

3. Gentoo international
Germany: asks 'Are you Gentoo?'
Inspired by a code-snippet posted by Forums moderator slick[12], the 
German not-for-profit association created a quiz on their community-site, 
asking "Are you Gentoo?[13]" The survey contains 20 questions, some of 
them easy to answer, some tricky ones and some questions which need a 
solid understanding of Gentoo's basics. Everyone who answers all 20 
questions correctly can take part in a raffle where the 'Friends of Gentoo 
e.V.' offer three prizes, including a Gentoo shirt and mousepad. If your 
German is up to the task, take the challenge and solve the quiz[14]. 

4. Gentoo in the press
Desktop Linux (2 May 2006)
Desktop Linux finds two articles in other online magazines make for 
"interesting reading," reads them for us and quotes a few highlights. 
We're left with the choice of reading the original articles at[15] (an enthusiastic post-release 2006.0 review) and Linux 
Watch[16] (Steven Vaughn-Nichols' slightly more downbeat assessment that 
'Gentoo is not for everyone'), or be content with what we find at Desktop 
Linux. Either way is just fine -- it'll stay within the range of Ziff 
Davies Holding publications, anyway. 

Desktop Linux (2 May 2006)
SystemRescueCD's new version released last week made the news at Desktop 
Linux[17] on the same day as the press clippings for Gentoo Linux 2006.0 
mentioned just above. The French project[18] provides a save-and-rescue 
Linux environment -- based on Gentoo -- with everything on board you might 
need for a system recovery, but also for administrative tasks like 
partitioning harddrives with QtParted, claims the announcement. 

Distrowatch (3 May 2006)
Yet another distribution based on Gentoo, this one specializing in 64bit 
systems: Distrowatch reports[19] about the latest release of RR64, 
probably because it's a full LiveDVD with Gnome and Xgl and whatnot 
inside. Fabio Erculiani's Italian Gentoo flavour, the RR series[20] was 
featured in the GWN[21] before. 

5. Gentoo developer moves
The following developers recently left the Gentoo project: 
 * Daniel Goller 
The following developers recently joined the Gentoo project: 
 * Mike Auty (ikelos) - VMware 
 * Jon Hood (squinky86) - net-p2p, accessibility 
The following developers recently changed roles within the Gentoo project:
 * Ferris McCormick (fmccor) - retired as developer relations lead 
 * Jon Portnoy (avenj) - new devrel co-lead 
6. Gentoo Security
MPlayer: Heap-based buffer overflow
MPlayer contains multiple integer overflows that may lead to a heap-based 
buffer overflow. 
For more information, please see the GLSA Announcement[22] 

X.Org: Buffer overflow in XRender extension
A buffer overflow in the XRender extension potentially allows any X.Org 
user to execute arbitrary code with elevated privileges. 
For more information, please see the GLSA Announcement[23] 

ClamAV: Buffer overflow in Freshclam
Freshclam is vulnerable to a buffer overflow that could lead to execution 
of arbitrary code. 
For more information, please see the GLSA Announcement[24] 

phpWebSite: Local file inclusion
Remote attackers can include local files which may lead to the execution 
of arbitrary code. 
For more information, please see the GLSA Announcement[25] 

rsync: Potential integer overflow
An attacker having write access to an rsync module might be able to 
execute arbitrary code on an rsync server. 
For more information, please see the GLSA Announcement[26] 

Mozilla Firefox: Potential remote code execution
The Mozilla Firefox 1.5 line is vulnerable to a buffer overflow in the 
JavaScript extension which may in theory lead to remote execution of 
arbitrary code. 
For more information, please see the GLSA Announcement[27] 

Nagios: Buffer overflow
Nagios is vulnerable to a buffer overflow which may lead to remote 
execution of arbitrary code. 
For more information, please see the GLSA Announcement[28] 

7. Bugzilla
The Gentoo community uses Bugzilla ([29]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 30 April 2006 and 07 May 2006, activity on the 
site has resulted in: 

 * 771 new bugs during this period 
 * 396 bugs closed or resolved during this period 
 * 35 previously closed bugs were reopened this period 
Of the 9947 currently open bugs: 60 are labeled 'blocker', 143 are labeled 
'critical', and 529 are labeled 'major'. 
Closed bug rankings
The developers and teams who have closed the most bugs during this period 
 * Gentoo Games[30], with 24 closed bugs[31]  
 * Gentoo KDE team[32], with 19 closed bugs[33]  
 * Gentoo Security[34], with 18 closed bugs[35]  
 * Gentoo's Team for Core System packages[36], with 17 closed bugs[37]  
 * AMD64 Project[38], with 17 closed bugs[39]  
 * Portage team[40], with 11 closed bugs[41]  
 * Gentoo Toolchain Maintainers[42], with 9 closed bugs[43]  
 * Gentoo Linux Gnome Desktop Team[44], with 9 closed bugs[45]  
 30. games@g.o
 32. kde@g.o
 34. security@g.o
 36. base-system@g.o
 38. amd64@g.o
 40. dev-portage@g.o
 42. toolchain@g.o
 44. gnome@g.o

New bug rankings
The developers and teams who have been assigned the most new bugs during 
this period are: 
 * Default Assignee for New Packages[46], with 28 new bugs[47]  
 * Default Assignee for Orphaned Packages[48], with 15 new bugs[49]  
 * AMD64 Project[50], with 12 new bugs[51]  
 * Gentoo Sound Team[52], with 11 new bugs[53]  
 * Gentoo X-windows packagers[54], with 10 new bugs[55]  
 * Gentoo Linux Gnome Desktop Team[56], with 8 new bugs[57]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[58], with 6 new 
 * Gentoo Science Related Packages[60], with 5 new bugs[61]  
 46. maintainer-wanted@g.o
 48. maintainer-needed@g.o
 50. amd64@g.o
 52. sound@g.o
 54. x11@g.o
 56. gnome@g.o
 58. kernel@g.o
 60. sci@g.o

8. GWN feedback
Please send us your feedback[62] and help make the GWN better. 

 62. gwn-feedback@g.o
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to 
gentoo-gwn+unsubscribe@g.o from the e-mail address you are 
subscribed under.
10. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[63]  
 * Dutch[64]  
 * English[65]  
 * German[66]  
 * French[67]  
 * Korean[68]  
 * Japanese[69]  
 * Italian[70]  
 * Polish[71]  
 * Portuguese (Brazil)[72]  
 * Portuguese (Portugal)[73]  
 * Russian[74]  
 * Spanish[75]  
 * Turkish[76]  

Ulrich Plate <plate@g.o> - Editor
John N. Laliberte <allanonjl@g.o> - Author
Patrick Lauer <patrick@g.o> - Author
Tobias Scherbaum <dertobi123@g.o> - Author
George Shapovalov <george@g.o> - Author

gentoo-gwn@g.o mailing list