Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-gwn

From: Yuji Kosugi <carlos@g.o>
To: gentoo-gwn@l.g.o
Subject: [gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 15
Date: Tue, 13 Apr 2004 00:02:35
Message-Id: 20040412234838.GA5748@sparda.dyndns.org
1 ---------------------------------------------------------------------------
2 Gentoo Weekly Newsletter
3 http://www.gentoo.org/news/en/gwn/current.xml
4 This is the Gentoo Weekly Newsletter for the week of April 12th, 2004.
5 ---------------------------------------------------------------------------
6
7 ==============
8 1. Gentoo News
9 ==============
10
11 Gentoo Weekly Newsletter reorganizing
12 -------------------------------------
13
14 Recently we've been receiving emails from users about missing sections and
15 content in the newsletter. We've had some contributors leave the team, and
16 others have been unable to participate due to personal issues, but once we
17 start adding some new contributors to the team and reorganizing, we should
18 be right back on track. Those who responded to the recruitment drive last
19 week, please hold on as we determine what positions we need filled and
20 begin responding to applicants. Thanks to all our readers for reading the
21 newsletter each week; we'll bring back all our regular content as quickly
22 as possible.
23
24 Gentoo Linux Project seeking SAMBA developers
25 ---------------------------------------------
26
27 The Gentoo Linux Project is seeking developers who have experience with
28 SAMBA. Send an email to recruiters@g.o with some background info if
29 you're interested.
30
31 ==================
32 2. Gentoo Security
33 ==================
34
35 Insecure sandbox temporary lockfile vulnerabilities in Portage
36 --------------------------------------------------------------
37
38 A flaw has been found in the temporary file handling algorithms for the
39 sandboxing code used within Portage. Lockfiles created during normal
40 Portage operation of portage could be manipulated by local users resulting
41 in the truncation of hard linked files; causing a Denial of Service attack
42 on the system.
43
44 For more information, please see the GLSA Announcement[1]
45
46 1. http://www.gentoo.org/security/en/glsa/glsa-200404-01.xml
47
48 KDE Personal Information Management Suite Remote Buffer Overflow
49 Vulnerability
50 -------------
51
52 KDE-PIM may be vulnerable to a remote buffer overflow attack that may
53 allow unauthorized access to an affected system.
54
55 For more information, please see the GLSA Announcement[2]
56
57 2. http://www.gentoo.org/security/en/glsa/glsa-200404-02.xml
58
59 Tcpdump Vulnerabilities in ISAKMP Parsing
60 -----------------------------------------
61
62 There are multiple vulnerabilities in tcpdump and libpcap related to
63 parsing of ISAKMP packets.
64
65 For more information, please see the GLSA Announcement[3]
66
67 3. http://www.gentoo.org/security/en/glsa/glsa-200404-03.xml
68
69 Multiple vulnerabilities in sysstat
70 -----------------------------------
71
72 Multiple vulnerabilities in the way sysstat handles symlinks may allow an
73 attacker to execute arbitrary code or overwrite arbitrary files
74
75 For more information, please see the GLSA Announcement[4]
76
77 4. http://www.gentoo.org/security/en/glsa/glsa-200404-04.xml
78
79 ipsec-tools contains an X.509 certificates vulnerability.
80 ---------------------------------------------------------
81
82 ipsec-tools contains a vulnerability that affects connections
83 authenticated with X.509 certificates.
84
85 For more information, please see the GLSA Announcement[5]
86
87 5. http://www.gentoo.org/security/en/glsa/glsa-200404-05.xml
88
89 Util-linux login may leak sensitive data
90 ----------------------------------------
91
92 The login program included in util-linux could leak sensitive information
93 under certain conditions.
94
95 For more information, please see the GLSA Announcement[6]
96
97 6. http://www.gentoo.org/security/en/glsa/glsa-200404-06.xml
98
99 ClamAV RAR Archive Remote Denial Of Service Vulnerability
100 ---------------------------------------------------------
101
102 ClamAV is vulnerable to a denial of service attack when processing certain
103 RAR archives.
104
105 For more information, please see the GLSA Announcement[7]
106
107 7. http://www.gentoo.org/security/en/glsa/glsa-200404-07.xml
108
109 GNU Automake symbolic link vulnerability
110 ----------------------------------------
111
112 Automake may be vulnerable to a symbolic link attack which may allow an
113 attacker to modify data or elevate their privileges.
114
115 For more information, please see the GLSA Announcement[8]
116
117 8. http://www.gentoo.org/security/en/glsa/glsa-200404-08.xml
118
119 Cross-realm trust vulnerability in Heimdal
120 ------------------------------------------
121
122 Heimdal contains cross-realm vulnerability allowing someone with control
123 over a realm to impersonate anyone in the cross-realm trust path.
124
125 For more information, please see the GLSA Announcement[9]
126
127 9. http://www.gentoo.org/security/en/glsa/glsa-200404-09.xml
128
129 iproute local Denial of Service vulnerability
130 ---------------------------------------------
131
132 The iproute package allows local users to cause a denial of service.
133
134 For more information, please see the GLSA Announcement[10]
135
136 10. http://www.gentoo.org/security/en/glsa/glsa-200404-10.xml
137
138 Multiple Vulnerabilities in pwlib
139 ---------------------------------
140
141 Multiple vulnerabilites have been found in pwlib that may lead to a remote
142 denial of service or buffer overflow attack.
143
144 For more information, please see the GLSA Announcement[11]
145
146 11. http://www.gentoo.org/security/en/glsa/glsa-200404-11.xml
147
148 Scorched 3D server chat box format string vulnerability
149 -------------------------------------------------------
150
151 Scorched 3D is vulnerable to a format string attack in the chat box that
152 leads to Denial of Service on the game server and possibly allows
153 execution of arbitrary code.
154
155 For more information, please see the GLSA Announcement[12]
156
157 12. http://www.gentoo.org/security/en/glsa/glsa-200404-12.xml
158
159 =========================
160 3. Heard in the Community
161 =========================
162
163 Web Forums
164 ----------
165
166 Week of the Xorg
167
168 Two unusually active threads have developed last week providing opinions
169 and experience concerning the alternative to XFree86 some people have been
170 trying out lately. In any case, the forked X server from X.org certainly
171 looks popular enough to attract six pages worth of postings within just
172 three days since the creation of the discussion thread, and even the Howto
173 thread had dozens of Gentooists post addenda or corrections:
174
175 * experiences with xorg-x11-6.7.0[13]
176 * How I got x.org up and running[14]
177 13. http://forums.gentoo.org/viewtopic.php?t=158619
178 14. http://forums.gentoo.org/viewtopic.php?t=158911
179
180 =======================
181 4. Gentoo International
182 =======================
183
184 Italy/Switzerland: Joint GECHI and Ticino LUG Meeting
185
186 On Friday and Saturday, 16 and 17 April, the notorious GECHI[15] group of
187 Italian Gentoo users will join forces with the Ticino Linx User Group to
188 organize a friendly event at one of three SUPSI (Scuola Universitaria
189 Professionale della Svizzera Italiana) sites in Switzerland, this one
190 located in a town called Manno, not far from the Italian border. Dates and
191 times are to be taken with a grain of salt (check the TiLUG site[16] for
192 details), but the Forum coordination thread[17] appears to have everything
193 under control. And in any case, springtime in Ticino is supposed to be
194 lovely....
195
196 15. http://www.gechi.org/
197 16. http://tilug.org/cms/index.php?ind=14
198 17. http://forums.gentoo.org/viewtopic.php?t=157613
199
200 ===========
201 5. Bugzilla
202 ===========
203
204 Summary
205 -------
206
207 * Statistics
208 * Closed Bug Ranking
209 * New Bug Rankings
210
211 Statistics
212 ----------
213
214 The Gentoo community uses Bugzilla (bugs.gentoo.org[18]) to record and
215 track bugs, notifications, suggestions and other interactions with the
216 development team. Between 03 April 2004 and 09 April 2004, activity on the
217 site has resulted in:
218
219 18. http://bugs.gentoo.org
220
221 * 642 new bugs during this period
222 * 336 bugs closed or resolved during this period
223 * 22 previously closed bugs were reopened this period
224
225 Of the 5570 currently open bugs: 128 are labeled 'blocker', 199 are
226 labeled 'critical', and 454 are labeled 'major'.
227
228 Closed Bug Rankings
229 -------------------
230
231 The developers and teams who have closed the most bugs during this period
232 are:
233
234 * Jeremy Huddleston[19], with 32 closed bugs[20]
235 * AMD64 Porting Team[21], with 22 closed bugs[22]
236 * Gentoo Linux Gnome Desktop Team[23], with 18 closed bugs[24]
237 * Gentoo KDE team[25], with 17 closed bugs[26]
238 * Gentoo Games team[27], with 15 closed bugs[28]
239 * x86 Kernel team[29], with 14 closed bugs[30]
240 * Gentoo Security[31], with 14 closed bugs[32]
241 * SpanKY[33], with 11 closed bugs[34]
242 19. eradicator@g.o
243 20.
244 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
245 field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
246 ED&assigned_to=eradicator@g.o
247 21. amd64@g.o
248 22.
249 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
250 field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
251 ED&assigned_to=amd64@g.o
252 23. gnome@g.o
253 24.
254 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
255 field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
256 ED&assigned_to=gnome@g.o
257 25. kde@g.o
258 26.
259 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
260 field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
261 ED&assigned_to=kde@g.o
262 27. games@g.o
263 28.
264 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
265 field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
266 ED&assigned_to=games@g.o
267 29. x86-kernel@g.o
268 30.
269 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
270 field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
271 ED&assigned_to=x86-kernel@g.o
272 31. security@g.o
273 32.
274 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
275 field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
276 ED&assigned_to=security@g.o
277 33. vapier@g.o
278 34.
279 http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
280 field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
281 ED&assigned_to=vapier@g.o
282
283 New Bug Rankings
284 ----------------
285
286 The developers and teams who have been assigned the most new bugs during
287 this period are:
288
289 * AMD64 Porting Team[35], with 31 new bugs[36]
290 * Gentoo Linux Gnome Desktop Team[37], with 28 new bugs[38]
291 * Gentoo's Team for Core System packages[39], with 21 new bugs[40]
292 * Jeremy Huddleston[41], with 11 new bugs[42]
293 * Net-Mail Packages[43], with 8 new bugs[44]
294 * Gentoo X-windows packagers[45], with 7 new bugs[46]
295 * Robert Coie[47], with 7 new bugs[48]
296 * Gentoo KDE team[49], with 7 new bugs[50]
297 35. amd64@g.o
298 36.
299 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
300 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
301 -09&assigned_to=amd64@g.o
302 37. gnome@g.o
303 38.
304 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
305 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
306 -09&assigned_to=gnome@g.o
307 39. base-system@g.o
308 40.
309 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
310 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
311 -09&assigned_to=base-system@g.o
312 41. eradicator@g.o
313 42.
314 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
315 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
316 -09&assigned_to=eradicator@g.o
317 43. net-mail@g.o
318 44.
319 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
320 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
321 -09&assigned_to=net-mail@g.o
322 45. xfree@g.o
323 46.
324 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
325 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
326 -09&assigned_to=xfree@g.o
327 47. rac@g.o
328 48.
329 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
330 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
331 -09&assigned_to=rac@g.o
332 49. kde@g.o
333 50.
334 http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
335 tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
336 -09&assigned_to=kde@g.o
337
338 ==================
339 6. Tips and Tricks
340 ==================
341
342 Shell Autologout with TMOUT
343
344 Adding the TMOUT environment variable to your shell startup scripts will
345 automatically log out of an interactive shell after the specified number
346 of seconds.
347
348 ---------------------------------------------------------------------------
349 | Code Listing 6.1: |
350 | .bash_profile |
351 ---------------------------------------------------------------------------
352 | |
353 |Timeout if no input is given for 1 hour |
354 |TMOUT=3600 |
355 | |
356 ---------------------------------------------------------------------------
357
358 ===========================
359 7. Moves, Adds, and Changes
360 ===========================
361
362 Moves
363 -----
364
365 The following developers recently left the Gentoo team:
366 * none this week
367
368
369 Adds
370 ----
371
372 The following developers recently joined the Gentoo Linux team:
373
374 * Jonathan Hood (squinky86) - accessibility, sword
375 * Yi Qiang (khai) - gnome
376 * Patrick Lauer (bonsaikitten) - cygwin, x86
377 * Danny Van (kugelfang) - amd64
378 * Roger Miliker (roger55) - releng
379
380 Changes
381 -------
382
383 The following developers recently changed roles within the Gentoo Linux
384 project:
385
386 * none this week
387
388 ====================
389 8. Contribute to GWN
390 ====================
391
392 Interested in contributing to the Gentoo Weekly Newsletter? Send us an
393 email[51].
394
395 51. gwn-feedback@g.o
396
397 ===============
398 9. GWN Feedback
399 ===============
400
401 Please send us your feedback[52] and help make the GWN better.
402
403 52. gwn-feedback@g.o
404
405 ================================
406 10. GWN Subscription Information
407 ================================
408
409 To subscribe to the Gentoo Weekly Newsletter, send a blank email to
410 gentoo-gwn-subscribe@g.o.
411
412 To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to
413 gentoo-gwn-unsubscribe@g.o from the email address you are
414 subscribed under.
415
416 ===================
417 11. Other Languages
418 ===================
419
420 The Gentoo Weekly Newsletter is also available in the following languages:
421
422 * Dutch[53]
423 * English[54]
424 * German[55]
425 * French[56]
426 * Japanese[57]
427 * Italian[58]
428 * Polish[59]
429 * Portuguese (Brazil)[60]
430 * Portuguese (Portugal)[61]
431 * Russian[62]
432 * Spanish[63]
433 * Turkish[64]
434 53. http://www.gentoo.org/news/be/gwn/gwn.xml
435 54. http://www.gentoo.org/news/en/gwn/gwn.xml
436 55. http://www.gentoo.org/news/de/gwn/gwn.xml
437 56. http://www.gentoo.org/news/fr/gwn/gwn.xml
438 57. http://www.gentoo.org/news/ja/gwn/gwn.xml
439 58. http://www.gentoo.org/news/it/gwn/gwn.xml
440 59. http://www.gentoo.org/news/pl/gwn/gwn.xml
441 60. http://www.gentoo.org/news/br/gwn/gwn.xml
442 61. http://www.gentoo.org/news/pt/gwn/gwn.xml
443 62. http://www.gentoo.org/news/ru/gwn/gwn.xml
444 63. http://www.gentoo.org/news/es/gwn/gwn.xml
445 64. http://www.gentoo.org/news/tr/gwn/gwn.xml
446
447
448 Yuji Carlos Kosugi <carlos@g.o> - Editor
449 AJ Armstrong <aja@×××××××××××××.com> - Contributor
450 Brian Downey <bdowney@×××××××××××.net> - Contributor
451 Luke Giuliani <cold_flame@×××××.com> - Contributor
452 Grant Goodyear <g2boojum@g.o> - Contributor
453 Aron Griffis <agriffis@g.o> - Contributor
454 Stuart Herbert <stuart@g.o> - Contributor
455 Kurt Lieber <klieber@g.o> - Contributor
456 Rafael Cordones Marcos <rcm@×××××××.net> - Contributor
457 David Narayan <david@×××××××.net> - Contributor
458 David Nielsen <Lovechild@××××××××.com> - Contributor
459 Ulrich Plate <plate@g.o> - Contributor
460 Simon Holm Thagersen <simon@××××××.net> - Danish Translation
461 Jesper Brodersen <broeman@g.o> - Danish Translation
462 Arne Mejlholm <aaby@g.o> - Danish Translation
463 Hendrik Eeckhaut <Hendrik.Eeckhaut@×××××.be> - Dutch Translation
464 Jorn Eilander <sephiroth@××××××××.nl> - Dutch Translation
465 Bernard Kerckenaere <bernieke@××××××××.com> - Dutch Translation
466 Peter ter Borg <peter@××××××.nl> - Dutch Translation
467 Jochen Maes <linux@××××.be> - Dutch Translation
468 Roderick Goessen <rgoessen@××××.nl> - Dutch Translation
469 Gerard van den Berg <gerard@××××××.net> - Dutch Translation
470 Matthieu Montaudouin <mat@××××××××.com> - French Translation
471 Xavier Neys <neysx@g.o> - French Translation
472 Martin Prieto <riverdale@×××××××××.org> - French Translation
473 Antoine Raillon <cabec2@××××××.net> - French Translation
474 Sebastien Cevey <seb@×××××.net> - French Translation
475 Jean-Christophe Choisy <mabouya@××××××××××××.org> - French Translation
476 Thomas Raschbacher <lordvan@g.o> - German Translation
477 Steffen Lassahn <madeagle@g.o> - German Translation
478 Matthias F. Brandstetter <haim@g.o> - German Translation
479 Lukas Domagala <Cyrik@g.o> - German Translation
480 Tobias Scherbaum <dertobi123@g.o> - German Translation
481 Daniel Gerholdt <Sputnik1969@g.o> - German Translation
482 Marc Herren <dj-submerge@g.o> - German Translation
483 Tobias Matzat <SirSeoman@g.o> - German Translation
484 Marco Mascherpa <mush@××××××.net> - Italian Translation
485 Claudio Merloni <paper@×××××××.it> - Italian Translation
486 Stefano Lucidi <stefano.lucidi@×××××××××××××.org> - Italian Translation
487 Katuyuki Konno <katuyuki@××××××××.jp> - Japanese Translation
488 Hiroyuki Takeda <hiro@××××××××××××××.jp> - Japanese Translation
489 Masato Hatakeyama <hatake@×××××××××××.jp> - Japanese Translation
490 Masayoshi Nakamura <masayang@×××××××××.com> - Japanese Translation
491 Yasunori Fukudome <yasunori@××××××××××××××××.uk> - Japanese Translation
492 Tomoyuki Sakurai <web-gentoo-doc-jp@××××××××××××.nu> - Japanese Translation
493 Lukasz Strzygowski <lucass@××××××.pl> - Polish Translation
494 Karol Goralski <gooroo@××××××.pl> - Polish Translation
495 Atila "Jedi" Bohlke Vasconcelos <bohlke@×××××××××.br> - Portuguese
496 (Brazil) Translation
497 Eduardo Belloti <dudu@××××××××.net> - Portuguese (Brazil) Translation
498 Jo??o Rafael Moraes Nicola <joaoraf@×××××××××.br> - Portuguese (Brazil)
499 Translation
500 Marcelo Gon??alves de Azambuja <mgazambuja@×××××××××.br> - Portuguese
501 (Brazil) Translation
502 Otavio Rodolfo Piske <angusy@××××××××.org> - Portuguese (Brazil)
503 Translation
504 Pablo N. Hess -- NatuNobilis <natunobilis@××××××××.org> - Portuguese
505 (Brazil) Translation
506 Pedro de Medeiros <pzilla@××××××××.br> - Portuguese (Brazil) Translation
507 Ventura Barbeiro <venturasbarbeiro@××××××.br> - Portuguese (Brazil)
508 Translation
509 Bruno Ferreira <blueroom@××××××××××××.net> - Portuguese (Portugal)
510 Translation
511 Gustavo Felisberto <humpback@××××××××××.net> - Portuguese (Portugal)
512 Translation
513 Jos?? Costa <jose_costa@×××××××.pt> - Portuguese (Portugal) Translation
514 Luis Medina <metalgodin@×××××××××.org> - Portuguese (Portugal) Translation
515 Ricardo Loureiro <rjlouro@×××××××.org> - Portuguese (Portugal) Translation
516 Aleksandr Martyncev <amncorp@××.ru> - Russian Translator
517 Sergey Galkin <gals_home@××××.ru> - Russian Translator
518 Sergey Kuleshov <svyatogor@g.o> - Russian Translator
519 Alex Spirin <asp13@××××.ru> - Russian Translator
520 Denis Zaletov <dzaletov@×××××××.ru> - Russian Translator
521 Lanark <lanark@××××××××××.ar> - Spanish Translation
522 Fernando J. Pereda <ferdy@××××××.org> - Spanish Translation
523 Lluis Peinado Cifuentes <lpeinado@×××.edu> - Spanish Translation
524 Zephryn Xirdal T <ZEPHRYNXIRDAL@××××××××××.net> - Spanish Translation
525 Guillermo Juarez <katossi@××××××××××××××××.es> - Spanish Translation
526 Jes??s Garc??a Crespo <correo@××××××.com> - Spanish Translation
527 Carlos Castillo <carlos@×××××××××××××.com> - Spanish Translation
528 Julio Castillo <julio@×××××××××××××.com> - Spanish Translation
529 Sergio G??mez <s3r@××××××××××××.ar> - Spanish Translation
530 Aycan Irican <aycan@××××××××.tr> - Turkish Translation
531 Bugra Cakir <bugra@×××××××××.com> - Turkish Translation
532 Cagil Seker <cagils@××××××××××.tr> - Turkish Translation
533 Emre Kazdagli <emre@××××××××.tr> - Turkish Translation
534 Evrim Ulu <evrim@××××××××.tr> - Turkish Translation
535 Gursel Kaynak <gurcell@××××××××.tr> - Turkish Translation
Report Message
Find on MARC Find on Google Groups