Gentoo Weekly Newsletter: August 2, 2004Today marks the release of Gentoo Linux 2004.2 for the AMD64, HPPA, SPARC and X86 architectures! The Gentoo Linux Release Engineering project has worked hard to improve key problem areas identified in the 2004.1 release. These areas of improvement include, but are not limited to:
Detailed information for Gentoo Linux 2004.2, such as Release Notes and md5sums, can be found at the 2004.2 information page Gentoo Linux 2004.2 can be downloaded from any one of our official download mirrors, as well as from our new BitTorrent system. Please note that pentium3, pentium4, and athlon-xp PackageCDs are only available either by download via BitTorrent or through purchase at the Gentoo Store. Additional GRP sets will be available via BitTorrent shortly.. It's now been a full year since the first Gentoo BugDay was organized by former developer Brian Jackson and held on August 2, 2003, and users and developers joined forces for the first time in #gentoo-bugs on irc.freenode.net to close as many bugs as possible. It's been a good year for this new monthly initiative: an average of over 200 bugs has been closed each month, and many developers have joined the project as a result of the user-developer interaction that occurs. Users and developers alike are invited to come to #gentoo-bugs on Saturday, August 7th, the anniversary BugDay, continue the tradition, and maybe even break the record for closed bugs - the current record of 233 bugs closed was set on 1 May 2004. For more information, contact Bryan Ostergaard, the current organiser. Good luck! German GWN translation team seeking additional translators After a somehow turbulent time, Marc Herren is taking over as lead for the German translation of the GWN. To expand the team we're searching for additional people who would like to volunteer and help out with translations. If you feel able to translate documents from English into German and have at least half an hour to spare each week, drop Marc a line to let him know you're interested. Desktop The Desktop team have officially deprecated the xfree package in favor of xorg-x11 as the default implementation of X for Gentoo. This reflects problems with the XFree license on version 4.4 that seem to preclude its inclusion in Portage. Both packages will remain in portage as people migrate, but xfree is expected to be dropped sometime early next year. Both Gnome 2.6.2 and KDE 3.2.3 have recently been marked stable in the tree, while XFCE 4.0.6 is in testing prior to stable release. A number of the Desktop sub-projects have created new web pages to help users keep abreast of their activities, including the Science, Video and Games teams. Documentation The Documentation Team is pleased to announce that Xavier Neys has been named as Operational Lead for the Gentoo Documentation Project. In addition to updates to the Gentoo Handbook to align with the 2004.2 LiveCD release, the team has released several new documents, including a Home Router Guide and Handbooks for ARM and PPC64 architectures. There have also been updates to the Portage Guide, Kernel Guide and FAQ to reflect recent software changes, and the Desktop Configuration Guide has been replaced by new set of i>Gentoo Desktop Documentation Resources. Hardened The Hardened Gentoo team made a parallel release of Security-Enabled (SELinux) and PIE-SSP stages and LiveCDs for the 2004.2 release. Pavuk: Digest authentication helper buffer overflow Pavuk contains a bug that can allow an attacker to run arbitrary code. For more information, please see the GLSA Announcement Subversion: Vulnerability in mod_authz_svn Users with write access to parts of a Subversion repository may bypass read restrictions in mod_authz_svn and read any part of the repository they wish. For more information, please see the GLSA Announcement Samba: Multiple buffer overflows Two buffer overflows vulnerabilities were found in Samba, potentially allowing the remote execution of arbitrary code. For more information, please see the GLSA Announcement phpMyAdmin: Multiple vulnerabilities Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a valid user account to alter configuration variables and execute arbitrary PHP code. For more information, please see the GLSA Announcement SoX: Multiple buffer overflows SoX contains two buffer overflow vulnerabilities in the WAV header parser code. For more information, please see the GLSA Announcement MPlayer: GUI filename handling overflow When compiled with GUI support MPlayer is vulnerable to a remotely exploitable buffer overflow attack. For more information, please see the GLSA Announcement 4. Featured Developer of the Week Featured Developer is on hiatus this week. Transparent Squid Proxy Using IPTables One list member had some issues getting Squid and IPTables to work happily together using the latest ebuilds. This thread not only has a great example of an IPTables transparent proxy rule, but also some tips on getting the proper modules in place to use it! "Weird" Executables in /bin What's that left-bracket doing there in /bin? If you're curious, check out this thread. Upgrading Gentoo Is it necessary to "upgrade" Gentoo when a new LiveCD comes out? With the recent release of 2004.2, one user wasn't sure. Although the answer was given rather quickly, the thread grew large, and spawned discussions on effectively using Portage profiles, and more. Strange SSH Activity Making the Rounds The gentoo-security list has had several users report odd SSH activity over the past few days. Symptoms include repeated failed logins by normally unused accounts, as well as a report by a user of the Debian list of an actual break-in. Check out more details here. Gentoo International is on hiatus this week. The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 24 July 2004 and 30 July 2004, activity on the site has resulted in:
Of the 7041 currently open bugs: 142 are labeled 'blocker', 197 are labeled 'critical', and 542 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Tips and Tricks is on hiatus this week. The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email. Please send us your feedback and help make the GWN better. 12. GWN Subscription Information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|
