Gentoo Weekly Newsletter: March 21st, 2005

1.  Gentoo News

Additions to the documentation collection

Sven Vermeulen, Forum moderator Ioannis Aslanidis and reviewer Hartwig Brandl have collated a guide on how to interpret the error codes of the GRUB bootloader, based on an impressive 16-page-thread in the Gentoo Forums. Other recent additions to the Gentoo documentation include:

• The Gentoo mailfiltering gateway guide by Sune Kloppenborg Jeppesen covers spam-fighting technologies and anti-virus protection.
• Of particular interest since the release of KDE 3.4 last week will be the KDE Split Ebuilds HOWTO by Gentoo's KDE maintainer Dan Armak
• An entirely new UTF-8 Guide has been writte by Thomas Martin, with lots of information on the background of Unicode and UTF-8, and practical tips to make it work in Gentoo Linux.

Many other parts of the documentation have been revised and enhanced over the past few weeks, check for changes in the Documentation Project's status updates of additions and changes to the growing resource.

2.  Heard in the community

Web forums

Acrobat Reader 7 for Linux released?

Among the usual whoopies and yeehas that greet the arrival of software everybody has been eagerly waiting for, the new release of acroread has its difficulties. The thread provides a workaround for using the plugin in Firefox, but doesn't have an answer to the lack of Asian fonts. Yet... Turned out this seems to have been a preliminary release only after all.

• acroread 7?

gentoo-bsd

Reasons for Gentoo/FreeBSD

Curious about what Portage can offer compared to FreeBSD's native ports system, Gentoo Linux user and GWN translator Matthias F. Brandstetter asked on the gentoo-bsd mailing list: "What's the purpose of Gentoo/FreeBSD, or what should it be?" Gentoo developer Grant Goodyear pointed out that he prefers the simple bash syntax of ebuilds over FreeBSD's (ab)use of make. Other answers pointed to USE flags and Portage's handling of config files:

• Why to use Gentoo/FreeBSD?

gentoo-dev

Summary of PPC meeting

Lars Weiler summarizes the last PPC team meeting, where many things were discussed:

• project management elections
• future goals
• AltiVec in portage
• QEMU ABI wrapper
• Kernel issues
• LiveCD
• ppc64 and ppc merger

• Summary of PPC meeting

Xen in portage?

Mike Frysinger asks if any developers are interested in getting the Xen virtualization system into the Portage tree.

• Xen in portage?

giflib and ungiflib hell

Chris White starts a discussion on the libgif / libungif packages since they provide similar features, but libungif is deprecated. This resolved to the removal of libungif from portage.

• giflib and libungif hell

3.  Gentoo International

Japan: Open Source Conference 2005

Looking for an impromptu vacation spot to spend the Easter weekend? Tokyo is particularly nice at this time of the year, and it has the annual Open Source Conference on Friday 25 and Saturday 26 March 2005. Presentation tracks will be focussing on fonts and Japanese input methods this year, Ruby and XOOPS, a database seminar and an Openoffice.org corner are among the other highlights of this event which also includes an exhibition space for Japanese open-source projects, to be held at the Japan Electronics College in Okubo, a north-western district of Tokyo. GentooJP will be present on Saturday morning from 10:00 to 12:50 with a "Gentoo Linux Installfest", a live demonstration of the 2005.0 release being installed on virgin hardware, which obviously beats cherry-blossom viewing in public appeal -- partly because on that latitude they're not quite in full bloom by then, you'd have to fly down south to Kyushu for that... Seating at the Installfest is limited to 40 people, please register for the Gentoo installation event if you plan on attending (all links in Japanese only).

Figure 3.1: GentooJP

4.  Gentoo in the press

Netcraft (14 March 2005)

Netcraft Ltd., a well-known Internet services company that, among other things, provides research data and analysis on many aspects of the Internet, recently analyzed the growth of Linux distributions in their web server survey. According to the results, Gentoo Linux "continues to roughly double each year, albeit from a low base". In the past six months the number of websites that run on Gentoo Linux has increased by 45.1 percent, to a total of 63,160.

Newsforge (18 March 2005)

Tom Chance's account of a Gentoo Linux installation has been published on the Newsforge website. He describes the way Gentoo works, not just in technical terms, but also what's most appealing to him as a Gentoo user: "I appreciate the simple, solid package and configuration management systems that keep out of my way; I appreciate the helpful documentation; I find the user forums indispensable; and I appreciate the community approach enshrined in Gentoo's social contract."

5.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

• None this week

Adds

The following developers recently joined the Gentoo Linux team:

• None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

• Chris White (ChrisWhite) and Rajiv Manglani (rajiv) have left the Security Project
• Mike Frysinger (vapier) has joined the Security Project
• Tavis Ormandy (taviso) and Rob Holland (tigger) have been appointed auditors of the Security Project

6.  Gentoo security

Ringtone Tools: Buffer overflow vulnerability

The Ringtone Tools utilities contain a buffer overflow vulnerability, potentially leading to the execution of arbitrary code.

For more information, please see the GLSA Announcement

MySQL: Multiple vulnerabilities

MySQL contains several vulnerabilities potentially leading to the overwriting of local files or to the execution of arbitrary code.

For more information, please see the GLSA Announcement

curl: NTLM response buffer overflow

curl is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

Grip: CDDB response overflow

Grip contains a buffer overflow that can be triggered by a large CDDB response, potentially allowing the execution of arbitrary code.

For more information, please see the GLSA Announcement

KDE: Local Denial of Service

KDE is vulnerable to a local Denial of Service attack.

For more information, please see the GLSA Announcement

rxvt-unicode: Buffer overflow

rxvt-unicode is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

LTris: Buffer overflow

LTris is vulnerable to a buffer overflow which could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

OpenSLP: Multiple buffer overflows

Multiple buffer overflows have been found in OpenSLP, which could lead to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Sylpheed, Sylpheed-claws: Message reply overflow

Sylpheed and Sylpheed-claws contain a vulnerability that can be triggered when replying to specially crafted messages.

For more information, please see the GLSA Announcement

7.  Bugzilla

Summary

• Statistics
• Closed bug ranking
• New bug rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 13 March 2005 and 20 March 2005, activity on the site has resulted in:

• 930 new bugs during this period
• 527 bugs closed or resolved during this period
• 28 previously closed bugs were reopened this period

Of the 8324 currently open bugs: 93 are labeled 'blocker', 233 are labeled 'critical', and 604 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

• Gentoo KDE team, with 29 closed bugs
• media-video herd, with 21 closed bugs
• Gentoo Games, with 20 closed bugs
• Gentoo Security, with 19 closed bugs
• Gentoo's Team for Core System packages, with 19 closed bugs
• Perl Devs @ Gentoo, with 18 closed bugs
• Gentoo Linux Gnome Desktop Team, with 18 closed bugs
• AMD64 Porting Team, with 18 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

• AMD64 Porting Team, with 39 new bugs
• App-Backup Herd, with 35 new bugs
• Gentoo Sound Team, with 21 new bugs
• Gentoo Linux Gnome Desktop Team, with 14 new bugs
• Gentoo X-windows packagers, with 13 new bugs
• Gentoo Toolchain Maintainers, with 13 new bugs
• Gentoo Kernel Bug Wranglers and Kernel Maintainers, with 11 new bugs
• Mozilla Gentoo Team, with 10 new bugs

8.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

9.  GWN feedback

Please send us your feedback and help make the GWN better.

10.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

11.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

• Danish
• Dutch
• English
• German
• French
• Japanese
• Italian
• Polish
• Portuguese (Brazil)
• Portuguese (Portugal)
• Russian
• Spanish
• Turkish