Gentoo Logo

Gentoo Weekly Newsletter: August 29th, 2005

Content:

1.  Gentoo news

Gentoo documentation updates

The Gentoo documentation has been amazing users ever since the project started five years ago, but even for an impressive collection it represents today, there's still plenty of room for growth. Even when everything else is somewhat slowing down over the summer, the documentation team does some catching up with development and continues to publish and update texts left and right. Among other things, two entirely new guides have been contributed last week:

Tim Yamin's guide on genkernel has been updated again, too, reflecting changes that have been introduced for the 2005.1 release. Equally updated was the page that collects articles published by Gentoo authors in different media, many of them on the IBM developer works pages. By the way, if you're interested in popularity statistics of the different items on offer at the documentation project, check the Topdocs page once in a while!

2.  Heard in the community

gentoo-dev

Fixing the TERM mess

Ciaran McCreesh gives an exhaustive explanation of the differences between different terminals (e.g. xterm, konsole, Gnome Terminal) and why the current behaviour is mostly broken. He also explains the two competing methods for finding terminal capabilities (termcap and terminfo) and their differences. There are a few possibilities for sorting out this suboptimal situation - read on to find out all the details!

Multiple portage threads

While on the surface Portage development seems to have come to a standstill much is happening behind the scenes. Some of the design decisions for the upcoming new-and-improved Portage are rather radical or will change existing behaviour dramatically enough for multiple threads discussing Portage internals and changes this week:

[RFC] autotools support eclass

There is a lot of black magic in the build tools known as "autotools". While many developers try to stay away from them, some are forced to work with them and try to improve the handling of autotools in Gentoo. A proposal by Diego Pettenò for an autotools support eclass to help with autotools magic is discussed in much detail in this thread.

3.  Gentoo international

Sweden: Gentoo-based Mupper rescue CD for PegasosPPC


Figure 3.1: Mupper logo

Fig. 1: Mupper

Last Saturday Mikael Karlsson, known as lisardman to his local Linux User Group and others, released version 0.3 of his "Mupper" project. A rescue system similar to Dolphin or SystemRescueCd, Mupper is also based on Gentoo Linux, but designed especially for PegasosPPCs, namely for Gentoo sponsor Genesi's Open Desktop Workstations. Mupper carries several tools like parted to be expected in rescue media, and offers support for the AmigaFFS and many other filesystems.

4.  Gentoo in the press

Linux Journal (25 August 2005)

Just in case you've always wanted to set up and run a call center, Michael George's article in Linux Journal tells you how to do it, with a little help from his friends Gentoo, the Linux Terminal Server Project, soft-phone application kphone, and a few terminals and headsets. The result leaves nothing to desire in terms of comfort and usability compared to expensive commercial solutions, but the use of readily available open-source solutions keeps the project from outgrowing the tight budget of the not-for-profit association it's being set up for.

Linux.com (26 August 2005)

The Puerto-Rican commercial Gentoo spin-off Vidalinux has released a new version 1.2 recently, and Linux.com author Jem Matzan wrote a review of VLOS 1.2 that couldn't possibly be any less indulgent. Vidalinux (basically Gentoo with Red Hat's Anaconda installer screwed on top) pretty much evolves along the same lines as Gentoo itself, but Matzan compares it to other commercial vendors, and consequently isn't impressed at all: "The changes and enhancements to this edition are significant, but not good enough to save this conceptually astute operating system from failure." Vidalinux apparently did put some effort into the modification of one of the Portage GUI projects -- Porthole -- and rebaptized it Yukiyu, but "while it's no trouble to use the preinstalled applications, you'll run into problems trying to update current packages or install new software through Yukiyu."

5.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • Michael Cummings

Adds

The following developers recently joined the Gentoo Linux team:

  • None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

6.  Gentoo Security

Evolution: Format string vulnerabilities

Evolution is vulnerable to format string vulnerabilities which may result in remote execution of arbitrary code.

For more information, please see the GLSA Announcement

PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute arbitrary PHP script commands.

For more information, please see the GLSA Announcement

TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC

TikiWiki and eGroupWare both include PHP XML-RPC code vulnerable to arbitrary command execution.

For more information, please see the GLSA Announcement

Apache 2.0: Denial of Service vulnerability

A bug in Apache may allow a remote attacker to perform a Denial of Service attack.

For more information, please see the GLSA Announcement

Tor: Information disclosure

A flaw in Tor leads to the disclosure of information and the loss of anonymity, integrity and confidentiality.

For more information, please see the GLSA Announcement

libpcre: Heap integer overflow

libpcre is vulnerable to a heap integer overflow, possibly leading to the execution of arbitrary code.

For more information, please see the GLSA Announcement

PhpWiki: Arbitrary command execution through XML-RPC

PhpWiki includes PHP XML-RPC code which is vulnerable to arbitrary command execution.

For more information, please see the GLSA Announcement

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 21 August 2005 and 28 August 2005, activity on the site has resulted in:

  • 791 new bugs during this period
  • 391 bugs closed or resolved during this period
  • 51 previously closed bugs were reopened this period

Of the 8038 currently open bugs: 103 are labeled 'blocker', 198 are labeled 'critical', and 529 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated August 29, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 29 August 2005.

Ulrich Plate
Editor

Patrick Lauer
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.