Gentoo Logo

Gentoo Weekly Newsletter: September 26th, 2005

Content:

1.  Gentoo news

New IRC channel for ebuilders

A new IRC channel, #gentoo-dev-help, is being officially announced as a place for prospective developers, ebuild authors, bug hunters, and the like to gather and trade tips and tricks about Gentoo's best practices. This channel has been newly established on irc.freenode.net since many people don't have a voice in #gentoo-dev, and to relieve the questions that are being posed in #gentoo-portage. The creators hope to attract Gentoo users, potential developers, and prospective arch testers who have questions that are more in-depth than a high volume channel like #gentoo can answer, without distracting the busy Gentoo developers from their core activities. Any developers interested in passing on their skills are welcome to come and join the new channel. In the interest of staying on topic all installation questions will be referred back to #gentoo, but all other Gentoo-related issues are fair game.

2.  Heard in the community

Web forums

Apache blowout

Forum regular loki99 had a busy Saturday trying to contain the fury of those who got angered by the latest Apache upgrade in Gentoo Linux. Whether you agree with its provocative title or not, the thread is definitely worth watching as it has Gentoo developer Bryan Østergaard chiming in with a thorough explanation of what went up and why:

KDE 3.5 beta-ebuilds test thread

Gentoo developer Chris White rounds up a group of testers for the release of KDE 3.5, check the sticky mini-HOWTO for details on how to participate:

gentoo-dev

Marking packages stable on x86

As a consequence of GLEP 40, the new x86 arch team policy for stabling packages on x86 has changed. For end-users this will most likely have no side-effects except that packages are expected to become stable in a more timely fashion.

Vice and virtues of static libraries

A long thread about the pros and cons of having static libraries around, also some packages that show "unexpected" behaviour ("if static ncurses is unavailable, the bash ebuild will use the bundled gnutermcap (which is bad)"). You will also find a short discussion on whether to use a new USE-flag for it (or maybe abuse USE="minimal"?).

"Commercial" software in portage

Every now and then GLEP 23 gets resurrected - which means that some people want to be able to disallow packagess based on the license. Especially non-free software with restrictions on the data files would be nice to have a warning ("You need the original Game-CD to install this!"), but as long as portage doesn't implement GLEP 23 any changes to current behaviour will be a bit patchy. Some ideas like overlays (split out all non-free ebuilds) were discussed and mostly dismissed.

3.  Gentoo international

Germany: Gentoo developer conference call for papers

A reminder for all those actively considering a paper presentation at the European conference for Gentoo developers in November: please submit your proposals before 30 September. The same form used for registering to the event can be used for submissions of topics and brief outlines of planned presentation.

4.  Gentoo in the press

The Register (23 September 2005)

In a letter to the editor, weathered sysadmin Eoin refutes the idea of a Windows-only standard for operating systems on USB sticks that the The Register had been reporting about earlier. "Your article regarding the new U3 standard was mostly correct, baring your final assertion that Linux does not support this. As far as I can tell the idea actually evolved from the Linux heads," writes Eoin, happily acknowledging that whenever one of those Linux heads with distros on a stick visits his offices, they generally know what they're doing: "These people are using 2-4GB USB drives with almost complete versions of Gentoo and Red Hat running on them - all very impressive and thankfully I don't need to attempt (and fail) to support them if something goes wrong."

5.  Moves, adds, and changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • None this week

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • Daniel Gryniewicz (dang) - operational lead for AMD64 arch testers

6.  Gentoo Security

Apache, mod_ssl: Multiple vulnerabilities

mod_ssl and Apache are vulnerable to a restriction bypass and a potential local privilege escalation.

For more information, please see the GLSA Announcement

Clam AntiVirus: Multiple vulnerabilities

Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service to execution of arbitrary code when handling compressed executables.

For more information, please see the GLSA Announcement

Zebedee: Denial of Service vulnerability

A bug in Zebedee allows a remote attacker to perform a Denial of Service attack.

For more information, please see the GLSA Announcement

util-linux: umount command validation error

A command validation error in umount can lead to an escalation of privileges.

For more information, please see the GLSA Announcement

Mantis: XSS and SQL injection vulnerabilities

Mantis is affected by an SQL injection and several cross-site scripting (XSS) vulnerabilities.

For more information, please see the GLSA Announcement

Webmin, Usermin: Remote code execution through PAM authentication

If Webmin or Usermin is configured to use full PAM conversations, it is vulnerable to the remote execution of arbitrary code with root privileges.

For more information, please see the GLSA Announcement

7.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 18 September 2005 and 25 September 2005, activity on the site has resulted in:

  • 798 new bugs during this period
  • 366 bugs closed or resolved during this period
  • 39 previously closed bugs were reopened this period

Of the 8405 currently open bugs: 98 are labeled 'blocker', 189 are labeled 'critical', and 554 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated September 26, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 26 September 2005.

Ulrich Plate
Editor

Patrick Lauer
Author

Tres Melton
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.