Gentoo Logo

Gentoo Weekly Newsletter: November 28th, 2005

Content:

1.  Gentoo news

Wireless security: wpa_supplicant vs. xsupplicant

Wi-Fi Protected Access (WPA and WPA2) is supported in Portage by two applications that do the exact same job, wpa_supplicant and xsupplicant. Developer Henrik Brix Andersen now calls for comments on his plans for deprecating the latter, which is currently neither entirely up to date nor integrated into Gentoo's new baselayout. Since wpa_supplicant appears to have more frequent releases and much more wide spread usage than xsupplicant, users who'd like to keep it in Portage nonetheless are asked to write him an email explaining why they prefer its use over wpa_supplicant.

Note: Comments are welcome at Henrik Brix Andersen's blog.

2.  Heard in the community

gentoo-dev

Decision to remove stage1/2 from installation documentation

The documentation project decided to move the stage 1/2 install documentation out of the default installation documentation. While this was meant to reduce installation errors and help new users by simplifying the documentation it caused many questions on the dev mailinglist whether stage 1/2 are still supported. In short, stage 1 and stage 2 will still be provided, but should no longer be used for a default installation as they provide little benefit and are the source of many avoidable bugs.

status of http://wwwredesign.gentoo.org

The website redesign project is coming along quite well. Curtis Napier asked for some feedback on his work and got a huge number of replies. Many changes were incorporated, and still the new site is being improved so that it can hopefully replace the "old" website soon.

Split ELF debug

Ned Ludd presents a portage feature that will most likely be implemented in 2.0.54: split debug info. This mildly obscure feature will split executables into the executable and debug information in a way that reduces executable size and still retains as much debug information as possible.

3.  Gentoo international

India: FOSS.IN conference with Gentoo participation

The only Gentoo developer in India, Shyam Mani, a resident of Bangalore, has organized a Gentoo booth at the FOSS.IN 2005, a four-day conference starting tomorrow, 29 November until 2 December 2005. Fellow developer Seemant Kulleen is traveling to India for the event and will give an introductory talk on Gentoo's "What and Why?", followed by Shyam and local Gentoo enthusiast Arun Raghavan with their presentations to fill an entire Gentoo afternoon on 30 November.

Japan: Bonenkai year-end party in Yokohama

On 15 December, the Japanese Gentooists will meet for their annual Bonenkai, the traditional year-end outing no Japanese organisation with more than three members could possibly skip. GWN lead translator Tomoyuki Sakurai chose the area around JR Sekiuchi station in Yokohama for this year's event, a change from the usual Tokyo, but within an hour from the Big Mikan's center. The venue will yet have to be decided, participation will set you back 4000 JPY. Please register with the gentoojp-misc@gentoo.gr.jp mailing list if you intend to come.

4.  Gentoo in the press

Newsforge (24 November 2005)

Bruce Byfield makes mention of Gentoo and Portage in an article inspired by Terry Pratchett's flat Discworld that resides on the back of a giant turtle. "It's turtles and modules all the way down" compares Linux to the neo-scholastic beliefs in Pratchett's fantasy universe, namely the introductin of components which "although some [of them] are not exactly hot-swappable, developers act as though they were, swapping out parts of the operating system and replacing them with improved versions." To Byfield, surprisingly enough, the absence of fixed parts in the Linux operating system turns out to be a good thing, not least because "unlike the turtles, the assumption of modularity happens to be verifiable."

O3 Magazine (Issue #1, November 2005)

The premier issue of a new magazine, O3, is available for download at no cost. Inside the "open-source enterprise data networking magazine", an article about lighttpd by Mathew J. Burford benchmarks this lightweight webserver "with a focus on performance, security and flexibility" on a Gentoo Linux system.

PR Web (21 November 2005)

Sumo Computer, mentioned in earlier GWNs for their choice of Gentoo as the operating system for the hardware they ship, has announced a new LAMP server. Based on the Kuro-Box, the system comes pre-configured and at a significantly lower price than its predecessor at Sumo Computer, 399 USD instead of 549 USD for the older model.

Securesystems (18 November 2005)

Developer Chris White has written an article about his Hardened installation on Gentoo sponsor Genesi's ODW platform. "Setting Up My PPC/Hardened/uClibc/RSBAC/PaX Kernel" describes in detail how he went about installing Hardened PPC, motivated because he "had heard support for it was fairly questionable."

5.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • None this week

Adds

The following developers recently joined the Gentoo project:

  • Marien Zwart (marienz) - Python, twisted, Portage
  • Jeroen Roovers (JeR) - HPPA

Changes

The following developers recently changed roles within the Gentoo project:

  • None this week

6.  Gentoo Security

GNUMP3d: Directory traversal and insecure temporary file creation

Two vulnerabilities have been identified in GNUMP3d allowing for limited directory traversal and insecure temporary file creation.

For more information, please see the GLSA Announcement

FUSE: mtab corruption through fusermount

The fusermount utility from FUSE can be abused to corrupt the /etc/mtab file contents, potentially allowing a local attacker to set unauthorized mount options.

For more information, please see the GLSA Announcement

phpSysInfo: Multiple vulnerabilities

phpSysInfo is vulnerable to multiple issues, including a local file inclusion leading to information disclosure and the potential execution of arbitrary code.

For more information, please see the GLSA Announcement

eix: Insecure temporary file creation

eix has an insecure temporary file creation vulnerability, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

Horde Application Framework: XSS vulnerability

The Horde Application Framework is vulnerable to a cross-site scripting vulnerability which could lead to the compromise of the victim's browser content.

For more information, please see the GLSA Announcement

Macromedia Flash Player: Remote arbitrary code execution

A vulnerability has been identified that allows arbitrary code execution on a user's system via the handling of malicious SWF files.

For more information, please see the GLSA Announcement

7.  Bugzilla

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 20 November 2005 and 27 November 2005, activity on the site has resulted in:

  • 623 new bugs during this period
  • 451 bugs closed or resolved during this period
  • 32 previously closed bugs were reopened this period

Of the 9020 currently open bugs: 104 are labeled 'blocker', 200 are labeled 'critical', and 556 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated November 28, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 28 November 2005.

Ulrich Plate
Editor

Patrick Lauer
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.