Gentoo Logo

Gentoo Weekly Newsletter: 19 December 2005

Content:

1.  Gentoo news

Documentation project status update

Another update from the busy Gentoo documentation project has been published last weekend, this one filled mostly with modifications to existing guides. Some of those have already been featured in past GWNs, like the GCC upgrading guide, while others have passed mostly unnoticed, but deserve a much broader audience, like the Gentoo home router guide featuring instructions how to configure a kernel for ADSL/PPPoE connectivity. Have a look at the whole status update for more changes to several pieces of documentation.

As with every work in progress, your input is much appreciated: after the removal of stage 1 and 2 instructions from the handbook (now part of the Gentoo FAQ), the GDP has set off on a mission to write an entirely new bootstrapping guide. The new document will discuss the reasons for bootstrapping, the creation of installation media for unsupported platforms and other topics. A draft bootstrapping guide is now waiting for your feedback; please contact Sven Vermeulen if you're knowledgeable about these things and would like to comment on the current state of the document.

2.  Gentoo international

Germany: Gentoo Summer Camp errata

GSC initiator and German Gentoo Forum moderator slick points to an important error that slipped through quality control in the previous GWN: "Cold beverages are unfortunately not included in the 10 Euro participation fee per person and night," he says. These and other details, like the final venue, who to bring and what to expect is being discussed at the GSC organizers' forum (German and English).

3.  Gentoo in the press

Genesi press release (18 December 2005)

Gentoo developer Pieter Van den Abeele appears in a picture from the first Power.org investor community event last week in Palo Alto, shot during a presentation of his Gentoo-driven Genesi Home Media Center, a feature-rich digital video recorder based on the PegasosPPC platform. The station's internal design won an award at the Freescale conference in June, and is hand-made on order, with a brushed aluminium case thrown in for good measure. Gentoo-sponsor Genesi's press release describes the POWER venture capital symposium as "presenting proof points for potential investors in the Power.org community" and links to a presentation on "Building Future Products; Tools, enablement, community, accelerators."

KDE.news (15 December 2005)

KDE Developer Navindra Umanee announces the move of KDE Dot News servers to being hosted at the OSUOSL (Oregon State University Open Source Labs). He is "truly impressed" by the combination of Gentoo Linux provided by the OSL in a Xen virtual machine: "Xen is completely transparent to the typical VM user and if I didn't know better I'd think we had a dedicated machine," says Navindra. This is the first Gentoo server he's encountered so far, and compiling everything from source "is starting to get a little old," but emerge has won a new fan nonetheless: "It has been extremely easy to pull in and configure any extra software we needed -- a simple emerge usually does the trick."

4.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • None this week

Adds

The following developers recently joined the Gentoo project:

  • None this week

Changes

The following developers recently changed roles within the Gentoo project:

  • None this week

5.  Gentoo Security

Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation

Openswan and IPsec-Tools suffer from an implementation flaw which may allow a Denial of Service attack.

For more information, please see the GLSA Announcement

Xmail: Privilege escalation through sendmail

The sendmail program in Xmail is vulnerable to a buffer overflow, potentially resulting in local privilege escalation.

For more information, please see the GLSA Announcement

Ethereal: Buffer overflow in OSPF protocol dissector

Ethereal is missing bounds checking in the OSPF protocol dissector that could lead to abnormal program termination or the execution of arbitrary code.

For more information, please see the GLSA Announcement

OpenLDAP, Gauche: RUNPATH issues

OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the "portage" group to escalate privileges.

For more information, please see the GLSA Announcement

Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and Poppler potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

cURL: Off-by-one errors in URL handling

cURL is vulnerable to local arbitrary code execution via buffer overflow due to the insecure parsing of URLs.

For more information, please see the GLSA Announcement

Opera: Command-line URL shell command injection

Lack of URL validation in Opera command-line wrapper could be abused to execute arbitrary commands.

For more information, please see the GLSA Announcement

6.  Bugzilla

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 11 December 2005 and 18 December 2005, activity on the site has resulted in:

  • 748 new bugs during this period
  • 398 bugs closed or resolved during this period
  • 32 previously closed bugs were reopened this period

Of the 9048 currently open bugs: 91 are labeled 'blocker', 190 are labeled 'critical', and 531 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  GWN feedback

Please send us your feedback and help make the GWN better.

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated December 19, 2005

Summary: This is the Gentoo Weekly Newsletter for the week of 19 December 2005.

Ulrich Plate
Editor

Chris White
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.