Documentation project status update
Another update from the busy Gentoo documentation project has been published last weekend, this one filled mostly with modifications to existing guides. Some of those have already been featured in past GWNs, like the GCC upgrading guide, while others have passed mostly unnoticed, but deserve a much broader audience, like the Gentoo home router guide featuring instructions how to configure a kernel for ADSL/PPPoE connectivity. Have a look at the whole status update for more changes to several pieces of documentation.
As with every work in progress, your input is much appreciated: after the removal of stage 1 and 2 instructions from the handbook (now part of the Gentoo FAQ), the GDP has set off on a mission to write an entirely new bootstrapping guide. The new document will discuss the reasons for bootstrapping, the creation of installation media for unsupported platforms and other topics. A draft bootstrapping guide is now waiting for your feedback; please contact Sven Vermeulen if you're knowledgeable about these things and would like to comment on the current state of the document.
Germany: Gentoo Summer Camp errata
GSC initiator and German Gentoo Forum moderator slick points to an important error that slipped through quality control in the previous GWN: "Cold beverages are unfortunately not included in the 10 Euro participation fee per person and night," he says. These and other details, like the final venue, who to bring and what to expect is being discussed at the GSC organizers' forum (German and English).
Genesi press release (18 December 2005)
Gentoo developer Pieter Van den Abeele appears in a picture from the first Power.org investor community event last week in Palo Alto, shot during a presentation of his Gentoo-driven Genesi Home Media Center, a feature-rich digital video recorder based on the PegasosPPC platform. The station's internal design won an award at the Freescale conference in June, and is hand-made on order, with a brushed aluminium case thrown in for good measure. Gentoo-sponsor Genesi's press release describes the POWER venture capital symposium as "presenting proof points for potential investors in the Power.org community" and links to a presentation on "Building Future Products; Tools, enablement, community, accelerators."
KDE Developer Navindra Umanee announces the move of KDE Dot News servers to being hosted at the OSUOSL (Oregon State University Open Source Labs). He is "truly impressed" by the combination of Gentoo Linux provided by the OSL in a Xen virtual machine: "Xen is completely transparent to the typical VM user and if I didn't know better I'd think we had a dedicated machine," says Navindra. This is the first Gentoo server he's encountered so far, and compiling everything from source "is starting to get a little old," but emerge has won a new fan nonetheless: "It has been extremely easy to pull in and configure any extra software we needed -- a simple emerge usually does the trick."
The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
Openswan and IPsec-Tools suffer from an implementation flaw which may allow a Denial of Service attack.
For more information, please see the GLSA Announcement
Xmail: Privilege escalation through sendmail
The sendmail program in Xmail is vulnerable to a buffer overflow, potentially resulting in local privilege escalation.
For more information, please see the GLSA Announcement
Ethereal: Buffer overflow in OSPF protocol dissector
Ethereal is missing bounds checking in the OSPF protocol dissector that could lead to abnormal program termination or the execution of arbitrary code.
For more information, please see the GLSA Announcement
OpenLDAP, Gauche: RUNPATH issues
OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the "portage" group to escalate privileges.
For more information, please see the GLSA Announcement
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and Poppler potentially resulting in the execution of arbitrary code.
For more information, please see the GLSA Announcement
cURL: Off-by-one errors in URL handling
cURL is vulnerable to local arbitrary code execution via buffer overflow due to the insecure parsing of URLs.
For more information, please see the GLSA Announcement
Opera: Command-line URL shell command injection
Lack of URL validation in Opera command-line wrapper could be abused to execute arbitrary commands.
For more information, please see the GLSA Announcement
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 11 December 2005 and 18 December 2005, activity on the site has resulted in:
Of the 9048 currently open bugs: 91 are labeled 'blocker', 190 are labeled 'critical', and 531 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better.
8. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: