Gentoo Logo

Gentoo Weekly Newsletter: 20 February 2006

Content:

1.  Gentoo news

FOSDEM to open gates on Saturday

Europe's finest and grandest open-source developer conference, FOSDEM, will be held this coming weekend (25 and 26 February) in Brussels. Gentoo has a booth in the exhibition area with various architectures on display on both Saturday and Sunday. For the second year in a row, Gentoo will underline its role in development with its own "devroom", featuring an entire day of presentations by Gentoo developers, most of them open to the public, except for an internal Gentoo dev meeting around lunch time. The Gentoo Devroom will be held on Sunday, 26 February, and the schedule -- subject to change on short notice, but reasonably stable as of today -- spans from 9:00 to 16:30 hours.

The European Gentoo devs are particularly happy about three overseas visitors, release engineering lead and x86 release coordinator Chris Gianelloni and AMD64 developer Mike Doty from the US, and CJK maintainer Mamoru Komachi from Japan will join their European colleagues in the dev room.

A social event for the Gentoo developers in Brussels is scheduled for Saturday night, if you would like to participate in the dinner, please send a message to organizer Patrick Lauer.

Request for comments: Qmail to move on

The Qmail team is investigating ongoing maintenance of qmail in the Portage tree, and moving towards netqmail. They are considering changing their patching policy to move towards having a single large combined patch which would be the result of merging all the existing patches used.

In attempting to undertake this, they are also interested in which of qmail's functionality is unused and which ones are missing.

  • Do you use something other than qmail to handle the SMTP frontend? Qsmtp, qpsmtp, mailfront? Additional scripts from qmail-spp?
  • Are there any users of qmail-mysql at all? The last bug dates from late 2003. If there is no demand for the package, we wish to drop it from the tree.
  • Any users experienced with maintaining and modifying qmail-ldap? Please contact them, since they need more qmail-ldap experience as the original developer handling it has moved on.

Note: Please contact them at qmail-bugs@gentoo.org, they would love to hear from you.

2.  Heard in the community

gentoo-dev

Berlios-hosted SRC_URI components

The Berlios project offers hosting for Open Source projects, including CVS and file mirrors. After a restructuring of their (often overloaded) servers the download source location has changed - direct URIs are no longer used, instead a URI with a "magic key" is used. Also each download tarball seems to have an extra "garbage" byte, effectively breaking digests as they are used for Gentoo downloads. This means that as long as Berlios does not change their policy all SRC_URIs in ebuilds need to be changed and fetching files may fail due to digest mismatches. Discussion is still ongoing as to how the situation should be handled.

Bugzilla etiquette suggestions

As there are often incomplete or duplicate bugs filed on our bugzilla the bugwranglers (the persons sorting and assigning bugs) sometimes respond in ways that are perceived to be very negative by the person filing the bug. Especially the INVALID bug resolution can often cause a very emotional response. Daniel Drake offers some suggestions for developers to avoid unneeded conflicts with bugs, but the following discussion also has some hints for users that wish to file bugs.

Gentoo Council Meeting Summary (20060209)

The monthly meeting of the Gentoo Council happened on February 9th. The only point on the regular agenda was GLEP 44 (Manifest2 support) which was delayed until some technical issues are resolved.

3.  Gentoo international

UK: Kaboot, a Gentoo-based distribution

Kaboot is a Gentoo-based Linux-LiveCD distribution. Currently available in four flavours, Recovery, Lite, Science and -- just released -- Kaboot Komplete, Kaboot aims to provide an OS on a CD or USB which you can take anywhere with you and will boot any system. Development is progressing steadily, and the author Hanni Ali hopes to release the first USB versions in early March. The ISOs of the currently available versions vary in size from just over 80MB to around 550MB.

4.  Gentoo in the press

Mactel Linux (16 February 2006)

Various online media including Slashdot, engadget and PC Magazine were quick to pick up the success story of Edgar Hucek's Linux installation on one of the new Intel-driven Macintosh PCs, a 17" iMac with dual core. "Using elilo and a modified Linux kernel, we can boot from a USB hard disk on the 17" iMac Core Duo. We are using the hacked vesafb driver to inherit the bootloader's framebuffer. Gentoo runs and can compile the Linux kernel," states the project's website. Congratulations!

PC Web (7 February 2006, in Japanese)

Gentoo's BSD project got an honorable mention in one of Japan's most important online computer magazines, PC Web. Quoting from a thread in the BSD mailing list, author Daichi Goto points to "Gentoo GNU/kFreeBSD" as using the best of both worlds: userland from Gentoo, kernel from FreeBSD. Interesting even to those unable to read Japanese, the article carries four screenshots of a working installation.

5.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • None this week

Adds

The following developers recently joined the Gentoo project:

  • None this week

Changes

The following developers recently changed roles within the Gentoo project:

  • None this week

6.  Gentoo Security

Xpdf, Poppler: Heap overflow

Xpdf and Poppler are vulnerable to a heap overflow that may be exploited to execute arbitrary code.

For more information, please see the GLSA Announcement

KPdf: Heap based overflow

KPdf includes vulnerable Xpdf code to handle PDF files, making it vulnerable to the execution of arbitrary code.

For more information, please see the GLSA Announcement

ImageMagick: Format string vulnerability

A vulnerability in ImageMagick allows attackers to crash the application and potentially execute arbitrary code.

For more information, please see the GLSA Announcement

Sun JDK/JRE: Applet privilege escalation

Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do not adequately constrain applets from privilege escalation and arbitrary code execution.

For more information, please see the GLSA Announcement

libtasn1, GNU TLS: Security flaw in DER decoding

A flaw in the parsing of Distinguished Encoding Rules (DER) has been discovered in libtasn1, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

BomberClone: Remote execution of arbitrary code

BomberClone is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code.

For more information, please see the GLSA Announcement

GnuPG: Incorrect signature verification

Applications relying on GnuPG to authenticate digital signatures may incorrectly believe a signature has been verified.

For more information, please see the GLSA Announcement

7.  Bugzilla

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 12 February 2006 and 19 February 2006, activity on the site has resulted in:

  • 815 new bugs during this period
  • 442 bugs closed or resolved during this period
  • 28 previously closed bugs were reopened this period

Of the 9341 currently open bugs: 75 are labeled 'blocker', 152 are labeled 'critical', and 526 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn+unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated February 20, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 20 February 2006.

Ulrich Plate
Editor

Robin H. Johnson
Author

Patrick Lauer
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.