Gentoo Weekly Newsletter: 24 April 2006OpenLDAP Version 2.3 will be unmasked during this week. There are many new features and some incompatibilities:
Subforums layout for forums.gentoo.org Subforums have been in use on forums.gentoo.org for a while now, but before creating further subforums we are looking to see if the layout could be improved. There are some alternative layout proposals and the forums team would like to get some input on what people prefer. A thread showing some examples of possible implementations including a poll has been set up on the forums. Please take some time to review them, vote and/or comment on them. Gentoo Forums Improvements Since the last upgrade of the Gentoo Forums announced in the GWN of the previous week, the internationalization of the Gentoo Forums continues, with even more languages translated, as well as many more parts that until now were in English. Apart from that, some security enhancements and restrictions have been incorporated into the current stable version of the Gentoo Forums. Finally, a very significant bug that was affecting the moderators was finally dispatched. You can see the full update log if you follow the appropiate link below. Is Gentoo more expensive than Red Hat? One of our users, drakkan, who has been a fellow Gentoo User for over two years, explains that he is afraid that it is more expensive to maintain Gentoo servers than Red Hat ones. Two important reasons are the constant need of recompilation of packages which takes some time, but also the change in configuration files. Find out more about this in the thread below. Documentation, Tips & Tricks: Trackball configuration in modular xorg davidgurvich has started a very nice tricks thread where he explains that there is no longer any need to use xmodmap with xorg-x11 7 to modify which buttons point where as there seems to be a new option for that within xorg.conf, "ButtonMapping". Get into the discussion and read more about this topic in the thread below. Automatically killing invalid CFLAGS/warning about bad CFLAGS The AMD64 team has been testing an addition to the profile.bashrc that filters CFLAGS that are unrecognized by gcc. As it seems to work quite well it could be implemented globally to reduce the number of bugs and errors due to bad CFLAGS, potentially at the cost of flexibility. Enroll users for testing packages In the quest for better testing of packages Eldad Zack proposes to allow users to give more feedback on testing packages. The Arch Tester program tries to fill that niche, but it is still hard for users to get involved without spending too much of their time for Gentoo. Gentoo theming during bootup In one of the bigger threads of the last weeks Donnie Berkholz asks for some help in creating an easy-to-install Gentoo theme for bootup. From this start the thread goes into a heated debate on branding - should Gentoo offer things as they are shipped by upstream or patch them to have a Gentoo look? Steve Dibb has written a nice Howto on dynamic DNS to point to a host residing anywhere on a DSL or other access line with changing IP addresses. Hosted on the inofficial Gentoo Wiki, the article goes into great detail explaining the entire process, from registering a domain name to using the services of a dynamic domain name resolver -- EveryDNS in his example -- to follow an ISP's dynamic IP address allocation. The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
libapreq2: Denial of Service vulnerability A vulnerability has been reported in libapreq2 which could lead to a Denial of Service. For more information, please see the GLSA Announcement Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. For more information, please see the GLSA Announcement xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK colour space incorrectly, potentially resulting in the execution of arbitrary code. For more information, please see the GLSA Announcement Crossfire server: Denial of Service and potential arbitrary code execution The Crossfire game server is vulnerable to a Denial of Service and potentially to the execution of arbitrary code. For more information, please see the GLSA Announcement Mozilla Firefox: Multiple vulnerabilities Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leaks. For more information, please see the GLSA Announcement fbida: Insecure temporary file creation fbida is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files. For more information, please see the GLSA Announcement Dia: Arbitrary code execution through XFig import Buffer overflows in Dia's XFig import could allow remote attackers to execute arbitrary code. For more information, please see the GLSA Announcement The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 16 April 2006 and 23 April 2006, activity on the site has resulted in:
Of the 9766 currently open bugs: 60 are labeled 'blocker', 144 are labeled 'critical', and 520 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Please send us your feedback and help make the GWN better. 8. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|