Gentoo Logo

Gentoo Weekly Newsletter: 24 April 2006

Content:

1.  Gentoo news

Major OpenLDAP upgrade ahead

OpenLDAP Version 2.3 will be unmasked during this week. There are many new features and some incompatibilities:

  • The slurpd sync method has been deprecated in favour of syncrepl
  • Existing databases need to be manually upgraded or they may get trashed, instructions can be found in the ebuilds.
  • Although the libraries from 2.1 or 2.2 are kept if installed, a revdep-rebuild is highly recommended
  • The dbm backend has been deprecated and is already removed in new upstream version (2.4alpha), migrating to a different backend (bdb or hdb) is recommended.

Subforums layout for forums.gentoo.org

Subforums have been in use on forums.gentoo.org for a while now, but before creating further subforums we are looking to see if the layout could be improved. There are some alternative layout proposals and the forums team would like to get some input on what people prefer. A thread showing some examples of possible implementations including a poll has been set up on the forums. Please take some time to review them, vote and/or comment on them.

2.  Heard in the community

Web forums

Gentoo Forums Improvements

Since the last upgrade of the Gentoo Forums announced in the GWN of the previous week, the internationalization of the Gentoo Forums continues, with even more languages translated, as well as many more parts that until now were in English. Apart from that, some security enhancements and restrictions have been incorporated into the current stable version of the Gentoo Forums. Finally, a very significant bug that was affecting the moderators was finally dispatched. You can see the full update log if you follow the appropiate link below.

Is Gentoo more expensive than Red Hat?

One of our users, drakkan, who has been a fellow Gentoo User for over two years, explains that he is afraid that it is more expensive to maintain Gentoo servers than Red Hat ones. Two important reasons are the constant need of recompilation of packages which takes some time, but also the change in configuration files. Find out more about this in the thread below.

Documentation, Tips & Tricks: Trackball configuration in modular xorg

davidgurvich has started a very nice tricks thread where he explains that there is no longer any need to use xmodmap with xorg-x11 7 to modify which buttons point where as there seems to be a new option for that within xorg.conf, "ButtonMapping". Get into the discussion and read more about this topic in the thread below.

gentoo-dev

Automatically killing invalid CFLAGS/warning about bad CFLAGS

The AMD64 team has been testing an addition to the profile.bashrc that filters CFLAGS that are unrecognized by gcc. As it seems to work quite well it could be implemented globally to reduce the number of bugs and errors due to bad CFLAGS, potentially at the cost of flexibility.

Enroll users for testing packages

In the quest for better testing of packages Eldad Zack proposes to allow users to give more feedback on testing packages. The Arch Tester program tries to fill that niche, but it is still hard for users to get involved without spending too much of their time for Gentoo.

Gentoo theming during bootup

In one of the bigger threads of the last weeks Donnie Berkholz asks for some help in creating an easy-to-install Gentoo theme for bootup. From this start the thread goes into a heated debate on branding - should Gentoo offer things as they are shipped by upstream or patch them to have a Gentoo look?

3.  Gentoo in the press

Gentoo Wiki (23 April 2006)

Steve Dibb has written a nice Howto on dynamic DNS to point to a host residing anywhere on a DSL or other access line with changing IP addresses. Hosted on the inofficial Gentoo Wiki, the article goes into great detail explaining the entire process, from registering a domain name to using the services of a dynamic domain name resolver -- EveryDNS in his example -- to follow an ISP's dynamic IP address allocation.

4.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • None this week

Adds

The following developers recently joined the Gentoo project:

  • Thilo Bangert (bangert) - net-mail herd

Changes

The following developers recently changed roles within the Gentoo project:

  • Denis Dupeyron (calchan) - joined the embedded herd

5.  Gentoo Security

libapreq2: Denial of Service vulnerability

A vulnerability has been reported in libapreq2 which could lead to a Denial of Service.

For more information, please see the GLSA Announcement

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service.

For more information, please see the GLSA Announcement

zgv, xzgv: Heap overflow

xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK colour space incorrectly, potentially resulting in the execution of arbitrary code.

For more information, please see the GLSA Announcement

Crossfire server: Denial of Service and potential arbitrary code execution

The Crossfire game server is vulnerable to a Denial of Service and potentially to the execution of arbitrary code.

For more information, please see the GLSA Announcement

Mozilla Firefox: Multiple vulnerabilities

Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leaks.

For more information, please see the GLSA Announcement

fbida: Insecure temporary file creation

fbida is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

Dia: Arbitrary code execution through XFig import

Buffer overflows in Dia's XFig import could allow remote attackers to execute arbitrary code.

For more information, please see the GLSA Announcement

6.  Bugzilla

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 16 April 2006 and 23 April 2006, activity on the site has resulted in:

  • 799 new bugs during this period
  • 470 bugs closed or resolved during this period
  • 38 previously closed bugs were reopened this period

Of the 9766 currently open bugs: 60 are labeled 'blocker', 144 are labeled 'critical', and 520 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  GWN feedback

Please send us your feedback and help make the GWN better.

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated April 24, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 24 April 2006.

Ulrich Plate
Editor

Ioannis Aslanidis
Author

Wernfried Haas
Author

Patrick Lauer
Author

Markus Ullmann
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.