Gentoo Logo

Gentoo Weekly Newsletter: 8 May 2006

Content:

1.  Gentoo news

Improved Ada support in Portage - split ebuilds for gnat

"New generation" dev-ada/gnat-xxx compilers are now in Portage. They follow the upstream more closely (now you get gnat-gcc to follow FSF's in-gcc sources, and gnat-gpl to represent "official" AdaCore's code). toolchain.eclass procedures are also more closely observed, allowing for better integration with system gcc and better multilib support, and the new compilers are properly SLOTted and can be installed in parallel (so that you can have gnat-gcc-3.4.6, gnat-gcc-4.1.0 and gnat-gpl-3.4.5.1 installed all at once). The selection of the active gnat is performed via an eselect-gnat module in the usual manner. Work is under way to enhance support for Ada libraries, so that they are built for each installed gnat and can be switched on the fly. Anybody interested in helping is cordially invited to visit the corresponding bug. This includes a call for a long-term Ada maintainer, too. Actual support work should be relatively easy now that the transition itself is over, but candidates should be able to make sense of the gnatbuild.eclass, gnat.eclass and toolchain.eclass (and related), in addition, of course, to generally know your way around ebuilds. Contact George Shapovalov if you're interested.

Gnome 2.14 in Portage

GNOME 2.14 came out of package.mask this weekend. The tracker bug is located at bug #119872. Highlights of the release include performance boosts and improvements to various applications and routines, and can be found at the Gnome website. If you have any problems upgrading, please search bugzilla or wander into #gentoo-desktop on irc.freenode.net.

2.  Heard in the community

gentoo-dev

Heritage

Joshua Jackson starts a discussion on the heritage and the historic "symbols" of Gentoo - Larry the Cow, the floating alien guy and so on. In the website redesign some of these have been removed. Should we keep these leftovers from the old times or should we move on?

coldplug and hotplug

Our baselayout magician Roy Marples started a discussion on the behaviour of hotplug and coldplug - coldplug events can be limited via the RC_COLDPLUG variable while hotplug does not. To unify this he proposed a few changes, but then the discussion drifted away to problems with udev and coldplug: Some users report problems with newer udev versions automatically loading drivers and want to be able to completely disable this behaviour.

Having fun with compression

As an experiment to see if distfile downloads could be shrunk Patrick Lauer did some tests converting from gzip to bzip2 and 7zip formats. Over 15GB of .tar.gz files got converted in this experiment, showing on average about 15% space reduction. While it is not practical to "just convert" all files and no comparison of CPU usage has been done it is nevertheless an interesting perspective for people with slower internet connections.

3.  Gentoo international

Germany: gentoo.de asks 'Are you Gentoo?'

Inspired by a code-snippet posted by Forums moderator slick, the German not-for-profit association created a quiz on their community-site, asking "Are you Gentoo?" The survey contains 20 questions, some of them easy to answer, some tricky ones and some questions which need a solid understanding of Gentoo's basics. Everyone who answers all 20 questions correctly can take part in a raffle where the 'Friends of Gentoo e.V.' offer three prizes, including a Gentoo shirt and mousepad. If your German is up to the task, take the challenge and solve the quiz.

4.  Gentoo in the press

Desktop Linux (2 May 2006)

Desktop Linux finds two articles in other online magazines make for "interesting reading," reads them for us and quotes a few highlights. We're left with the choice of reading the original articles at eWeek.com (an enthusiastic post-release 2006.0 review) and Linux Watch (Steven Vaughn-Nichols' slightly more downbeat assessment that 'Gentoo is not for everyone'), or be content with what we find at Desktop Linux. Either way is just fine -- it'll stay within the range of Ziff Davies Holding publications, anyway.

Desktop Linux (2 May 2006)

SystemRescueCD's new version released last week made the news at Desktop Linux on the same day as the press clippings for Gentoo Linux 2006.0 mentioned just above. The French project provides a save-and-rescue Linux environment -- based on Gentoo -- with everything on board you might need for a system recovery, but also for administrative tasks like partitioning harddrives with QtParted, claims the announcement.

Distrowatch (3 May 2006)

Yet another distribution based on Gentoo, this one specializing in 64bit systems: Distrowatch reports about the latest release of RR64, probably because it's a full LiveDVD with Gnome and Xgl and whatnot inside. Fabio Erculiani's Italian Gentoo flavour, the RR series was featured in the GWN before.

5.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • Daniel Goller

Adds

The following developers recently joined the Gentoo project:

  • Mike Auty (ikelos) - VMware
  • Jon Hood (squinky86) - net-p2p, accessibility

Changes

The following developers recently changed roles within the Gentoo project:

  • Ferris McCormick (fmccor) - retired as developer relations lead
  • Jon Portnoy (avenj) - new devrel co-lead

6.  Gentoo Security

MPlayer: Heap-based buffer overflow

MPlayer contains multiple integer overflows that may lead to a heap-based buffer overflow.

For more information, please see the GLSA Announcement

X.Org: Buffer overflow in XRender extension

A buffer overflow in the XRender extension potentially allows any X.Org user to execute arbitrary code with elevated privileges.

For more information, please see the GLSA Announcement

ClamAV: Buffer overflow in Freshclam

Freshclam is vulnerable to a buffer overflow that could lead to execution of arbitrary code.

For more information, please see the GLSA Announcement

phpWebSite: Local file inclusion

Remote attackers can include local files which may lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

rsync: Potential integer overflow

An attacker having write access to an rsync module might be able to execute arbitrary code on an rsync server.

For more information, please see the GLSA Announcement

Mozilla Firefox: Potential remote code execution

The Mozilla Firefox 1.5 line is vulnerable to a buffer overflow in the JavaScript extension which may in theory lead to remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Nagios: Buffer overflow

Nagios is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code.

For more information, please see the GLSA Announcement

7.  Bugzilla

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 30 April 2006 and 07 May 2006, activity on the site has resulted in:

  • 771 new bugs during this period
  • 396 bugs closed or resolved during this period
  • 35 previously closed bugs were reopened this period

Of the 9947 currently open bugs: 60 are labeled 'blocker', 143 are labeled 'critical', and 529 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

8.  GWN feedback

Please send us your feedback and help make the GWN better.

9.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

10.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated May 8, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 8 May 2006.

Ulrich Plate
Editor

John N. Laliberte
Author

Patrick Lauer
Author

Tobias Scherbaum
Author

George Shapovalov
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.