Gentoo Logo

Gentoo Weekly Newsletter: 2 October 2006

Content:

1.  Gentoo news

2006.1 media available on the store

Starting today, the 2006.1 release of Gentoo Linux is available from the official Gentoo Store. If you are looking for a way to support Gentoo development, five dollars from every CD sale goes directly to the Gentoo Foundation. Besides the 2006.1 media, there are hats, stickers, mouse pads, shirts, sweatshirts, and even a Gentoo clock!

Openoffice.org template/clipart competition

Openoffice.org's Documentation Project is holding a competition for templates and clipart, to be included in future versions of Openoffice.org. The contest is being sponsored by WorldLabel.com and has several prizes to win. The goal of the project is to increase the amount and quality of OpenDocument formatted templates for Openoffice.org users. For more information, check out the OO.o Documentation Project's home page at http://documentation.openoffice.org/

2.  Gentoo International

Denmark: LinuxParty, Roskilde

Linuxparty.dk Roskilde 2006 was held on 22 September 2006 through 24 September 2006 in Roskilde, Denmark. Attending the meeting were four Gentoo developers and one former developer, as well as many Danish Gentoo users. Bryan Østergaard gave two talks. One was about being a part of a large open source project such as Gentoo, and the other was about SELinux.

3.  Tips and Tricks

Using 'until' with portage

Have you ever updated your world or system and walked away only to come back several hours later to find out the update did not complete because a package failed?

The following simple command list and bash 'until' command will let you update your world or system to completion and skip those packages that failed:

Code Listing 3.1: Using until to skip broken packages

# sudo emerge -Du world ||
# until sudo emerge --resume --skipfirst; do
# sudo emerge --resume --skipfirst; done

Once the command list completes, you can find out which packages failed by running the following command:

Code Listing 3.2: Checking for failed packages

# emerge -Dup world

Warning: Under certain circumstances, this can yield an unusable system. Always check the output of emerge -Dup world prior to using this tip.

4.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • Sven Vermeulen (swift)

Adds

The following developers recently joined the Gentoo project:

  • Tristan Heaven (nyhm) Games Team
  • Tiziano Müller (dev-zero) PostgreSQL Team
  • Jim Ramsay (lack) Rox Team

Changes

The following developers recently changed roles within the Gentoo project:

  • none this week

5.  Gentoo security

ImageMagick: Multiple Vulnerabilities

Multiple buffer overflows have been discovered in ImageMagick, which could potentially result in the execution of arbitrary code.

For more information, please see the GLSA Announcement

GnuTLS: RSA Signature Forgery

GnuTLS fails to handle excess data which could allow an attacker to forge a PKCS #1 v1.5 signature.

For more information, please see the GLSA Announcement

Tikiwiki: Arbitrary command execution

Tikiwiki contains a cross-site scripting (XSS) vulnerability as well as a second vulnerability which may allow remote execution of arbitrary code.

For more information, please see the GLSA Announcement

OpenSSH: Denial of Service

A flaw in the OpenSSH daemon allows remote unauthenticated attackers to cause a Denial of Service.

For more information, please see the GLSA Announcement

Opera: RSA signature forgery

Opera fails to correctly verify certain signatures.

For more information, please see the GLSA Announcement

Mozilla Firefox: Multiple vulnerabilities

The Mozilla Foundation has reported numerous vulnerabilities in Mozilla Firefox, including one that may allow execution of arbitrary code.

For more information, please see the GLSA Announcement

DokuWiki: Shell command injection and Denial of Service

DokuWiki is vulnerable to shell command injection and Denial of Service attacks when using ImageMagick.

For more information, please see the GLSA Announcement

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 24 September 2006 and 01 October 2006, activity on the site has resulted in:

  • 798 new bugs during this period
  • 470 bugs closed or resolved during this period
  • 25 previously closed bugs were reopened this period
  • 147 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 174 bugs marked as duplicates during this period

Of the 11209 currently open bugs: 33 are labeled 'blocker', 122 are labeled 'critical', and 525 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  GWN feedback

Please send us your feedback and help make the GWN better.

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated October 2, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 2 October 2006.

Ulrich Plate
Editor

Steven W. Elling
Author

Chris Gianelloni
Author

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.