Gentoo Weekly Newsletter: 11 December 2006

1.  Gentoo News

EFIKA boards shipped

Christmas came a little early this year for the Gentoo/PPC team and others. A number of developers received the EFIKA, an evaluation board from Genesi built around the MPC5200B PowerPC SoC (System on Chip) running at 400MHz. Also included on the board is 128MB of DDR memory, 10/100 ethernet, 2 USB 1.1 ports, 1 PCI/AGP slot, and sound with optical out.

The Gentoo/PPC team, along with Release Engineering, are working on both detailed instructions for installing Gentoo on the EFIKA, as well as CD media capable of booting the EFIKA from USB. Gentoo would like to thank Genesi for its continued support and Freescale for providing the funding to make this program possible.

For more information on the EFIKA, or to buy one yourself, visit Genesi's EFIKA page.

2.  Heard in the community

forums.gentoo.org

D-Bus 1.0.1 has been ~amd64'd

D-Bus, the inter-process communications program, has reached its 1.0 milestone and the resultant 1.0.2 ebuild is in testing. That is the good news. The bad news is that the ABI (application binary interface) was radically shifted from the prior 0.6x releases now stable in portage. Though the title mentions only amd64, it is in testing on multiple architectures.

Emopig issued a warning to his fellow users that when he followed the ebuild's instruction to run revdep-rebuild the resulting list of packages to be re-merged was non-trivial (54 packages for him). Others seconded that, particularly Gnome users. The damage on the KDE side seemed confined to the kde-kioslaves package.

6thpink suggested that users install the binding packages dbus-glib, dbus-python and dbus-qt3-old since the base dbus package no longer had USE flags for python, qt3 or the like. This seemed to help at least one user.

• http://forums.gentoo.org/viewtopic-t-521973.html

Goodbye, Gentoo

Forums user beazizo has returned after an 18 month absence and said "I must say, it [gentoo] is MUCH better than it was back then. It took me less than a day to get a system up to a point where I had all the apps installed that I was running in Ubuntu (and running much faster). I felt comfortable enough to blow away my Ubuntu install. Good work Gentoo team!"

Welcome back to Gentoo, beazizo.

• https://forums.gentoo.org/viewtopic-p-3772054.html#3772054

gentoo-user

gnome-screensaver requires emacs?

Chris Bare was trying to install gnome-screensaver, with the following result:

# emerge emerge -pv --tree gnome-screensaver

These are the packages that would be merged, in reverse order:

Calculating dependencies... done!
 [ebuild  N    ] gnome-extra/gnome-screensaver-2.14.2  USE="pam xinerama -debug
 -doc" 1,872 kB 
 [ebuild  N    ] app-xemacs/emerge-1.09  59 kB 
 [ebuild  N    ]  app-editors/xemacs-21.4.17  USE="X berkdb gpm jpeg png tiff
 -Xaw3d -athena -canna -dnd -freewnn -ldap -motif -mule -nas -neXt -postgres
 -xface" 10,377 kB

He wanted to know why gnome-screensaver seemed, against all logic, to depend on xemacs.

Etaoin Shrdlu spotted the real problem. (Did you?) Chris had typed emerge emerge and portage thought he wanted to emerge the app-xemacs/emerge package and its dependencies.

This serves as a useful warning, since we all make such a mistakes sometimes.

• http://archives.gentoo.org/gentoo-user/msg_105017.xml

gentoo-amd64

CFLAGS for Intel Core 2 CPUs

The Core 2 Duo is the flagship chip of Intel's CPU line and the "it" processor of the moment. Any right-thinking Gentoo-er has only one question: "What CFLAGS should I use for that bad boy?"

Michael Weyershäuser provided a pointer to a dirtyepic blog post that answered that question based on information from Intel itself. For GCC 4.1, Core Solo/Duo uses -march=prescott while the Core 2 Duo/Solo gets -march=nocona. For GCC 4.2, the -march is the same, but a -mtune=generic flag is added.

• http://archives.gentoo.org/gentoo-amd64/msg_14402.xml

3.  Gentoo International

Belgium: DonnaroomLAN, Arendonk

Dutch Documentation Lead Dimitry Bradt and other members of the Dutch community are organizing a LAN party event and are inviting the Dutch Gentoo community. The event takes place on Saturday 6 January 2007 and Sunday 7 January 2007 and is being held in Arendonk, Belgium, about half way between Antwerpen and Eindhoven.

For more information, please visit the home page.

4.  Gentoo in the press

Linux.com (7 December 2006)

Several developers were contacted from several distributions by the article's author, Mayank Sharma, about their distribution's security practices. Mayank spoke with developers from Red Hat, Novell, CentOS, Debian, and, of course, Gentoo. He explains the different methodologies used by the distributions, as well as points out some differences between the community and commercial distributions.

• http://specialreports.linux.com/specialreports/06/12/04/072249.shtml

5.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

• none this week

Adds

The following developers recently joined the Gentoo project:

• Peter Weller (welp) AMD64/Bugday/XFCE

Changes

The following developers recently changed roles within the Gentoo project:

• Stephen Bennet (spb) joined Bugday team

6.  Gentoo security

wv library: Multiple integer overflows

The wv library is vulnerable to multiple integer overflows which could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

xine-lib: Buffer overflow

xine-lib is vulnerable to a buffer overflow in the Real Media input plugin, which could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement

GnuPG: Multiple vulnerabilities

GnuPG is vulnerable to a buffer overflow and an erroneous function pointer dereference that can result in the execution of arbitrary code.

For more information, please see the GLSA Announcement

ModPlug: Multiple buffer overflows

ModPlug contains several boundary errors that could lead to buffer overflows resulting in the possible execution of arbitrary code.

For more information, please see the GLSA Announcement

KOffice shared libraries: Heap corruption

An integer overflow in koffice-libs allows for a Denial of Service and possibly the execution of arbitrary code when viewing malicious PowerPoint files.

For more information, please see the GLSA Announcement

Mozilla Thunderbird: Multiple vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Thunderbird.

For more information, please see the GLSA Announcement

Mozilla Firefox: Multiple vulnerabilities

Multiple vulnerabilities have been reported in Mozilla Firefox.

For more information, please see the GLSA Announcement

SeaMonkey: Multiple vulnerabilities

Multiple vulnerabilities have been identified in the SeaMonkey project.

For more information, please see the GLSA Announcement

MadWifi: Kernel driver buffer overflow

MadWifi is vulnerable to a buffer overflow that could potentially lead to the remote execution of arbitrary code with root privileges.

For more information, please see the GLSA Announcement

7.  Upcoming package removals

This is a list of packages that have been announced to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers.

Last Rites:

8.  Bugzilla

Summary

• Statistics
• Closed bug ranking
• New bug rankings

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 03 December 2006 and 10 December 2006, activity on the site has resulted in:

• 724 new bugs during this period
• 427 bugs closed or resolved during this period
• 25 previously closed bugs were reopened this period
• 146 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
• 163 bugs marked as duplicates during this period

Of the 10699 currently open bugs: 26 are labeled 'blocker', 104 are labeled 'critical', and 447 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

• Default Assignee for Orphaned Packages, with 22 closed bugs
• XFCE Team, with 20 closed bugs
• dotnet AT gentoo DOT org, with 16 closed bugs
• Gentoo's Team for Core System packages, with 14 closed bugs
• Gentoo Catalyst Developers, with 13 closed bugs
• Gentoo/BSD Team, with 13 closed bugs
• Roy Marples, with 11 closed bugs
• Gnustep herd, with 11 closed bugs

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

• Default Assignee for New Packages, with 29 new bugs
• Default Assignee for Orphaned Packages, with 11 new bugs
• Bryan Østergaard, with 10 new bugs
• AMD64 Project, with 9 new bugs
• Gentoo X-windows packagers, with 7 new bugs
• Gentoo Sound Team, with 7 new bugs
• mips team, with 6 new bugs
• media-video herd, with 6 new bugs

9.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

10.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

11.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

• Chinese (Simplified)
• Danish
• Dutch
• English
• German
• Greek
• French
• Korean
• Japanese
• Italian
• Polish
• Portuguese (Brazil)
• Portuguese (Portugal)
• Russian
• Slovak
• Spanish
• Turkish