Gentoo Logo

Gentoo Weekly Newsletter: 18 December 2006

Content:

1.  Gentoo News

EFIKA overlay opens

In a follow-up to last week's announcement that the EFIKA evaluation boards from Genesi had made their way into developer hands, the Gentoo/PPC team, in cooperation with Release Engineering, has made available an overlay for the EFIKA boards. Currently, the overlay has only sys-kernel/efika-sources, which is based on gentoo-sources, plus the EFIKA-specific patches to 2.6.19 that are required. Any future EFIKA-specific packages will start life out in the overlay before eventually making their way into the main tree. The overlay is currently supported by the Release Engineering team.

There is also a #gentoo-efika channel on Freenode for discussions about the EFIKA hardware and software, as well as general discussion of the platform.

2.  Heard in the community

gentoo-installer

Quickstart 0.3 Released

Andrew Gaffney wrote to inform people that version 0.3 of Quickstart has been released. Quickstart is a provisioning tool, designed to use a simple configuration file to provision new Gentoo machines from bare metal. There have been numerous changes and bug fixes since 0.2, some of which are below.

  • partitioning and bootloader code redesigned to allow for arch-specific code for each
  • x86/amd64 partitioning support rewritten using fdisk instead of sfdisk, since sfdisk isn't in busybox
  • sun disklabel and partitioning support implemented
  • sun bootloader (silo) support added (not yet tested)
  • hppa partitioning (uses x86 code) and bootloader (palo) support added and tested

With this release, x86/amd64/hppa are officially supported. Support for sparc is experimental and expected to be fully supported with the next release. You can find Quickstart at http://agaffney.org/quickstart/releases.

3.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • none this week

Adds

The following developers recently joined the Gentoo project:

  • Christian Marie (pingu) mozilla team

Changes

The following developers recently changed roles within the Gentoo project:

  • none this week

4.  Gentoo security

Tar: Directory traversal vulnerability

Tar is vulnerable to directory traversal possibly allowing for the overwriting of arbitrary files.

For more information, please see the GLSA Announcement

AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities

OpenSSL contains multiple vulnerabilities including the possible execution of remote arbitrary code.

For more information, please see the GLSA Announcement

F-PROT Antivirus: Multiple vulnerabilities

F-Prot Antivirus contains a buffer overflow and other unspecified vulnerabilities, possibly allowing the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

libgsf: Buffer overflow

libgsf improperly allocates memory allowing for a heap overflow and possibly the execution of arbitrary code.

For more information, please see the GLSA Announcement

Trac: Cross-site request forgery

Trac allows remote attackers to execute unauthorized actions as other users.

For more information, please see the GLSA Announcement

McAfee VirusScan: Insecure DT_RPATH

McAfee VirusScan for Linux is distributed with an insecure DT_RPATH, potentially allowing a remote attacker to execute arbitrary code.

For more information, please see the GLSA Announcement

Links: Arbitrary Samba command execution

Links does not properly validate "smb://" URLs, making it vulnerable to the execution of arbitrary Samba commands.

For more information, please see the GLSA Announcement

GNU Radius: Format string vulnerability

A format string vulnerability has been found in GNU Radius, which could lead to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

5.  Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Additions:

Package: Addition date: Contact:
sci-biology/amap 11 Dec 06 Donnie Berkholz
virtual/init 12 Dec 06 Roy Marples
games-fps/ut2004-unwheel 12 Dec 06 Chris Gianelloni
dev-libs/libisofs 13 Dec 06 Steve Dibb
games-fps/ut2004-damnation 13 Dec 06 Chris Gianelloni
games-fps/ut2004-muralis 13 Dec 06 Chris Gianelloni
net-print/splix 14 Dec 06 Wolfram Schlich
x11-libs/goocanvas 14 Dec 06 Michael Hanselmann
dev-python/pygoocanvas 14 Dec 06 Michael Hanselmann
games-fps/ut2004-troopers 15 Dec 06 Chris Gianelloni
app-cdr/poweriso 16 Dec 06 Jurek Bartuszek
app-crypt/asedriveiiie-usb 16 Dec 06 Alon Bar-Lev
app-crypt/asedriveiiie-serial 16 Dec 06 Alon Bar-Lev
app-crypt/asekey 16 Dec 06 Alon Bar-Lev
x11-libs/xcb-util 16 Dec 06 Joshua Baergen
dev-ruby/ruby-pcap 17 Dec 06 Nguyen Thai Ngoc Duy
dev-python/glewpy 17 Dec 06 Joshua Baergen
dev-cpp/libgtksourceviewmm 17 Dec 06 Rémi Cardona
media-plugins/gst-plugins-pulse 17 Dec 06 Jim Ramsay
dev-util/nemiver 17 Dec 06 Rémi Cardona

Removals:

Package: Removal date: Contact:
games-fps/ut2004-domain2049 12 Dec 06 Chris Gianelloni
dev-db/dbbalancer 17 Dec 06 Tiziano Müller

Last Rites:

Package: Removal date: Contact:
net-misc/cidr 25 Dec 06 Elfyn McBratney
dev-util/mergetrees 25 Dec 06 Elfyn McBratney
sys-fs/submount 02 Jan 07 Daniel Drake
games-fps/doomlegacy 13 Jan 07 Michael Sterrett
kde-misc/styleclock 13 Jan 07 Charlie Shepherd
media-sound/xmp 14 Jan 07 Michael Sterrett
app-emulation/i8086emu 14 Jan 07 Michael Sterrett
net-p2p/xmule 15 Jan 07 Christian Faulhammer
net-misc/ltsp 15 Jan 07 Christian Faulhammer
app-misc/nomad-tool 15 Jan 07 George Shapovalov

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 10 December 2006 and 17 December 2006, activity on the site has resulted in:

  • 649 new bugs during this period
  • 342 bugs closed or resolved during this period
  • 25 previously closed bugs were reopened this period
  • 143 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 163 bugs marked as duplicates during this period

Of the 10688 currently open bugs: 25 are labeled 'blocker', 96 are labeled 'critical', and 430 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated December 18, 2006

Summary: This is the Gentoo Weekly Newsletter for the week of 18 December 2006.

Ulrich Plate
Editor

Chris Gianelloni
Author

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.