After several months of development, Xfce released version 4.4 last week. It was quickly added to the tree by Gentoo's Xfce team. The panel plugins and extra utilities have been updated, and some new applications have been added for 4.4. Use xfce-base/xfce4-extras to get them all, or choose the ones you want from the xfce-extra/ category.
Also, Peter Weller has been testing this release on Gentoo/FreeBSD and it seems to work pretty well, except for some programs which need minor fixing.
Second anniversary of Gentoo Forum Netherlands
On January 22nd, the Gentoo Forum Netherlands celebrated its 2nd anniversary. Started on January 22nd, 2005, GFN has grown into a community with more than 175 registred members. Forum questions are devotedly investigated, replied and followed until they are resolved. It is not only the advanced users' questions that are being answered, but questions from newcomers and the-not-so-battle-hardened users are investigated with the same amount of interest.
However, serious work must be enlightened by humour, games and chats. And that is the other bright side of GFN. The high number of posts (4572) in the Coffee Corner proves there are frequent sessions of chatting about non-serious subjects. Also, since a few weeks ago, GFN has had its own Unreal Tournament server, which is used often by the regular visitors. With this balance we spread the Gentoo spirit within a linguistic area counting 20 million people.
To find out more about Gentoo Forum Netherlands or to join, visit http://gentoo-forum.nl.
Gatt beta released
Arch testers' workload has been greatly eased, now that Matthias Langer's gatt program has been released. gatt helps with handling stabilization and keywording bugs. Interested people can always join an arch-team IRC channel (such as #gentoo-x86) to help out as an arch tester. All arch-teams can be found on the base project page.
New PS3 stages on mirrors
This week, the Gentoo Linux for PS3 development team released a new stage4 tarball. It's available for download on the mirrors, as are the snapshots used to build the stage4 repository.
USA: SCALE 5x, Los Angeles, CA
That's right! SCALE 5x is coming up quickly. The event runs February 10 through February 11th. Don't miss out on two mini-conferences held on the 9th, Women in Open Source and Open Source Healthcare.
You can find Gentoo at booth #63. Our development team is glad to present you the following list of developers that will be attending:
| Name | Nickname |
| Steve Arnold | nerdboy |
| Christel Dahlskjaer | christel |
| Steve Dibb | beandog |
| Mike Doty | kingtaco |
| Joshua Jackson | tsunam |
| Peter Johanson | latexer |
| Stephanie J. Lockwood-Childs | wormo |
| Elfyn McBratney | beu |
| Daniel Ostrow | dostrow |
| Joshua Saddler | nightmorph |
| David Shakaryan | omp |
| Chris White | chriswhite |
| Nicholas D. Wolfwood | blackace |
Some of the developers will also attending a live showing of Rocky Horror Picture Show on Saturday night, February 10.
Questions? Mail scale@gentoo.org, or ask the developers in person at SCALE. ;)
The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
Fetchmail: Denial of Service and password disclosure
Fetchmail has been found to have numerous vulnerabilities allowing for Denial of Service and password disclosure.
For more information, please see the GLSA Announcement
Mod_auth_kerb: Denial of Service
Mod_auth_kerb is vulnerable to a buffer overflow possibly allowing a Denial of Service.
For more information, please see the GLSA Announcement
Sun JDK/JRE: Multiple vulnerabilities
Multiple unspecified vulnerabilities have been identified in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE).
For more information, please see the GLSA Announcement
Adobe Acrobat Reader: Multiple vulnerabilities
Adobe Acrobat Reader is vulnerable to remote code execution, Denial of Service, and cross-site scripting attacks.
For more information, please see the GLSA Announcement
libgtop improperly handles filenames, possibly allowing for the execution of arbitrary code.
For more information, please see the GLSA Announcement
xine-ui: Format string vulnerabilities
xine-ui improperly handles format strings, possibly allowing for the execution of arbitrary code.
For more information, please see the GLSA Announcement
OpenLDAP: Insecure usage of /tmp during installation
A shell script commonly released with OpenLDAP makes insecure usage of files in /tmp during the emerge process.
For more information, please see the GLSA Announcement
Centericq: Remote buffer overflow in LiveJournal handling
Centericq does not properly handle communications with the LiveJournal service, allowing for the remote execution of arbitrary code.
For more information, please see the GLSA Announcement
MIT Kerberos 5: Arbitrary Remote Code Execution
Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the execution of arbitrary code.
For more information, please see the GLSA Announcement
Squid: Multiple Denial of Service vulnerabilities
Two vulnerabilities have been found in Squid which make it susceptible to Denial of Service attacks.
For more information, please see the GLSA Announcement
Cacti: Command execution and SQL injection
Cacti has three vulnerabilities that could allow shell command execution or SQL injection.
For more information, please see the GLSA Announcement
VLC media player: Format string vulnerability
VLC media player improperly handles format strings, allowing for the execution of arbitrary code.
For more information, please see the GLSA Announcement
X.Org X server: Multiple vulnerabilities
Sean Larsson from iDefense Labs has found multiple vulnerabilities in the DBE and Render extensions.
For more information, please see the GLSA Announcement
This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.
| Package: | Removal date: | Contact: |
| net-misc/bcm4400 | 23 Jan 2007 | Daniel Drake |
| dev-lang/cm3 | 24 Jan 2007 | Mike Frysinger |
| sys-apps/pcsc-ase-iiie-drv | 24 Jan 2007 | Alon Bar-Lev |
| media-libs/libmusepack | 25 Jan 2007 | Diego Pettenò |
| x11-themes/bmpx-themes | 27 Jan 2007 | Patrick McLean |
| media-libs/swfdec | 27 Jan 2007 | Raúl Porcel |
| dev-java/jakarta-tomcat-jasper | 27 Jan 2007 | William Thomson |
| app-emulation/i8086emu | 28 Jan 2007 | Denis Dupeyron |
| dev-ada/asis | 28 Jan 2007 | George Shapovalov |
| net-im/mercury-bin | 28 Jan 2007 | Gustavo Felisberto |
| Package: | Addition date: | Contact: |
| app-text/gnochm | 22 Jan 2007 | Ryan Hill |
| app-portage/gatt-svn | 23 Jan 2007 | Christian Faulhammer |
| dev-perl/Sys-Statistics-Linux | 23 Jan 2007 | Michael Cummings |
| xfce-extra/xfce4-timer | 23 Jan 2007 | Peter Weller |
| dev-java/fontbox | 24 Jan 2007 | Petteri Räty |
| dev-scheme/scm | 24 Jan 2007 | Marijn Schouten |
| app-admin/pprocm | 25 Jan 2007 | Michael Cummings |
| dev-perl/GD-Barcode | 25 Jan 2007 | Christian Hartmann |
| dev-java/rundoc | 25 Jan 2007 | Petteri Räty |
| net-p2p/bitstormlite | 26 Jan 2007 | Raúl Porcel |
| dev-java/snip | 26 Jan 2007 | Petteri Räty |
| app-doc/linux-kernel-in-a-nutshell | 26 Jan 2007 | Mike Frysinger |
| net-p2p/dbhub | 26 Jan 2007 | Raúl Porcel |
| net-misc/tipcutils | 26 Jan 2007 | Gustavo Zacarias |
| dev-lang/xsb | 28 Jan 2007 | Keri Harris |
| x11-plugins/compiz-extra | 28 Jan 2007 | Hanno Boeck |
| media-libs/wxsvg | 28 Jan 2007 | Ryan Hill |
| app-text/searchmonkey | 28 Jan 2007 | Raúl Porcel |
| sys-fs/davl | 28 Jan 2007 | Raúl Porcel |
| Package: | Removal date: | Contact: |
| mail-client/ximian-connector | 24 Feb 07 | Daniel Gryniewicz |
| net-misc/e100 | 24 Mar 07 | Alec Warner |
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 21 January 2007 and 28 January 2007, activity on the site has resulted in:
Of the 10729 currently open bugs: 19 are labeled 'blocker', 106 are labeled 'critical', and 454 are labeled 'major'.
The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: