Gentoo Logo

Gentoo Weekly Newsletter: 26 March 2007

Content:

1.  Developer of the Week

Developer of the week: Daniel Drake (dsd)


Figure 1.1: Daniel Drake, aka dsd

Fig. 1: dsd

Twenty year old Daniel Drake is one of the Gentoo Linux kernel team and is in the middle getting a Computer Science masters degree. He's studying at the University of Manchester, UK, but this year, Daniel is doing an industrial placement working for Brontes Technologies in the US. Brontes is building a handheld 3D medical imaging device based on Gentoo Linux and using some custom software. You can find info about them at http://www.brontes3d.com.

Daniel started using Linux around March 1999, but then suddenly dropped it. In 2003, he started using it again and in 2004 he started developing. Gentoo developer Seemant Kulleen mentored him during that time. Although we all know of Daniel's work as a kernel developer, he didn't actually start in the Gentoo Linux kernel development team. Daniel used to develop GNOME and Mono, which he still does when he finds the time. At the moment, Daniel is handling 2.6 kernel bugs, kernel maintenance in Gentoo Linux and working on 2 projects: drivers for USB-WLAN adapters, and reverse engineering Microsoft fingerprint scanning devices.

Daniel likes music a lot. His taste mostly revolves around non-mainstream rock, such as The Beta Band, Mogwai and Soulwax. Though Daniel doesn't have a lot of free time, he often enjoys his student life, by going out and reading a good book. He also likes to go to conferences, and organized the Gentoo UK event last year.

When Daniel fires up his desktop, he uses: GNOME, vim, git, Mozilla Firefox, audacious, Mozilla Thunderbird and irssi.

2.  Gentoo International

Germany, Gentoo Village, Berlin

Instead of holding another Gentoo Summer Camp this year, there will be a Gentoo Village at Chaos Communication Camp 2007. The Chaos Communication Camp is from 8 August to 12 August at Finow airport in Berlin. All Gentoo users can camp together at the Gentoo Village, a small part of the camping ground. If you need more details on the CCC you can look at the blog. There is also a video documentation of the CCC 2003 provided.

A program focusing on Gentoo is planned, but not yet ready. If you want to contribute e.g held a speech, please write about it in the Wiki.

3.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • none this week

Adds

The following developers recently joined the Gentoo project:

  • Anant Narayanan (anant) PHP
  • Bernard Cafarelli (voyageur) NX
  • Antoine Raillon (cab) perl

Changes

The following developers recently changed roles within the Gentoo project:

  • none this week

4.  Gentoo security

Note: Due to a mistake by the GWN staff, last week's security report was empty. The report this week has last week's and this week's data.

Amarok: User-assisted remote execution of arbitrary code

The Magnatune component shipped with Amarok is vulnerable to the injection of arbitrary shell code from a malicious Magnatune server.

For more information, please see the GLSA Announcement

SILC Server: Denial of Service

SILC Server is affected by a Denial of Service vulnerability.

For more information, please see the GLSA Announcement

SSH Communications Security's Secure Shell Server: SFTP privilege escalation

The SSH Secure Shell Server SFTP function is vulnerable to privilege escalation.

For more information, please see the GLSA Announcement

Asterisk: SIP Denial of Service

Asterisk is vulnerable to Denial of Service in the SIP channel.

For more information, please see the GLSA Announcement

PostgreSQL: Multiple vulnerabilities

PostgreSQL contains two vulnerabilities that could result in a Denial of Service or unauthorized access to certain information.

For more information, please see the GLSA Announcement

Apache JK Tomcat Connector: Remote execution of arbitrary code

The Apache Tomcat Connector (mod_jk) contains a buffer overflow vulnerability that could result in the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

ulogd: Remote execution of arbitrary code

ulogd contains a possible buffer overflow potentially allowing for the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

Mozilla Thunderbird: Multiple vulnerabilities

Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of which may allow user-assisted arbitrary remote code execution.

For more information, please see the GLSA Announcement

LTSP: Authentication bypass in included LibVNCServer code

LTSP includes a version of libVNCServer that is vulnerable to an authentication bypass.

For more information, please see the GLSA Announcement

LSAT: Insecure temporary file creation

LSAT insecurely creates temporary files which can lead to symlink attacks allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement

PHP: Multiple vulnerabilities

PHP contains several vulnerabilities including a heap buffer overflow, potentially leading to the remote execution of arbitrary code under certain conditions.

For more information, please see the GLSA Announcement

Mozilla Network Security Service: Remote execution of arbitrary code

The Mozilla Network Security Services libraries are vulnerable to two buffer overflows that could result in the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

WordPress: Multiple vulnerabilities

Wordpress contains several cross-site scripting, cross-site request forgery and information leak vulnerabilities.

For more information, please see the GLSA Announcement

5.  Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Removals:

Package: Removal date: Contact:
app-portage/emool 19 Mar 2007 Simon Stelling
www-client/mozilla 19 Mar 2007 Raúl Porcel
www-client/mozilla-bin 19 Mar 2007 Raúl Porcel
games-fps/cube 20 Mar 2007 Michael Sterrett
media-sound/mute 20 Mar 2007 Hanno Boeck
games-emulation/mupen64-jttl_sound 20 Mar 2007 Tristan Heaven
games-emulation/mupen64-glN64 20 Mar 2007 Tristan Heaven
games-emulation/mupen64-blight-input 20 Mar 2007 Tristan Heaven
xfce-extra/xfce4-artwork 22 Mar 2007 Samuli Suominen
xfce-extra/xfce4-bglist-editor 22 Mar 2007 Samuli Suominen
xfce-extra/xfce4-megahertz 22 Mar 2007 Samuli Suominen
xfce-extra/xfce4-modemlights 22 Mar 2007 Samuli Suominen
xfce-extra/xfce4-panelmenu 22 Mar 2007 Samuli Suominen
xfce-extra/xfce4-websearch 22 Mar 2007 Samuli Suominen
net-analyzer/netwatch 22 Mar 2007 Markus Ullmann
media-libs/libhydrogen 24 Mar 2007 Stefan Schweizer
media-video/xiron 24 Mar 2007 Stefan Schweizer
app-i18n/skkinput 24 Mar 2007 Stefan Schweizer
dev-perl/Text-ChaSen 24 Mar 2007 Michael Cummings

Additions:

Package: Addition date: Contact:
sci-chemistry/bodr 19 Mar 2007 Marcus D. Hanwell
sci-mathematics/pspp 19 Mar 2007 Sebastien Fabbro
media-libs/libzzub 20 Mar 2007 Hanno Boeck
dev-python/pyzzub 20 Mar 2007 Hanno Boeck
media-sound/aldrin 20 Mar 2007 Hanno Boeck
dev-libs/libmowgli 20 Mar 2007 Tony Vroon
x11-misc/beryl-settings-bindings 21 Mar 2007 Joshua Jackson
x11-wm/aquamarine 21 Mar 2007 Joshua Jackson
sci-libs/arpack 22 Mar 2007 Sebastien Fabbro
media-sound/shell-fm 23 Mar 2007 Mike Kelly
games-arcade/openbubbles 24 Mar 2007 Alfredo Tupone
gnome-base/libgnomekbd 24 Mar 2007 Daniel Gryniewicz
sys-devel/remake 24 Mar 2007 Mike Frysinger
games-arcade/afternoonstalker 24 Mar 2007 Alfredo Tupone
dev-python/pp 24 Mar 2007 Tiziano Müller
sys-auth/consolekit 24 Mar 2007 Stephen Klimaszewski
sci-geosciences/marble 24 Mar 2007 Marcus D. Hanwell
games-sports/toycars 25 Mar 2007 Alfredo Tupone
xfce-base/libxfce4menu 25 Mar 2007 Samuli Suominen
media-video/gtk-recordmydesktop 25 Mar 2007 Alexis Ballier
dev-java/bcmail 25 Mar 2007 William Thomson

Last Rites:

Package: Removal date: Contact:
media-libs/hermes 19 Apr 2007 Michael Sterrett
games-sports/trophy 19 Apr 2007 Michael Sterrett
games-action/clanbomber 19 Apr 2007 Michael Sterrett
games-puzzle/pingus 19 Apr 2007 Michael Sterrett
games-strategy/mylink 21 Apr 2007 Michael Sterrett
xfce-extra/xfce4-windowlist 23 Apr 2007 Samuli Suominen
xfce-extra/xfce4-showdesktop 23 Apr 2007 Samuli Suominen
xfce-extra/xfce4-taskbar 23 Apr 2007 Samuli Suominen
xfce-extra/xfce4-minicmd 23 Apr 2007 Samuli Suominen
xfce-extra/xfce4-iconbox 23 Apr 2007 Samuli Suominen
xfce-extra/xfce4-trigger-launcher 23 Apr 2007 Samuli Suominen
xfce-extra/xfce4-systray 23 Apr 2007 Samuli Suominen
xfce-extra/xfce4-toys 23 Apr 2007 Samuli Suominen
x11-libs/libzvt 24 Apr 2007 Stefan Schweizer
app-admin/gnomesu 24 Apr 2007 Stefan Schweizer
app-admin/xsu2 24 Apr 2007 Stefan Schweizer
x11-misc/root-portal 24 Apr 2007 Stefan Schweizer
media-video/spca5xx 24 Apr 2007 Mike Doty
media-video/gspca 24 Apr 2007 Mike Doty
virtual/x11 25 Apr 2007 Stefan Schweizer

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 18 March 2007 and 25 March 2007, activity on the site has resulted in:

  • 552 new bugs during this period
  • 372 bugs closed or resolved during this period
  • 18 previously closed bugs were reopened this period
  • 107 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 80 bugs marked as duplicates during this period

Of the 10246 currently open bugs: 17 are labeled 'blocker', 102 are labeled 'critical', and 403 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated March 26, 2007

Summary: This is the Gentoo Weekly Newsletter for the week of 26 March 2007.

Chris Gianelloni
Editor

Dimitry Bradt
Author

Uwe Hoelzel
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.