Gentoo Logo

Gentoo Weekly Newsletter: 1 October 2007

Content:

1.  Gentoo News

Gentoo PPC Updates

The Gentoo/PPC team held a meeting recently, a summary of the topics and discussion follows.

First, the PPC team would like to announce a new lead! Gysbert Wassenaar will be taking the Operational Manager position for Gentoo/PPC. This position fills the position required by the TLP. If you have any Gentoo/PPC project related questions, Gysbert will be handling them. Congratulations Gysbert!

Tobias Scherbaum has volunteered to work on updating the Gentoo/PPC website. If anyone has any content or suggestions for content, please let the team know.

Next, to help better represent the number of active PPC developers, it was proposed that the developers that are listed in the herd xml for PPC only contain the developers actively working on solving PowerPC bugs and/or working with users in the forums or IRC. To be considered "active" a developer must have worked on PPC bugs in the last 30 days or been active on the forums or IRC. Note that this does NOT mean that developers who are considered inactive will be removed from the PPC mailing alias or retired. This is simply meant to give other developers an idea of the size of the pool of active Gentoo/PPC developers and to give them a list of people who can actively answer their question, barring !away status that is.

Now, in terms of the Gentoo/PPC team, things aren't all that gloomy! Despite the lack of man-power, they've managed to keep up with the constant stream of keywording requests, and although perhaps a bit late at times, the current list doesn't look too bad. Still, the PPC team is always looking for more help! If you have a 32 bit PPC machine or a 64 bit PPC machine running a 32 bit userland and would either like to donate it or help the PPC team squish bugs, they would like to hear from you!

Finally, and this is a big one, the next release was discussed. The Gentoo/PPC team has decided to remain a supported arch and decided to do a release during the next release cycle. In a departure from previous releases, a combined PPC/PPC64 InstallCD was discussed. Such a CD will require coordination with the PPC64 team, but hopefully will end up resulting in less work for both teams.

Thanks to all who attended the meeting!

2.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • none this week

Adds

The following developers recently joined the Gentoo project:

  • none this week

Changes

The following developers recently changed roles within the Gentoo project:

  • Raúl Porcel (armin76) has joined Sparc

3.  Gentoo security

Lighttpd: Buffer overflow

Lighttpd is vulnerable to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

teTeX: Multiple buffer overflows

Multiple vulnerabilities have been discovered in teTeX, allowing for user-assisted execution of arbitrary code.

For more information, please see the GLSA Announcement

Bugzilla: Multiple vulnerabilities

Bugzilla contains several vulnerabilities, some of them possibly leading to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

RPCSEC_GSS library: Buffer overflow

A buffer overflow vulnerability has been discovered in librpcsecgss.

For more information, please see the GLSA Announcement

PHP: Multiple vulnerabilities

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code.

For more information, please see the GLSA Announcement

libvorbis: Multiple vulnerabilities

A buffer overflow vulnerability and several memory corruptions have been discovered in libvorbis.

For more information, please see the GLSA Announcement

libsndfile: Buffer overflow

A buffer overflow vulnerability has been discovered in libsndfile.

For more information, please see the GLSA Announcement

QGit: Insecure temporary file creation

A vulnerability has been discovered in QGit allowing local users to overwrite arbitrary files and execute arbitrary code with another user's rights.

For more information, please see the GLSA Announcement

OpenSSL: Multiple vulnerabilities

A buffer underflow vulnerability and an information disclosure vulnerability have been discovered in OpenSSL.

For more information, please see the GLSA Announcement

Tk: Buffer overflow

A buffer overflow vulnerability has been discovered in Tk.

For more information, please see the GLSA Announcement

4.  Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Removals:

Package: Removal date: Contact:
app-emacs/slime-cvs 26 Sep 2007 Ulrich Müller
media-sound/acast 27 Sep 2007 Samuli Suominen
media-sound/tunesbrowser 27 Sep 2007 Samuli Suominen
app-text/hspell 28 Sep 2007 Alon Bar-Lev
app-cdr/kover 28 Sep 2007 Wulf Krueger
dev-lang/gnat 29 Sep 2007 George Shapovalov
media-libs/gst-plugins 29 Sep 2007 Samuli Suominen
dev-ruby/ruby-gstreamer 29 Sep 2007 Samuli Suominen
media-plugins/gst-plugins-dts 29 Sep 2007 Samuli Suominen
media-plugins/gst-plugins-dvdnav 29 Sep 2007 Samuli Suominen
media-plugins/gst-plugins-pitfdll 29 Sep 2007 Samuli Suominen
media-plugins/gst-plugins-mikmod 29 Sep 2007 Samuli Suominen

Additions:

Package: Addition date: Contact:
media-video/gnome-mplayer 24 Sep 2007 Samuli Suominen
app-misc/ompload 25 Sep 2007 David Shakaryan
dev-scheme/hop 25 Sep 2007 Marijn Schouten
app-emulation/qemulator 25 Sep 2007 Sven Wegener
dev-perl/Math-Vec 26 Sep 2007 Hanno Boeck
net-irc/supybot-plugins 26 Sep 2007 Jim Ramsay
app-text/kding 26 Sep 2007 Timo Gurr
x11-wm/awesome 27 Sep 2007 Matsuu Takuto
x11-libs/libqxt 28 Sep 2007 Caleb Tennis
media-sound/mp3unicode 28 Sep 2007 Alon Bar-Lev
net-www/gecko-mediaplayer 30 Sep 2007 Samuli Suominen
net-libs/libntlm 30 Sep 2007 Andrej Kacian

Last Rites:

Package: Removal date: Contact:
app-emacs/speedbar 26 Oct 2007 Ulrich Müller

5.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 23 September 2007 and 29 September 2007, activity on the site has resulted in:

  • 454 new bugs during this period
  • 273 bugs closed or resolved during this period
  • 11 previously closed bugs were reopened this period
  • 80 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 73 bugs marked as duplicates during this period

Of the 9532 currently open bugs: 10 are labeled 'blocker', 100 are labeled 'critical', and 330 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

6.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

7.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

8.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated October 1, 2007

Summary: This is the Gentoo Weekly Newsletter for the week of 1 October 2007.

Chris Gianelloni
Editor

Christina Gianelloni
Editor

Joseph Jezak
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.