Gentoo Weekly Newsletter: 8 October 2007The Gentoo VDR Project (VDR=Video Disk Recorder) has recently created a mailing-list for VDR on Gentoo specific topics. This includes the usual help on problems regarding the Video Disk Recorder, it's plugins, the ebuilds and related third-party apps. The announcement of new packages and important updates related to the Gentoo VDR Project will also take place here. More information (including how to subscribe) on this and other available lists can be found here. The list is archived at archives.gentoo.org or alternatively at GMANE. To supply power-users with the newest development version (vdr-1.5) of VDR we created a new overlay some weeks ago. The overlay can be activated using app-portage/layman: layman -a vdr-1.5. This overlay at the moment provides media-video/vdr-1.5.9 plus some plugins that only work with development-version. The Gentoo PHP team announced the masking of php-4, which is anticipated to happen around Oct 18th. Sadly this step was necessary due to php-4 upstream delays and the substantial number of possible security vulnerabilities - see GLSA 200710-02 for a list of php-5 problems (not all of them necessarily affect php-4). Due in part to upstream delays and the lack of Gentoo PHP team resources, it was decided that php-4 will be masked but still be kept in the tree until at least the end of the year, which is the date where php-4 support officially ends. Markus Ullmann discusses the online package index site being down, then provides an example implementation on his blog using Python. This implementation is being considered as a possible solution instead of the original code. The original code was a topic of discussion in the recent Council meeting, where the Infrastructure team indicates that the original code may not come back. Australia: Gentoo Mini-conf in Melbourne linux.conf.au, Australia's annual technical conference about Free Software. Fun, informal, and seriously technical, linux.conf.au draws together Free and Open Source Software developers from across the world. It will be held from January 28th to February 2nd, 2008 at the University of Melbourne. This year it will also feature a half-day mini-conf about Gentoo on Tuesday 29th. Some talks have been organized, but more are needed. There are speaking slots for 50 minute, 25 minute, or 10 minute lightning talks. If you are interested in attending or presenting, please contact Mark Kowarsky. The following developers recently left the Gentoo project:
The following developers recently joined the Gentoo project:
The following developers recently changed roles within the Gentoo project:
KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow KPDF includes code from xpdf that is vulnerable to a stack-based buffer overflow. For more information, please see the GLSA Announcement NX 2.1: User-assisted execution of arbitrary code NX in the 2.1 series uses XFree86 4.3 code which is prone to an integer overflow vulnerability. For more information, please see the GLSA Announcement SKK Tools: Insecure temporary file creation SKK insecurely creates temporary files. For more information, please see the GLSA Announcement X Font Server: Multiple Vulnerabilities Three vulnerabilities have been discovered in the X Font Server possibly allowing local attackers to gain elevated privileges. For more information, please see the GLSA Announcement T1Lib is vulnerable to a buffer overflow allowing for the user-assisted execution of arbitrary code. For more information, please see the GLSA Announcement Ampache: Multiple vulnerabilities An SQL injection vulnerability and a possible identity theft have been discovered in Ampache. For more information, please see the GLSA Announcement DenyHosts does not correctly parse log entries, potentially causing a remote Denial of Service. For more information, please see the GLSA Announcement This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 30 September 2007 and 06 October 2007, activity on the site has resulted in:
Of the 9495 currently open bugs: 10 are labeled 'blocker', 97 are labeled 'critical', and 319 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better. 8. GWN subscription information To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|