Gentoo Logo

Gentoo Weekly Newsletter: 8 October 2007

Content:

1.  Gentoo News

Gentoo VDR Updates

The Gentoo VDR Project (VDR=Video Disk Recorder) has recently created a mailing-list for VDR on Gentoo specific topics. This includes the usual help on problems regarding the Video Disk Recorder, it's plugins, the ebuilds and related third-party apps. The announcement of new packages and important updates related to the Gentoo VDR Project will also take place here.

More information (including how to subscribe) on this and other available lists can be found here.

The list is archived at archives.gentoo.org or alternatively at GMANE.

To supply power-users with the newest development version (vdr-1.5) of VDR we created a new overlay some weeks ago. The overlay can be activated using app-portage/layman: layman -a vdr-1.5. This overlay at the moment provides media-video/vdr-1.5.9 plus some plugins that only work with development-version.

Gentoo PHP masks php-4

The Gentoo PHP team announced the masking of php-4, which is anticipated to happen around Oct 18th. Sadly this step was necessary due to php-4 upstream delays and the substantial number of possible security vulnerabilities - see GLSA 200710-02 for a list of php-5 problems (not all of them necessarily affect php-4). Due in part to upstream delays and the lack of Gentoo PHP team resources, it was decided that php-4 will be masked but still be kept in the tree until at least the end of the year, which is the date where php-4 support officially ends.

2.  Heard in the Community

planet.gentoo.org

Markus Ullmann discusses the online package index site being down, then provides an example implementation on his blog using Python. This implementation is being considered as a possible solution instead of the original code. The original code was a topic of discussion in the recent Council meeting, where the Infrastructure team indicates that the original code may not come back.

gentoo-au

Australia: Gentoo Mini-conf in Melbourne

linux.conf.au, Australia's annual technical conference about Free Software. Fun, informal, and seriously technical, linux.conf.au draws together Free and Open Source Software developers from across the world. It will be held from January 28th to February 2nd, 2008 at the University of Melbourne. This year it will also feature a half-day mini-conf about Gentoo on Tuesday 29th.

Some talks have been organized, but more are needed. There are speaking slots for 50 minute, 25 minute, or 10 minute lightning talks. If you are interested in attending or presenting, please contact Mark Kowarsky.

3.  Gentoo developer moves

Moves

The following developers recently left the Gentoo project:

  • none this week

Adds

The following developers recently joined the Gentoo project:

  • Mike Pagano (mpagano) Gentoo Kernel

Changes

The following developers recently changed roles within the Gentoo project:

  • none this week

4.  Gentoo security

KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow

KPDF includes code from xpdf that is vulnerable to a stack-based buffer overflow.

For more information, please see the GLSA Announcement

NX 2.1: User-assisted execution of arbitrary code

NX in the 2.1 series uses XFree86 4.3 code which is prone to an integer overflow vulnerability.

For more information, please see the GLSA Announcement

SKK Tools: Insecure temporary file creation

SKK insecurely creates temporary files.

For more information, please see the GLSA Announcement

X Font Server: Multiple Vulnerabilities

Three vulnerabilities have been discovered in the X Font Server possibly allowing local attackers to gain elevated privileges.

For more information, please see the GLSA Announcement

T1Lib: Buffer overflow

T1Lib is vulnerable to a buffer overflow allowing for the user-assisted execution of arbitrary code.

For more information, please see the GLSA Announcement

Ampache: Multiple vulnerabilities

An SQL injection vulnerability and a possible identity theft have been discovered in Ampache.

For more information, please see the GLSA Announcement

DenyHosts: Denial of Service

DenyHosts does not correctly parse log entries, potentially causing a remote Denial of Service.

For more information, please see the GLSA Announcement

5.  Gentoo package moves

This section lists packages that have either been moved or added to the tree and packages that have had their "last rites" announcement given to be removed in the future. The package removals come from many locations, including the Treecleaners and various developers. Most packages which are listed under the Last Rites section are in need of some love and care and can remain in the tree if proper maintainership is established.

Last Rites:

Package: Removal date: Contact:
dev-db/mysql-administrator 30 Oct 2007 Sven Wegener
dev-db/mysql-query-browser 30 Oct 2007 Sven Wegener
dev-util/ladebug 01 Nov 2007 Christian Faulhammer
x11-wm/kahakai 02 Nov 2007 Joe Sapp
dev-php5/pecl-pdo 04 Nov 2007 Christian Hoffmann
dev-php5/pecl-pdo-dblib 04 Nov 2007 Christian Hoffmann
dev-php5/pecl-pdo-mysql 04 Nov 2007 Christian Hoffmann
dev-php5/pecl-pdo-oci 04 Nov 2007 Christian Hoffmann
dev-php5/pecl-pdo-odbc 04 Nov 2007 Christian Hoffmann
dev-php5/pecl-pdo-pgsql 04 Nov 2007 Christian Hoffmann
dev-php5/pecl-pdo-sqlite 04 Nov 2007 Christian Hoffmann
dev-lisp/gcl-cvs 05 Nov 2007 Marijn Schouten
games-fps/americas-army 05 Nov 2007 Chris Gianelloni
app-laptop/smcinit 06 Nov 2007 Michele Noberasco

Removals:

Package: Removal date: Contact:
dev-python/logging 06 Oct 2007 Ali Polatel
net-irc/nikibot 06 Oct 2007 Matti Bickel
media-libs/moodriver 06 Oct 2007 Samuli Suominen

Additions:

Package: Addition date: Contact:
dev-java/rjava 01 Oct 2007 Steve Arnold
dev-lang/idb 02 Oct 2007 Sebastien Fabbro
virtual/postgresql-libs 03 Oct 2007 Tiziano Müller
virtual/postgresql-server 03 Oct 2007 Tiziano Müller
dev-db/mysql-proxy 03 Oct 2007 Wolfram Schlich
media-tv/channeleditor 04 Oct 2007 Matthias Schwarzott
games-action/extreme-tuxracer 04 Oct 2007 Alfredo Tupone
sys-cluster/drbd-kernel 05 Oct 2007 Christian Zoffoli
media-sound/combine_wave 05 Oct 2007 Stefan Briesenick
dev-libs/libyaml 05 Oct 2007 Stefan Briesenick
dev-python/pysyck 05 Oct 2007 Stefan Briesenick
dev-python/pyyaml 05 Oct 2007 Stefan Briesenick
dev-python/cython 06 Oct 2007 Ali Polatel
dev-python/pyspf 06 Oct 2007 Daniel Black
mail-filter/pypolicyd-spf 06 Oct 2007 Daniel Black
mail-filter/dkim-milter 06 Oct 2007 Daniel Black
media-sound/pwavecat 06 Oct 2007 Stefan Briesenick
media-sound/substract_wave 06 Oct 2007 Stefan Briesenick
media-video/super_demux 06 Oct 2007 Stefan Briesenick
x11-themes/gtk-engines-ubuntulooks 07 Oct 2007 Samuli Suominen
media-plugins/vdr-remotetimers 07 Oct 2007 Matthias Schwarzott
app-arch/lzma-utils 07 Oct 2007 Mike Frysinger

6.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 30 September 2007 and 06 October 2007, activity on the site has resulted in:

  • 416 new bugs during this period
  • 248 bugs closed or resolved during this period
  • 18 previously closed bugs were reopened this period
  • 79 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this period
  • 63 bugs marked as duplicates during this period

Of the 9495 currently open bugs: 10 are labeled 'blocker', 97 are labeled 'critical', and 319 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period are:

New bug rankings

The developers and teams who have been assigned the most new bugs during this period are:

7.  GWN feedback

The GWN is staffed by volunteers and members of the community who submit ideas and articles. If you are interested in writing for the GWN, have feedback on an article that we have posted, or just have an idea or article that you would like to submit to the GWN, please send us your feedback and help make the GWN better.

8.  GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed under.

9.  Other languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated October 8, 2007

Summary: This is the Gentoo Weekly Newsletter for the week of 8 October 2007.

Chris Gianelloni
Editor

Christina Gianelloni
Editor

Matthias Schwarzott
Author

Christian Hoffmann
Author

Mark Kowarsky
Author

Christian Faulhammer
Author

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.