[gentoo-gwn] Gentoo Weekly Newsletter 29 January 2007

[gentoo-gwn] Gentoo Weekly Newsletter 29 January 2007

[Chris Gianelloni]

[-- Attachment #1: Type: text/plain, Size: 22233 bytes --]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/20070129-newsletter.xml
This is the Gentoo Weekly Newsletter for the week of 29 January 2007.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

==============
1. Gentoo News
==============

Xfce 4.4 released
-----------------

After several months of development, Xfce[1] released version 4.4 last week.
It was quickly added to the tree by Gentoo's Xfce team[2]. The panel plugins
and extra utilities have been updated, and some new applications have been
added for 4.4. Use xfce-base/xfce4-extras to get them all, or choose the
ones you want from the xfce-extra/ category.

   1. http://www.xfce.org
   2. xfce@gentoo.org

Also, Peter Weller[3] has been testing this release on Gentoo/FreeBSD and it
seems to work pretty well, except for some programs which need minor fixing.

   3. welp@gentoo.org

Second anniversary of Gentoo Forum Netherlands
----------------------------------------------

On January 22nd, the Gentoo Forum Netherlands celebrated its 2nd
anniversary. Started on January 22nd, 2005, GFN has grown into a community
with more than 175 registred members. Forum questions are devotedly
investigated, replied and followed until they are resolved. It is not only
the advanced users' questions that are being answered, but questions from
newcomers and the-not-so-battle-hardened users are investigated with the
same amount of interest.

However, serious work must be enlightened by humour, games and chats. And
that is the other bright side of GFN. The high number of posts (4572) in the
Coffee Corner proves there are frequent sessions of chatting about
non-serious subjects. Also, since a few weeks ago, GFN has had its own
Unreal Tournament server, which is used often by the regular visitors. With
this balance we spread the Gentoo spirit within a linguistic area counting
20 million people.

To find out more about Gentoo Forum Netherlands or to join, visit
http://gentoo-forum.nl.

=========================
2. Heard in the community
=========================

planet.gentoo.org
-----------------

Gatt beta released

Arch testers' workload has been greatly eased, now that Matthias Langer[4]'s
gatt program has been released. gatt helps with handling stabilization and
keywording bugs. Interested people can always join an arch-team IRC channel
(such as #gentoo-x86) to help out as an arch tester. All arch-teams can be
found on the base project page[5].

   4. mlangc@gmx.at
   5. http://www.gentoo.org/proj/en/base/

  * http://www-users.rwth-aachen.de/Christian.Faulhammer/joomla/index.php?option=com_content&task=view&id=159&Itemid=99999999

New PS3 stages on mirrors

This week, the Gentoo Linux for PS3 development team[6] released a new
stage4 tarball. It's available for download on the mirrors, as are the
snapshots used to build the stage4 repository.

   6. http://www.gentoo.org/proj/en/base/ppc64/ps3/

  * http://planet.gentoo.org/developers/ranger/2007/01/23/new_ps3_stages_on_mirrors

=======================
3. Gentoo International
=======================

USA: SCALE 5x, Los Angeles, CA
------------------------------

That's right! SCALE 5x is coming up quickly. The event runs February 10
through February 11th. Don't miss out on two mini-conferences held on the
9th, Women in Open Source and Open Source Healthcare.

You can find Gentoo at booth #63[7]. Our development team is glad to present
you the following list of developers that will be attending:

   7. http://www.socallinuxexpo.org/scale5x/exhibitions/gentoo.php

Name                         Nickname
Steve Arnold                 nerdboy
Christel Dahlskjaer          christel
Steve Dibb                   beandog
Mike Doty                    kingtaco
Joshua Jackson               tsunam
Peter Johanson               latexer
Stephanie J. Lockwood-Childs wormo
Elfyn McBratney              beu
Daniel Ostrow                dostrow
Joshua Saddler               nightmorph
David Shakaryan              omp
Chris White                  chriswhite
Nicholas D. Wolfwood         blackace

Some of the developers will also attending a live showing of Rocky Horror
Picture Show on Saturday night, February 10.

Questions? Mail scale@gentoo.org, or ask the developers in person at SCALE.
;)

  * http://www.socallinuxexpo.org/scale5x/

=========================
4. Gentoo developer moves
=========================

Moves
-----

The following developers recently left the Gentoo project:

  * Matthew Kennedy (mkennedy)

Adds
----

The following developers recently joined the Gentoo project:

  * none this week

Changes
-------

The following developers recently changed roles within the Gentoo project:

  * none this week

==================
5. Gentoo security
==================

Fetchmail: Denial of Service and password disclosure
----------------------------------------------------

Fetchmail has been found to have numerous vulnerabilities allowing for
Denial of Service and password disclosure.

For more information, please see the GLSA Announcement[8]

   8. http://www.gentoo.org/security/en/glsa/glsa-200701-13.xml

Mod_auth_kerb: Denial of Service
--------------------------------

Mod_auth_kerb is vulnerable to a buffer overflow possibly allowing a Denial
of Service.

For more information, please see the GLSA Announcement[9]

   9. http://www.gentoo.org/security/en/glsa/glsa-200701-14.xml

Sun JDK/JRE: Multiple vulnerabilities
-------------------------------------

Multiple unspecified vulnerabilities have been identified in Sun Java
Development Kit (JDK) and Java Runtime Environment (JRE).

For more information, please see the GLSA Announcement[10]

  10. http://www.gentoo.org/security/en/glsa/glsa-200701-15.xml

Adobe Acrobat Reader: Multiple vulnerabilities
----------------------------------------------

Adobe Acrobat Reader is vulnerable to remote code execution, Denial of
Service, and cross-site scripting attacks.

For more information, please see the GLSA Announcement[11]

  11. http://www.gentoo.org/security/en/glsa/glsa-200701-16.xml

libgtop: Privilege escalation
-----------------------------

libgtop improperly handles filenames, possibly allowing for the execution of
arbitrary code.

For more information, please see the GLSA Announcement[12]

  12. http://www.gentoo.org/security/en/glsa/glsa-200701-17.xml

xine-ui: Format string vulnerabilities
--------------------------------------

xine-ui improperly handles format strings, possibly allowing for the
execution of arbitrary code.

For more information, please see the GLSA Announcement[13]

  13. http://www.gentoo.org/security/en/glsa/glsa-200701-18.xml

OpenLDAP: Insecure usage of /tmp during installation
----------------------------------------------------

A shell script commonly released with OpenLDAP makes insecure usage of files
in /tmp during the emerge process.

For more information, please see the GLSA Announcement[14]

  14. http://www.gentoo.org/security/en/glsa/glsa-200701-19.xml

Centericq: Remote buffer overflow in LiveJournal handling
---------------------------------------------------------

Centericq does not properly handle communications with the LiveJournal
service, allowing for the remote execution of arbitrary code.

For more information, please see the GLSA Announcement[15]

  15. http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml

MIT Kerberos 5: Arbitrary Remote Code Execution
-----------------------------------------------

Multiple vulnerabilities in MIT Kerberos 5 could potentially result in the
execution of arbitrary code.

For more information, please see the GLSA Announcement[16]

  16. http://www.gentoo.org/security/en/glsa/glsa-200701-21.xml

Squid: Multiple Denial of Service vulnerabilities
-------------------------------------------------

Two vulnerabilities have been found in Squid which make it susceptible to
Denial of Service attacks.

For more information, please see the GLSA Announcement[17]

  17. http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml

Cacti: Command execution and SQL injection
------------------------------------------

Cacti has three vulnerabilities that could allow shell command execution or
SQL injection.

For more information, please see the GLSA Announcement[18]

  18. http://www.gentoo.org/security/en/glsa/glsa-200701-23.xml

VLC media player: Format string vulnerability
---------------------------------------------

VLC media player improperly handles format strings, allowing for the
execution of arbitrary code.

For more information, please see the GLSA Announcement[19]

  19. http://www.gentoo.org/security/en/glsa/glsa-200701-24.xml

X.Org X server: Multiple vulnerabilities
----------------------------------------

Sean Larsson from iDefense Labs has found multiple vulnerabilities in the
DBE and Render extensions.

For more information, please see the GLSA Announcement[20]

  20. http://www.gentoo.org/security/en/glsa/glsa-200701-25.xml

=======================
6. Gentoo package moves
=======================

This section lists packages that have either been moved or added to the tree
and packages that have had their "last rites" announcement given to be
removed in the future. The package removals come from many locations,
including the Treecleaners[21] and various developers. Most packages which
are listed under the Last Rites section are in need of some love and care
and can remain in the tree if proper maintainership is established.

  21. http://www.gentoo.org/proj/en/qa/treecleaners

Removals:
---------

Package:                       Removal date: Contact:
net-misc/bcm4400               23 Jan 2007   Daniel Drake[22]
dev-lang/cm3                   24 Jan 2007   Mike Frysinger[23]
sys-apps/pcsc-ase-iiie-drv     24 Jan 2007   Alon Bar-Lev[24]
media-libs/libmusepack         25 Jan 2007   Diego Pettenò[25]
x11-themes/bmpx-themes         27 Jan 2007   Patrick McLean[26]
media-libs/swfdec              27 Jan 2007   Raúl Porcel[27]
dev-java/jakarta-tomcat-jasper 27 Jan 2007   William Thomson[28]
app-emulation/i8086emu         28 Jan 2007   Denis Dupeyron[29]
dev-ada/asis                   28 Jan 2007   George Shapovalov[30]
net-im/mercury-bin             28 Jan 2007   Gustavo Felisberto[31]

  22. dsd@gentoo.org
  23. vapier@gentoo.org
  24. alonbl@gentoo.org
  25. flameeyes@gentoo.org
  26. chutzpah@gentoo.org
  27. armin76@gentoo.org
  28. wltjr@gentoo.org
  29. calchan@gentoo.org
  30. george@gentoo.org
  31. humpback@gentoo.org

Additions:
----------

Package:                               Addition date: Contact:
app-text/gnochm[32]                    22 Jan 2007    Ryan Hill[33]
app-portage/gatt-svn[34]               23 Jan 2007    Christian Faulhammer[35]
dev-perl/Sys-Statistics-Linux[36]      23 Jan 2007    Michael Cummings[37]
xfce-extra/xfce4-timer[38]             23 Jan 2007    Peter Weller[3]
dev-java/fontbox[39]                   24 Jan 2007    Petteri Räty[40]
dev-scheme/scm[41]                     24 Jan 2007    Marijn Schouten[42]
app-admin/pprocm[43]                   25 Jan 2007    Michael Cummings[37]
dev-perl/GD-Barcode[44]                25 Jan 2007    Christian Hartmann[45]
dev-java/rundoc[46]                    25 Jan 2007    Petteri Räty[40]
net-p2p/bitstormlite[47]               26 Jan 2007    Raúl Porcel[27]
dev-java/snip[48]                      26 Jan 2007    Petteri Räty[40]
app-doc/linux-kernel-in-a-nutshell[49] 26 Jan 2007    Mike Frysinger[23]
net-p2p/dbhub[50]                      26 Jan 2007    Raúl Porcel[27]
net-misc/tipcutils[51]                 26 Jan 2007    Gustavo Zacarias[52]
dev-lang/xsb[53]                       28 Jan 2007    Keri Harris[54]
x11-plugins/compiz-extra[55]           28 Jan 2007    Hanno Boeck[56]
media-libs/wxsvg[57]                   28 Jan 2007    Ryan Hill[33]
app-text/searchmonkey[58]              28 Jan 2007    Raúl Porcel[27]
sys-fs/davl[59]                        28 Jan 2007    Raúl Porcel[27]

   3. welp@gentoo.org
  23. vapier@gentoo.org
  27. armin76@gentoo.org
  32. http://packages.gentoo.org/packages/?category=app-text;name=gnochm
  33. dirtyepic@gentoo.org
  34. http://packages.gentoo.org/packages/?category=app-portage;name=gatt-svn
  35. opfer@gentoo.org
  36. http://packages.gentoo.org/packages/?category=dev-perl;name=Sys-Statistics-Linux
  37. mcummings@gentoo.org
  38. http://packages.gentoo.org/packages/?category=xfce-extra;name=xfce4-timer
  39. http://packages.gentoo.org/packages/?category=dev-java;name=fontbox
  40. betelgeuse@gentoo.org
  41. http://packages.gentoo.org/packages/?category=dev-scheme;name=scm
  42. hkbst@gentoo.org
  43. http://packages.gentoo.org/packages/?category=app-admin;name=pprocm
  44. http://packages.gentoo.org/packages/?category=dev-perl;name=GD-Barcode
  45. ian@gentoo.org
  46. http://packages.gentoo.org/packages/?category=dev-java;name=rundoc
  47. http://packages.gentoo.org/packages/?category=net-p2p;name=bitstormlite
  48. http://packages.gentoo.org/packages/?category=dev-java;name=snip
  49. http://packages.gentoo.org/packages/?category=app-doc;name=linux-kernel-in-a-nutshell
  50. http://packages.gentoo.org/packages/?category=net-p2p;name=dbhub
  51. http://packages.gentoo.org/packages/?category=net-misc;name=tipcutils
  52. gustavoz@gentoo.org
  53. http://packages.gentoo.org/packages/?category=dev-lang;name=xsb
  54. keri@gentoo.org
  55. http://packages.gentoo.org/packages/?category=x11-plugins;name=compiz-extra
  56. hanno@gentoo.org
  57. http://packages.gentoo.org/packages/?category=media-libs;name=wxsvg
  58. http://packages.gentoo.org/packages/?category=app-text;name=searchmonkey
  59. http://packages.gentoo.org/packages/?category=sys-fs;name=davl

Last Rites:
-----------

Package:                         Removal date: Contact:
mail-client/ximian-connector[60] 24 Feb 07     Daniel Gryniewicz[61]
net-misc/e100[62]                24 Mar 07     Alec Warner[63]

  60. http://packages.gentoo.org/packages/?category=mail-client;name=ximian-connector
  61. dang@gentoo.org
  62. http://packages.gentoo.org/packages/?category=net-misc;name=e100
  63. antarus@gentoo.org

===========
7. Bugzilla
===========

Summary
-------

  * Statistics
  * Closed bug ranking
  * New bug rankings

Statistics
----------

The Gentoo community uses Bugzilla (bugs.gentoo.org[64]) to record and track
bugs, notifications, suggestions and other interactions with the development
team. Between 21 January 2007 and 28 January 2007, activity on the site has
resulted in:

  64. http://bugs.gentoo.org

  * 754 new bugs during this period
  * 455 bugs closed or resolved during this period
  * 31 previously closed bugs were reopened this period
  * 170 closed as NEEDINFO/WONTFIX/CANTFIX/INVALID/UPSTREAM during this
    period
  * 137 bugs marked as duplicates during this period

Of the 10729 currently open bugs: 19 are labeled 'blocker', 106 are labeled
'critical', and 454 are labeled 'major'.

Closed bug rankings
-------------------

The developers and teams who have closed the most bugs during this period
are:

  * XFCE Team[2], with 30 closed bugs[65]
  * Default Assignee for Orphaned Packages[66], with 30 closed bugs[67]
  * AMD64 Project[68], with 20 closed bugs[69]
  * Gentoo Security[70], with 18 closed bugs[71]
  * Gentoo KDE team[72], with 15 closed bugs[73]
  * Java team[74], with 15 closed bugs[75]
  * Gentoo's Team for Core System packages[76], with 13 closed bugs[77]
  * udev maintainers[78], with 11 closed bugs[79]

   2. xfce@gentoo.org
  65. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2007-01-21&chfieldto=2007-01-28&resolution=FIXED&assigned_to=xfce@gentoo.org
  66. maintainer-needed@gentoo.org
  67. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2007-01-21&chfieldto=2007-01-28&resolution=FIXED&assigned_to=maintainer-needed@gentoo.org
  68. amd64@gentoo.org
  69. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2007-01-21&chfieldto=2007-01-28&resolution=FIXED&assigned_to=amd64@gentoo.org
  70. security@gentoo.org
  71. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2007-01-21&chfieldto=2007-01-28&resolution=FIXED&assigned_to=security@gentoo.org
  72. kde@gentoo.org
  73. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2007-01-21&chfieldto=2007-01-28&resolution=FIXED&assigned_to=kde@gentoo.org
  74. java@gentoo.org
  75. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2007-01-21&chfieldto=2007-01-28&resolution=FIXED&assigned_to=java@gentoo.org
  76. base-system@gentoo.org
  77. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2007-01-21&chfieldto=2007-01-28&resolution=FIXED&assigned_to=base-system@gentoo.org
  78. udev-bugs@gentoo.org
  79. http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2007-01-21&chfieldto=2007-01-28&resolution=FIXED&assigned_to=udev-bugs@gentoo.org

New bug rankings
----------------

The developers and teams who have been assigned the most new bugs during
this period are:

  * Default Assignee for New Packages[80], with 44 new bugs[81]
  * Netmon Herd[82], with 17 new bugs[83]
  * Gentoo Web Application Packages Maintainers[84], with 13 new
    bugs[85]
  * Java team[74], with 10 new bugs[86]
  * udev maintainers[78], with 9 new bugs[87]
  * AMD64 Project[68], with 7 new bugs[88]
  * Gentoo X-windows packagers[89], with 6 new bugs[90]
  * Robin Johnson[91], with 6 new bugs[92]

  68. amd64@gentoo.org
  74. java@gentoo.org
  78. udev-bugs@gentoo.org
  80. maintainer-wanted@gentoo.org
  81. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2007-01-21&chfieldto=2007-01-28&assigned_to=maintainer-wanted@gentoo.org
  82. netmon@gentoo.org
  83. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2007-01-21&chfieldto=2007-01-28&assigned_to=netmon@gentoo.org
  84. web-apps@gentoo.org
  85. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2007-01-21&chfieldto=2007-01-28&assigned_to=web-apps@gentoo.org
  86. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2007-01-21&chfieldto=2007-01-28&assigned_to=java@gentoo.org
  87. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2007-01-21&chfieldto=2007-01-28&assigned_to=udev-bugs@gentoo.org
  88. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2007-01-21&chfieldto=2007-01-28&assigned_to=amd64@gentoo.org
  89. x11@gentoo.org
  90. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2007-01-21&chfieldto=2007-01-28&assigned_to=x11@gentoo.org
  91. robbat2@gentoo.org
  92. http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2007-01-21&chfieldto=2007-01-28&assigned_to=robbat2@gentoo.org

===============
8. GWN feedback
===============

The GWN is staffed by volunteers and members of the community who submit
ideas and articles. If you are interested in writing for the GWN, have
feedback on an article that we have posted, or just have an idea or article
that you would like to submit to the GWN, please send us your feedback[93]
and help make the GWN better.

  93. gwn-feedback@gentoo.org

===============================
9. GWN subscription information
===============================

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
gentoo-gwn+unsubscribe@gentoo.org from the e-mail address you are subscribed
under.

===================
10. Other languages
===================

The Gentoo Weekly Newsletter is also available in the following languages:

  * Chinese (Simplified)[94]
  * Danish[95]
  * Dutch[96]
  * English[97]
  * German[98]
  * Greek[99]
  * French[100]
  * Korean[101]
  * Japanese[102]
  * Italian[103]
  * Polish[104]
  * Portuguese (Brazil)[105]
  * Portuguese (Portugal)[106]
  * Russian[107]
  * Slovak[108]
  * Spanish[109]
  * Turkish[110]

  94. http://www.gentoo.org/news/zh_cn/gwn/gwn.xml
  95. http://www.gentoo.org/news/da/gwn/gwn.xml
  96. http://www.gentoo.org/news/nl/gwn/gwn.xml
  97. http://www.gentoo.org/news/en/gwn/gwn.xml
  98. http://www.gentoo.org/news/de/gwn/gwn.xml
  99. http://www.gentoo.org/news/el/gwn/gwn.xml
 100. http://www.gentoo.org/news/fr/gwn/gwn.xml
 101. http://www.gentoo.org/news/ko/gwn/gwn.xml
 102. http://www.gentoo.org/news/ja/gwn/gwn.xml
 103. http://www.gentoo.org/news/it/gwn/gwn.xml
 104. http://www.gentoo.org/news/pl/gwn/gwn.xml
 105. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
 106. http://www.gentoo.org/news/pt/gwn/gwn.xml
 107. http://www.gentoo.org/news/ru/gwn/gwn.xml
 108. http://www.gentoo.org/news/sk/gwn/gwn.xml
 109. http://www.gentoo.org/news/es/gwn/gwn.xml
 110. http://www.gentoo.org/news/tr/gwn/gwn.xml

Chris Gianelloni <wolf31o2@gentoo.org> - Editor
Ben de Groot <ben@berkano.net> - Author
Dimitry Bradt <diox@gentoo.org> - Author


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]