[gentoo-gwn] Gentoo Weekly Newsletter - Volume 3, Issue 15

[Yuji Kosugi <carlos@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 21163 bytes --]

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of April 12th, 2004.
---------------------------------------------------------------------------
 
==============
1. Gentoo News
==============
  
Gentoo Weekly Newsletter reorganizing
-------------------------------------
  
Recently we've been receiving emails from users about missing sections and 
content in the newsletter. We've had some contributors leave the team, and 
others have been unable to participate due to personal issues, but once we 
start adding some new contributors to the team and reorganizing, we should 
be right back on track. Those who responded to the recruitment drive last 
week, please hold on as we determine what positions we need filled and 
begin responding to applicants. Thanks to all our readers for reading the 
newsletter each week; we'll bring back all our regular content as quickly 
as possible. 
    
Gentoo Linux Project seeking SAMBA developers
---------------------------------------------
  
The Gentoo Linux Project is seeking developers who have experience with 
SAMBA. Send an email to recruiters@gentoo.org with some background info if 
you're interested. 
    
==================
2. Gentoo Security
==================
  
Insecure sandbox temporary lockfile vulnerabilities in Portage
--------------------------------------------------------------
  
A flaw has been found in the temporary file handling algorithms for the 
sandboxing code used within Portage. Lockfiles created during normal 
Portage operation of portage could be manipulated by local users resulting 
in the truncation of hard linked files; causing a Denial of Service attack 
on the system. 
 
For more information, please see the GLSA Announcement[1] 

 1. http://www.gentoo.org/security/en/glsa/glsa-200404-01.xml
    
KDE Personal Information Management Suite Remote Buffer Overflow 
Vulnerability
-------------
  
KDE-PIM may be vulnerable to a remote buffer overflow attack that may 
allow unauthorized access to an affected system. 
 
For more information, please see the GLSA Announcement[2] 

 2. http://www.gentoo.org/security/en/glsa/glsa-200404-02.xml
    
Tcpdump Vulnerabilities in ISAKMP Parsing
-----------------------------------------
  
There are multiple vulnerabilities in tcpdump and libpcap related to 
parsing of ISAKMP packets. 
 
For more information, please see the GLSA Announcement[3] 

 3. http://www.gentoo.org/security/en/glsa/glsa-200404-03.xml
    
Multiple vulnerabilities in sysstat
-----------------------------------
  
Multiple vulnerabilities in the way sysstat handles symlinks may allow an 
attacker to execute arbitrary code or overwrite arbitrary files 
 
For more information, please see the GLSA Announcement[4] 

 4. http://www.gentoo.org/security/en/glsa/glsa-200404-04.xml
    
ipsec-tools contains an X.509 certificates vulnerability.
---------------------------------------------------------
  
ipsec-tools contains a vulnerability that affects connections 
authenticated with X.509 certificates. 
 
For more information, please see the GLSA Announcement[5] 

 5. http://www.gentoo.org/security/en/glsa/glsa-200404-05.xml
    
Util-linux login may leak sensitive data
----------------------------------------
  
The login program included in util-linux could leak sensitive information 
under certain conditions. 
 
For more information, please see the GLSA Announcement[6] 

 6. http://www.gentoo.org/security/en/glsa/glsa-200404-06.xml
    
ClamAV RAR Archive Remote Denial Of Service Vulnerability
---------------------------------------------------------
  
ClamAV is vulnerable to a denial of service attack when processing certain 
RAR archives. 
 
For more information, please see the GLSA Announcement[7] 

 7. http://www.gentoo.org/security/en/glsa/glsa-200404-07.xml
    
GNU Automake symbolic link vulnerability
----------------------------------------
  
Automake may be vulnerable to a symbolic link attack which may allow an 
attacker to modify data or elevate their privileges. 
 
For more information, please see the GLSA Announcement[8] 

 8. http://www.gentoo.org/security/en/glsa/glsa-200404-08.xml
    
Cross-realm trust vulnerability in Heimdal
------------------------------------------
  
Heimdal contains cross-realm vulnerability allowing someone with control 
over a realm to impersonate anyone in the cross-realm trust path. 
 
For more information, please see the GLSA Announcement[9] 

 9. http://www.gentoo.org/security/en/glsa/glsa-200404-09.xml
    
iproute local Denial of Service vulnerability
---------------------------------------------
  
The iproute package allows local users to cause a denial of service. 
 
For more information, please see the GLSA Announcement[10] 

 10. http://www.gentoo.org/security/en/glsa/glsa-200404-10.xml
    
Multiple Vulnerabilities in pwlib
---------------------------------
  
Multiple vulnerabilites have been found in pwlib that may lead to a remote 
denial of service or buffer overflow attack. 
 
For more information, please see the GLSA Announcement[11] 

 11. http://www.gentoo.org/security/en/glsa/glsa-200404-11.xml
    
Scorched 3D server chat box format string vulnerability
-------------------------------------------------------
  
Scorched 3D is vulnerable to a format string attack in the chat box that 
leads to Denial of Service on the game server and possibly allows 
execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[12] 

 12. http://www.gentoo.org/security/en/glsa/glsa-200404-12.xml
    
=========================
3. Heard in the Community
=========================
  
Web Forums
----------
  
Week of the Xorg 
 
Two unusually active threads have developed last week providing opinions 
and experience concerning the alternative to XFree86 some people have been 
trying out lately. In any case, the forked X server from X.org certainly 
looks popular enough to attract six pages worth of postings within just 
three days since the creation of the discussion thread, and even the Howto 
thread had dozens of Gentooists post addenda or corrections:
 
 * experiences with xorg-x11-6.7.0[13] 
 * How I got x.org up and running[14]
 13. http://forums.gentoo.org/viewtopic.php?t=158619
 14. http://forums.gentoo.org/viewtopic.php?t=158911

=======================
4. Gentoo International
=======================
   
Italy/Switzerland: Joint GECHI and Ticino LUG Meeting 
 
On Friday and Saturday, 16 and 17 April, the notorious GECHI[15] group of 
Italian Gentoo users will join forces with the Ticino Linx User Group to 
organize a friendly event at one of three SUPSI (Scuola Universitaria 
Professionale della Svizzera Italiana) sites in Switzerland, this one 
located in a town called Manno, not far from the Italian border. Dates and 
times are to be taken with a grain of salt (check the TiLUG site[16] for 
details), but the Forum coordination thread[17] appears to have everything 
under control. And in any case, springtime in Ticino is supposed to be 
lovely....

 15. http://www.gechi.org/
 16. http://tilug.org/cms/index.php?ind=14
 17. http://forums.gentoo.org/viewtopic.php?t=157613
    
===========
5. Bugzilla
===========
  
Summary
-------
  
 * Statistics 
 * Closed Bug Ranking 
 * New Bug Rankings 
    
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[18]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 03 April 2004 and 09 April 2004, activity on the 
site has resulted in: 

 18. http://bugs.gentoo.org
 
 * 642 new bugs during this period 
 * 336 bugs closed or resolved during this period 
 * 22 previously closed bugs were reopened this period 
 
Of the 5570 currently open bugs: 128 are labeled 'blocker', 199 are 
labeled 'critical', and 454 are labeled 'major'. 
    
Closed Bug Rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * Jeremy Huddleston[19], with 32 closed bugs[20]  
 * AMD64 Porting Team[21], with 22 closed bugs[22]  
 * Gentoo Linux Gnome Desktop Team[23], with 18 closed bugs[24]  
 * Gentoo KDE team[25], with 17 closed bugs[26]  
 * Gentoo Games team[27], with 15 closed bugs[28]  
 * x86 Kernel team[29], with 14 closed bugs[30]  
 * Gentoo Security[31], with 14 closed bugs[32]  
 * SpanKY[33], with 11 closed bugs[34]  
 19. eradicator@gentoo.org
 20. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
ED&assigned_to=eradicator@gentoo.org
 21. amd64@gentoo.org
 22. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
ED&assigned_to=amd64@gentoo.org
 23. gnome@gentoo.org
 24. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
ED&assigned_to=gnome@gentoo.org
 25. kde@gentoo.org
 26. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
ED&assigned_to=kde@gentoo.org
 27. games@gentoo.org
 28. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
ED&assigned_to=games@gentoo.org
 29. x86-kernel@gentoo.org
 30. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
ED&assigned_to=x86-kernel@gentoo.org
 31. security@gentoo.org
 32. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
ED&assigned_to=security@gentoo.org
 33. vapier@gentoo.org
 34. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&ch
field=bug_status&chfieldfrom=2004-04-03&chfieldto=2004-04-09&resolution=FIX
ED&assigned_to=vapier@gentoo.org

New Bug Rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * AMD64 Porting Team[35], with 31 new bugs[36]  
 * Gentoo Linux Gnome Desktop Team[37], with 28 new bugs[38]  
 * Gentoo's Team for Core System packages[39], with 21 new bugs[40]  
 * Jeremy Huddleston[41], with 11 new bugs[42]  
 * Net-Mail Packages[43], with 8 new bugs[44]  
 * Gentoo X-windows packagers[45], with 7 new bugs[46]  
 * Robert Coie[47], with 7 new bugs[48]  
 * Gentoo KDE team[49], with 7 new bugs[50]  
 35. amd64@gentoo.org
 36. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
-09&assigned_to=amd64@gentoo.org
 37. gnome@gentoo.org
 38. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
-09&assigned_to=gnome@gentoo.org
 39. base-system@gentoo.org
 40. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
-09&assigned_to=base-system@gentoo.org
 41. eradicator@gentoo.org
 42. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
-09&assigned_to=eradicator@gentoo.org
 43. net-mail@gentoo.org
 44. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
-09&assigned_to=net-mail@gentoo.org
 45. xfree@gentoo.org
 46. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
-09&assigned_to=xfree@gentoo.org
 47. rac@gentoo.org
 48. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
-09&assigned_to=rac@gentoo.org
 49. kde@gentoo.org
 50. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_s
tatus=REOPENED&chfield=assigned_to&chfieldfrom=2004-04-03&chfieldto=2004-04
-09&assigned_to=kde@gentoo.org

==================
6. Tips and Tricks
==================
  
Shell Autologout with TMOUT
 
Adding the TMOUT environment variable to your shell startup scripts will 
automatically log out of an interactive shell after the specified number 
of seconds. 
 
---------------------------------------------------------------------------
| Code Listing 6.1:                                                       |
| .bash_profile                                                           |
---------------------------------------------------------------------------
|                                                                         |
|Timeout if no input is given for 1 hour                                  |
|TMOUT=3600                                                               |
|                                                                         |
---------------------------------------------------------------------------
   
===========================
7. Moves, Adds, and Changes
===========================
  
Moves
-----
  
The following developers recently left the Gentoo team: 
 * none this week 
 
    
Adds
----
  
The following developers recently joined the Gentoo Linux team:
 
 * Jonathan Hood (squinky86) - accessibility, sword 
 * Yi Qiang (khai) - gnome 
 * Patrick Lauer (bonsaikitten) - cygwin, x86 
 * Danny Van (kugelfang) - amd64 
 * Roger Miliker (roger55) - releng 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo Linux 
project:
 
 * none this week 
    
====================
8. Contribute to GWN
====================
   
Interested in contributing to the Gentoo Weekly Newsletter? Send us an 
email[51].

 51. gwn-feedback@gentoo.org
    
===============
9. GWN Feedback
===============
   
Please send us your feedback[52] and help make the GWN better.

 52. gwn-feedback@gentoo.org
    
================================
10. GWN Subscription Information
================================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-subscribe@gentoo.org.
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn-unsubscribe@gentoo.org from the email address you are 
subscribed under.
    
===================
11. Other Languages
===================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Dutch[53] 
 * English[54] 
 * German[55] 
 * French[56] 
 * Japanese[57] 
 * Italian[58] 
 * Polish[59] 
 * Portuguese (Brazil)[60] 
 * Portuguese (Portugal)[61] 
 * Russian[62] 
 * Spanish[63] 
 * Turkish[64] 
 53. http://www.gentoo.org/news/be/gwn/gwn.xml
 54. http://www.gentoo.org/news/en/gwn/gwn.xml
 55. http://www.gentoo.org/news/de/gwn/gwn.xml
 56. http://www.gentoo.org/news/fr/gwn/gwn.xml
 57. http://www.gentoo.org/news/ja/gwn/gwn.xml
 58. http://www.gentoo.org/news/it/gwn/gwn.xml
 59. http://www.gentoo.org/news/pl/gwn/gwn.xml
 60. http://www.gentoo.org/news/br/gwn/gwn.xml
 61. http://www.gentoo.org/news/pt/gwn/gwn.xml
 62. http://www.gentoo.org/news/ru/gwn/gwn.xml
 63. http://www.gentoo.org/news/es/gwn/gwn.xml
 64. http://www.gentoo.org/news/tr/gwn/gwn.xml

   
Yuji Carlos Kosugi <carlos@gentoo.org> - Editor
AJ Armstrong <aja@clanarmstrong.com> - Contributor
Brian Downey <bdowney@briandowney.net> - Contributor
Luke Giuliani <cold_flame@email.com> - Contributor
Grant Goodyear <g2boojum@gentoo.org> - Contributor
Aron Griffis <agriffis@gentoo.org> - Contributor
Stuart Herbert <stuart@gentoo.org> - Contributor
Kurt Lieber <klieber@gentoo.org> - Contributor
Rafael Cordones Marcos <rcm@sasaska.net> - Contributor
David Narayan <david@phrixus.net> - Contributor
David Nielsen <Lovechild@foolclan.com> - Contributor
Ulrich Plate <plate@gentoo.org> - Contributor
Simon Holm Thagersen <simon@lysbro.net> - Danish Translation
Jesper Brodersen <broeman@gentoo.org> - Danish Translation
Arne Mejlholm <aaby@gentoo.org> - Danish Translation
Hendrik Eeckhaut <Hendrik.Eeckhaut@UGent.be> - Dutch Translation
Jorn Eilander <sephiroth@quicknet.nl> - Dutch Translation
Bernard Kerckenaere <bernieke@bernieke.com> - Dutch Translation
Peter ter Borg <peter@daborg.nl> - Dutch Translation
Jochen Maes <linux@sejo.be> - Dutch Translation
Roderick Goessen <rgoessen@home.nl> - Dutch Translation
Gerard van den Berg <gerard@steelo.net> - Dutch Translation
Matthieu Montaudouin <mat@frheaven.com> - French Translation
Xavier Neys <neysx@gentoo.org> - French Translation
Martin Prieto <riverdale@linuxmail.org> - French Translation
Antoine Raillon <cabec2@pegase.net> - French Translation
Sebastien Cevey <seb@cine7.net> - French Translation
Jean-Christophe Choisy <mabouya@petitefleure.org> - French Translation
Thomas Raschbacher <lordvan@gentoo.org> - German Translation
Steffen Lassahn <madeagle@gentoo.org> - German Translation
Matthias F. Brandstetter <haim@gentoo.org> - German Translation
Lukas Domagala <Cyrik@gentoo.org> - German Translation
Tobias Scherbaum <dertobi123@gentoo.org> - German Translation
Daniel Gerholdt <Sputnik1969@gentoo.org> - German Translation
Marc Herren <dj-submerge@gentoo.org> - German Translation
Tobias Matzat <SirSeoman@gentoo.org> - German Translation
Marco Mascherpa <mush@monrif.net> - Italian Translation
Claudio Merloni <paper@tiscali.it> - Italian Translation
Stefano Lucidi <stefano.lucidi@gentoo-italia.org> - Italian Translation
Katuyuki Konno <katuyuki@siva.ddo.jp> - Japanese Translation
Hiroyuki Takeda <hiro@extreme.jspeed.jp> - Japanese Translation
Masato Hatakeyama <hatake@mx2.ttcn.ne.jp> - Japanese Translation
Masayoshi Nakamura <masayang@masasushi.com> - Japanese Translation
Yasunori Fukudome <yasunori@mail.portland.co.uk> - Japanese Translation
Tomoyuki Sakurai <web-gentoo-doc-jp@trombik.mine.nu> - Japanese Translation
Lukasz Strzygowski <lucass@gentoo.pl> - Polish Translation
Karol Goralski <gooroo@gentoo.pl> - Polish Translation
Atila "Jedi" Bohlke Vasconcelos <bohlke@inf.ufrgs.br> - Portuguese 
(Brazil) Translation
Eduardo Belloti <dudu@datavibe.net> - Portuguese (Brazil) Translation
Jo??o Rafael Moraes Nicola <joaoraf@rudah.com.br> - Portuguese (Brazil) 
Translation
Marcelo Gon??alves de Azambuja <mgazambuja@terra.com.br> - Portuguese 
(Brazil) Translation
Otavio Rodolfo Piske <angusy@gentoobr.org> - Portuguese (Brazil) 
Translation
Pablo N. Hess -- NatuNobilis <natunobilis@gentoobr.org> - Portuguese 
(Brazil) Translation
Pedro de Medeiros <pzilla@yawl.com.br> - Portuguese (Brazil) Translation
Ventura Barbeiro <venturasbarbeiro@ig.com.br> - Portuguese (Brazil) 
Translation
Bruno Ferreira <blueroom@digitalmente.net> - Portuguese (Portugal) 
Translation
Gustavo Felisberto <humpback@felisberto.net> - Portuguese (Portugal) 
Translation
Jos?? Costa <jose_costa@netcabo.pt> - Portuguese (Portugal) Translation
Luis Medina <metalgodin@linuxmail.org> - Portuguese (Portugal) Translation
Ricardo Loureiro <rjlouro@rjlouro.org> - Portuguese (Portugal) Translation
Aleksandr Martyncev <amncorp@bk.ru> - Russian Translator
Sergey Galkin <gals_home@list.ru> - Russian Translator
Sergey Kuleshov <svyatogor@gentoo.org> - Russian Translator
Alex Spirin <asp13@mail.ru> - Russian Translator
Denis Zaletov <dzaletov@rambler.ru> - Russian Translator
Lanark <lanark@lanark.com.ar> - Spanish Translation
Fernando J. Pereda <ferdy@ferdyx.org> - Spanish Translation
Lluis Peinado Cifuentes <lpeinado@uoc.edu> - Spanish Translation
Zephryn Xirdal T <ZEPHRYNXIRDAL@telefonica.net> - Spanish Translation
Guillermo Juarez <katossi@usuarios.retecal.es> - Spanish Translation
Jes??s Garc??a Crespo <correo@sevein.com> - Spanish Translation
Carlos Castillo <carlos@castillobueno.com> - Spanish Translation
Julio Castillo <julio@castillobueno.com> - Spanish Translation
Sergio G??mez <s3r@fibertel.com.ar> - Spanish Translation
Aycan Irican <aycan@core.gen.tr> - Turkish Translation
Bugra Cakir <bugra@myrealbox.com> - Turkish Translation
Cagil Seker <cagils@biznet.com.tr> - Turkish Translation
Emre Kazdagli <emre@core.gen.tr> - Turkish Translation
Evrim Ulu <evrim@core.gen.tr> - Turkish Translation
Gursel Kaynak <gurcell@core.gen.tr> - Turkish Translation

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]