[gentoo-gwn] Gentoo Weekly Newsletter 19 December 2005

[Ulrich Plate <plate@gentoo.org>]

---------------------------------------------------------------------------
Gentoo Weekly Newsletter
http://www.gentoo.org/news/en/gwn/current.xml
This is the Gentoo Weekly Newsletter for the week of 19 December 2005.
---------------------------------------------------------------------------
 
==============
1. Gentoo news
==============
  
Documentation project status update
-----------------------------------
  
Another update from the busy Gentoo documentation project has been 
published last weekend, this one filled mostly with modifications to 
existing guides. Some of those have already been featured in past GWNs, 
like the GCC upgrading guide[1], while others have passed mostly 
unnoticed, but deserve a much broader audience, like the Gentoo home 
router guide[2] featuring instructions how to configure a kernel for 
ADSL/PPPoE connectivity. Have a look at the whole status update[3] for 
more changes to several pieces of documentation. 
 1. http://www.gentoo.org/doc/en/gcc-upgrading.xml
 2. http://www.gentoo.org/doc/en/home-router-howto.xml
 3. http://www.gentoo.org/proj/en/gdp/status/status_20051216.xml
 
As with every work in progress, your input is much appreciated: after the 
removal of stage 1 and 2 instructions from the handbook (now part of the 
Gentoo FAQ[4]), the GDP has set off on a mission to write an entirely new 
bootstrapping guide. The new document will discuss the reasons for 
bootstrapping, the creation of installation media for unsupported 
platforms and other topics. A draft bootstrapping guide[5] is now waiting 
for your feedback; please contact Sven Vermeulen[6] if you're 
knowledgeable about these things and would like to comment on the current 
state of the document. 
 4. http://www.gentoo.org/doc/en/faq.xml
 5. http://www.gentoo.org/doc/en/draft/bootstrapping-guide.xml
 6. swift@gentoo.org
    
=======================
2. Gentoo international
=======================
  
Germany: Gentoo Summer Camp errata
----------------------------------
  
GSC initiator and German Gentoo Forum moderator slick[7] points to an 
important error that slipped through quality control in the previous GWN: 
"Cold beverages are unfortunately not included in the 10 Euro 
participation fee per person and night," he says. These and other details, 
like the final venue, who to bring and what to expect is being discussed 
at the GSC organizers' forum[8] (German and English). 
 7. http://forums.gentoo.org/profile.php?mode=viewprofile&u=18822
 8. http://gsc2006.nachtnebelnelken.de
    
======================
3. Gentoo in the press
======================
  
Genesi press release (18 December 2005)
---------------------------------------
  
Gentoo developer Pieter Van den Abeele[9] appears in a picture from the 
first Power.org investor community event last week in Palo Alto, shot 
during a presentation of his Gentoo-driven Genesi Home Media Center[10], a 
feature-rich digital video recorder based on the PegasosPPC platform. The 
station's internal design won an award[11] at the Freescale conference in 
June, and is hand-made on order, with a brushed aluminium case thrown in 
for good measure. Gentoo-sponsor Genesi's press release describes the 
POWER venture capital symposium as "presenting proof points for potential 
investors in the Power.org community" and links to a presentation on 
"Building Future Products; Tools, enablement, community, accelerators." 
 9. pvdabeel@gentoo.org
 10. http://www.genesippc.com/press.php?date=20051218
 11. http://www.gentoo.org/news/en/gwn/20050627-newsletter.xml#doc_chap1
    
KDE.news (15 December 2005)
---------------------------
  
KDE Developer Navindra Umanee[12] announces the move of KDE Dot News 
servers[13] to being hosted at the OSUOSL[14] (Oregon State University 
Open Source Labs). He is "truly impressed" by the combination of Gentoo 
Linux provided by the OSL in a Xen virtual machine: "Xen is completely 
transparent to the typical VM user and if I didn't know better I'd think 
we had a dedicated machine," says Navindra. This is the first Gentoo 
server he's encountered so far, and compiling everything from source "is 
starting to get a little old," but emerge has won a new fan nonetheless: 
"It has been extremely easy to pull in and configure any extra software we 
needed -- a simple emerge usually does the trick." 
 12. navindra@kde.org
 13. http://dot.kde.org/1134714488/
 14. http://osuosl.org/
    
=========================
4. Gentoo developer moves
=========================
  
Moves
-----
  
The following developers recently left the Gentoo project: 
 
 * None this week 
    
Adds
----
  
The following developers recently joined the Gentoo project: 
 
 * None this week 
    
Changes
-------
  
The following developers recently changed roles within the Gentoo project:
 
 * None this week 
    
==================
5. Gentoo Security
==================
   
Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
------------------------------------------------------------------------
  
Openswan and IPsec-Tools suffer from an implementation flaw which may 
allow a Denial of Service attack. 
 
For more information, please see the GLSA Announcement[15] 
 15. http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml
    
Xmail: Privilege escalation through sendmail
--------------------------------------------
  
The sendmail program in Xmail is vulnerable to a buffer overflow, 
potentially resulting in local privilege escalation. 
 
For more information, please see the GLSA Announcement[16] 
 16. http://www.gentoo.org/security/en/glsa/glsa-200512-05.xml
    
Ethereal: Buffer overflow in OSPF protocol dissector
----------------------------------------------------
  
Ethereal is missing bounds checking in the OSPF protocol dissector that 
could lead to abnormal program termination or the execution of arbitrary 
code. 
 
For more information, please see the GLSA Announcement[17] 
 17. http://www.gentoo.org/security/en/glsa/glsa-200512-06.xml
    
OpenLDAP, Gauche: RUNPATH issues
--------------------------------
  
OpenLDAP and Gauche suffer from RUNPATH issues that may allow users in the 
"portage" group to escalate privileges. 
 
For more information, please see the GLSA Announcement[18] 
 18. http://www.gentoo.org/security/en/glsa/glsa-200512-07.xml
    
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
---------------------------------------------------
  
Multiple vulnerabilities have been discovered in Xpdf, GPdf, CUPS and 
Poppler potentially resulting in the execution of arbitrary code. 
 
For more information, please see the GLSA Announcement[19] 
 19. http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
    
cURL: Off-by-one errors in URL handling
---------------------------------------
  
cURL is vulnerable to local arbitrary code execution via buffer overflow 
due to the insecure parsing of URLs. 
 
For more information, please see the GLSA Announcement[20] 
 20. http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml
    
Opera: Command-line URL shell command injection
-----------------------------------------------
  
Lack of URL validation in Opera command-line wrapper could be abused to 
execute arbitrary commands. 
 
For more information, please see the GLSA Announcement[21] 
 21. http://www.gentoo.org/security/en/glsa/glsa-200512-10.xml
     
===========
6. Bugzilla
===========
  
Statistics
----------
  
The Gentoo community uses Bugzilla (bugs.gentoo.org[22]) to record and 
track bugs, notifications, suggestions and other interactions with the 
development team. Between 04 December 2005 and 11 December 2005, activity 
on the site has resulted in: 
 22. http://bugs.gentoo.org
 
 * 740 new bugs during this period 
 * 373 bugs closed or resolved during this period 
 * 29 previously closed bugs were reopened this period 
 
Of the 9124 currently open bugs: 96 are labeled 'blocker', 195 are labeled 
'critical', and 542 are labeled 'major'. 
    
Closed bug rankings
-------------------
  
The developers and teams who have closed the most bugs during this period 
are: 
 
 * Java team[23], with 22 closed bugs[24]  
 * Greg Kroah-Hartman[25], with 17 closed bugs[26]  
 * Gentoo KDE team[27], with 12 closed bugs[28]  
 * Gentoo Developer Relations Team[29], with 12 closed bugs[30]  
 * Gentoo's Team for Core System packages[31], with 12 closed bugs[32]  
 * AMD64 Porting Team[33], with 11 closed bugs[34]  
 * Gentoo X-windows packagers[35], with 10 closed bugs[36]  
 * AMD64 Testing Team[37], with 10 closed bugs[38]  
 23. java@gentoo.org
 24. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=java@gentoo.org
 25. gregkh@gentoo.org
 26. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=gregkh@gentoo.org
 27. kde@gentoo.org
 28. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=kde@gentoo.org
 29. devrel@gentoo.org
 30. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=devrel@gentoo.org
 31. base-system@gentoo.org
 32. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=base-system@gentoo.org
 33. amd64@gentoo.org
 34. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=amd64@gentoo.org
 35. x11@gentoo.org
 36. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=x11@gentoo.org
 37. amd64-test@gentoo.org
 38. 
http://bugs.gentoo.org/buglist.cgi?bug_status=RESOLVED&bug_status=CLOSED&chfield=bug_status&chfieldfrom=2005-12-04&chfieldto=2005-12-11&resolution=FIXED&assigned_to=amd64-test@gentoo.org
    
New bug rankings
----------------
  
The developers and teams who have been assigned the most new bugs during 
this period are: 
 
 * Default Assignee for New Packages[39], with 30 new bugs[40]  
 * Default Assignee for Orphaned Packages[41], with 15 new bugs[42]  
 * X11 External Driver Maintainers[43], with 12 new bugs[44]  
 * Mozilla Gentoo Team[45], with 11 new bugs[46]  
 * Gentoo Sound Team[47], with 8 new bugs[48]  
 * Gentoo KDE team[49], with 8 new bugs[50]  
 * Saleem A.[51], with 7 new bugs[52]  
 * Gentoo Linux Gnome Desktop Team[53], with 6 new bugs[54]  
 39. maintainer-wanted@gentoo.org
 40. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=maintainer-wanted@gentoo.org
 41. maintainer-needed@gentoo.org
 42. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=maintainer-needed@gentoo.org
 43. x11-drivers@gentoo.org
 44. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=x11-drivers@gentoo.org
 45. mozilla@gentoo.org
 46. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=mozilla@gentoo.org
 47. sound@gentoo.org
 48. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=sound@gentoo.org
 49. kde@gentoo.org
 50. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=kde@gentoo.org
 51. compnerd@gentoo.org
 52. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=compnerd@gentoo.org
 53. gnome@gentoo.org
 54. 
http://bugs.gentoo.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&chfield=assigned_to&chfieldfrom=2005-12-04&chfieldto=2005-12-11&assigned_to=gnome@gentoo.org
    
===============
7. GWN feedback
===============
   
Please send us your feedback[55] and help make the GWN better. 
 55. gwn-feedback@gentoo.org
    
===============================
8. GWN subscription information
===============================
   
To subscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+subscribe@gentoo.org. 
 
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to 
gentoo-gwn+unsubscribe@gentoo.org from the email address you are 
subscribed under.
    
==================
9. Other languages
==================
   
The Gentoo Weekly Newsletter is also available in the following languages:
 
 * Danish[56]  
 * Dutch[57]  
 * English[58]  
 * German[59]  
 * French[60]  
 * Korean[61]  
 * Japanese[62]  
 * Italian[63]  
 * Polish[64]  
 * Portuguese (Brazil)[65]  
 * Portuguese (Portugal)[66]  
 * Russian[67]  
 * Spanish[68]  
 * Turkish[69]  
 56. http://www.gentoo.org/news/da/gwn/gwn.xml
 57. http://www.gentoo.org/news/nl/gwn/gwn.xml
 58. http://www.gentoo.org/news/en/gwn/gwn.xml
 59. http://www.gentoo.org/news/de/gwn/gwn.xml
 60. http://www.gentoo.org/news/fr/gwn/gwn.xml
 61. http://www.gentoo.org/news/ko/gwn/gwn.xml
 62. http://www.gentoo.org/news/ja/gwn/gwn.xml
 63. http://www.gentoo.org/news/it/gwn/gwn.xml
 64. http://www.gentoo.org/news/pl/gwn/gwn.xml
 65. http://www.gentoo.org/news/pt_br/gwn/gwn.xml
 66. http://www.gentoo.org/news/pt/gwn/gwn.xml
 67. http://www.gentoo.org/news/ru/gwn/gwn.xml
 68. http://www.gentoo.org/news/es/gwn/gwn.xml
 69. http://www.gentoo.org/news/tr/gwn/gwn.xml
   
Ulrich Plate <plate@gentoo.org> - Editor
Chris White <chriswhite@gentoo.org> - Author

-- 
gentoo-gwn@gentoo.org mailing list