Gentoo Weekly Newsletter 11 December 2006

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 11 December 2006

Chris Gianelloni
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 11 December 2006.

1. Gentoo News

EFIKA boards shipped

Christmas came a little early this year for the Gentoo/PPC team and others.
A number of developers received the EFIKA[1], an evaluation board from
Genesi built around the MPC5200B PowerPC SoC (System on Chip) running at
400MHz. Also included on the board is 128MB of DDR memory, 10/100 ethernet,
2 USB 1.1 ports, 1 PCI/AGP slot, and sound with optical out.


The Gentoo/PPC team, along with Release Engineering, are working on both
detailed instructions for installing Gentoo on the EFIKA, as well as CD
media capable of booting the EFIKA from USB. Gentoo would like to thank
Genesi for its continued support and Freescale for providing the funding to
make this program possible.

For more information on the EFIKA, or to buy one yourself, visit Genesi's
EFIKA page[2].


2. Heard in the community

D-Bus 1.0.1 has been ~amd64'd

D-Bus, the inter-process communications program, has reached its 1.0
milestone and the resultant 1.01 ebuild is in testing. That is the good
news. The bad news is that the ABI (application binary interface) was
radically shifted from the prior 0.6x releases now stable in portage.

Emopig issued a warning to his fellow users that when he followed the
ebuild's instruction to run revdep-rebuild the resulting list of packages to
be re-merged was non-trivial (54 packages for him). Others seconded that,
particularly Gnome users. The damage on the KDE side seemed confined to the
kde-kioslaves package.

6thpink suggested that users install the binding packages dbus-glib,
dbus-python and dbus-qt3-old since the base dbus package no longer had USE
flags for python, qt3 or the like. This seemed to help at least one user.


Goodbye, Gentoo

Forums user beazizo has returned after an 18 month absence and said "I must
say, it [gentoo] is MUCH better than it was back then. It took me less than
a day to get a system up to a point where I had all the apps installed that
I was running in Ubuntu (and running much faster). I felt comfortable enough
to blow away my Ubuntu install. Good work Gentoo team!"

Welcome back to Gentoo, beazizo.



gnome-screensaver requires emacs?

Chris Bare was trying to install gnome-screensaver, with the following

| Code Listing 2.1                                                                |
| Trying to emerge gnome-screensaver                                              |
| # emerge emerge -pv --tree gnome-screensaver                                    |
|                                                                                 |
| These are the packages that would be merged, in reverse order:                  |
|                                                                                 |
| Calculating dependencies... done!                                               |
|  [ebuild  N    ] gnome-extra/gnome-screensaver-2.14.2  USE="pam xinerama -debug |
|  -doc" 1,872 kB                                                                 |
|  [ebuild  N    ] app-xemacs/emerge-1.09  59 kB                                  |
|  [ebuild  N    ]  app-editors/xemacs-21.4.17  USE="X berkdb gpm jpeg png tiff   |
|  -Xaw3d -athena -canna -dnd -freewnn -ldap -motif -mule -nas -neXt -postgres    |
|  -xface" 10,377 kB                                                              |

He wanted to know why gnome-screensaver seemed, against all logic, to depend
on xemacs.

Etaoin Shrdlu spotted the real problem. (Did you?) Chris had typed emerge
emerge and portage thought he wanted to emerge the app-xemacs/emerge package
and its dependencies.

This serves as a useful warning, since we all make such a mistakes



CFLAGS for Intel Core 2 CPUs

The Core 2 Duo is the flagship chip of Intel's CPU line and the "it"
processor of the moment. Any right-thinking Gentoo-er has only one question:
"What CFLAGS should I use for that bad boy?"

Michael Weyershäuser provided a pointer to a dirtyepic blog post[3] that
answered that question based on information from Intel itself. For GCC 4.1,
Core Solo/Duo uses -march=prescott while the Core 2 Duo/Solo gets
-march=nocona. For GCC 4.2, the -march is the same, but a -mtune=generic
flag is added.



3. Gentoo International

Belgium: DonnaroomLAN, Arendonk

Dutch Documentation Lead Dimitry Bradt[4] and other members of the Dutch
community are organizing a LAN party event and are inviting the Dutch Gentoo
community. The event takes place on Saturday 6 January 2007 and Sunday 7
January 2007 and is being held in Arendonk, Belgium[5], about half way
between Antwerpen and Eindhoven.

   4. [hidden email]

For more information, please visit the home page[6].


4. Gentoo in the press
====================== (7 December 2006)

Several developers were contacted from several distributions by the
article's author, Mayank Sharma, about their distribution's security
practices. Mayank spoke with developers from Red Hat, Novell, CentOS,
Debian, and, of course, Gentoo. He explains the different methodologies used
by the distributions, as well as points out some differences between the
community and commercial distributions.


5. Gentoo developer moves


The following developers recently left the Gentoo project:

  * none this week


The following developers recently joined the Gentoo project:

  * Peter Weller (welp) AMD64/Bugday/XFCE


The following developers recently changed roles within the Gentoo project:

  * Stephen Bennet (spb) joined Bugday team

6. Gentoo security

wv library: Multiple integer overflows

The wv library is vulnerable to multiple integer overflows which could lead
to the execution of arbitrary code.

For more information, please see the GLSA Announcement[7]


xine-lib: Buffer overflow

xine-lib is vulnerable to a buffer overflow in the Real Media input plugin,
which could lead to the execution of arbitrary code.

For more information, please see the GLSA Announcement[8]


GnuPG: Multiple vulnerabilities

GnuPG is vulnerable to a buffer overflow and an erroneous function pointer
dereference that can result in the execution of arbitrary code.

For more information, please see the GLSA Announcement[9]


ModPlug: Multiple buffer overflows

ModPlug contains several boundary errors that could lead to buffer overflows
resulting in the possible execution of arbitrary code.

For more information, please see the GLSA Announcement[10]


KOffice shared libraries: Heap corruption

An integer overflow in koffice-libs allows for a Denial of Service and
possibly the execution of arbitrary code when viewing malicious PowerPoint

For more information, please see the GLSA Announcement[11]


Mozilla Thunderbird: Multiple vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Thunderbird.

For more information, please see the GLSA Announcement[12]


Mozilla Firefox: Multiple vulnerabilities

Multiple vulnerabilities have been reported in Mozilla Firefox.

For more information, please see the GLSA Announcement[13]


SeaMonkey: Multiple vulnerabilities

Multiple vulnerabilities have been identified in the SeaMonkey project.

For more information, please see the GLSA Announcement[14]


MadWifi: Kernel driver buffer overflow

MadWifi is vulnerable to a buffer overflow that could potentially lead to
the remote execution of arbitrary code with root privileges.

For more information, please see the GLSA Announcement[15]


7. Upcoming package removals

This is a list of packages that have been announced to be removed in the
future. The package removals come from many locations, including the
Treecleaners[16] and various developers.


Last Rites:

Package:               Removal date: Contact:
dev-lang/prothon       03 Jan 07     Bryan Østergaard[17]
x11-themes/bmpx-themes 04 Jan 07     Patrick McLean[18]
app-antivirus/vlnx     09 Jan 07     Timothy Redaelli[19]

  17. [hidden email]
  18. [hidden email]
  19. [hidden email]

8. Bugzilla


  * Statistics
  * Closed bug ranking
  * New bug rankings


The Gentoo community uses Bugzilla ([20]) to record and track
bugs, notifications, suggestions and other interactions with the development
team. Between 03 December 2006 and 10 December 2006, activity on the site
has resulted in:


  * 724 new bugs during this period
  * 427 bugs closed or resolved during this period
  * 25 previously closed bugs were reopened this period
  * 163 bugs marked as duplicates during this period

Of the 10699 currently open bugs: 26 are labeled 'blocker', 104 are labeled
'critical', and 447 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period

  * Default Assignee for Orphaned Packages[21], with 22 closed bugs[22]
  * XFCE Team[23], with 20 closed bugs[24]
  * dotnet AT gentoo DOT org[25], with 16 closed bugs[26]
  * Gentoo's Team for Core System packages[27], with 14 closed bugs[28]
  * Gentoo Catalyst Developers[29], with 13 closed bugs[30]
  * Gentoo/BSD Team[31], with 13 closed bugs[32]
  * Roy Marples[33], with 11 closed bugs[34]
  * Gnustep herd[35], with 11 closed bugs[36]

  21. [hidden email]
  23. [hidden email]
  25. [hidden email]
  27. [hidden email]
  29. [hidden email]
  31. [hidden email]
  33. [hidden email]
  35. [hidden email]

New bug rankings

The developers and teams who have been assigned the most new bugs during
this period are:

  * Default Assignee for New Packages[37], with 29 new bugs[38]
  * Default Assignee for Orphaned Packages[21], with 11 new bugs[39]
  * Bryan Østergaard[17], with 10 new bugs[40]
  * AMD64 Project[41], with 9 new bugs[42]
  * Gentoo X-windows packagers[43], with 7 new bugs[44]
  * Gentoo Sound Team[45], with 7 new bugs[46]
  * mips team[47], with 6 new bugs[48]
  * media-video herd[49], with 6 new bugs[50]

  17. [hidden email]
  21. [hidden email]
  37. [hidden email]
  41. [hidden email]
  43. [hidden email]
  45. [hidden email]
  47. [hidden email]
  49. [hidden email]

9. GWN feedback

The GWN is staffed by volunteers and members of the community who submit
ideas and articles. If you are interested in writing for the GWN, have
feedback on an article that we have posted, or just have an idea or article
that you would like to submit to the GWN, please send us your feedback[51]
and help make the GWN better.

  51. [hidden email]

10. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email].

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email] from the e-mail address you are subscribed

11. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

  * Chinese (Simplified)[52]
  * Danish[53]
  * Dutch[54]
  * English[55]
  * German[56]
  * Greek[57]
  * French[58]
  * Korean[59]
  * Japanese[60]
  * Italian[61]
  * Polish[62]
  * Portuguese (Brazil)[63]
  * Portuguese (Portugal)[64]
  * Russian[65]
  * Slovak[66]
  * Spanish[67]
  * Turkish[68]


Ulrich Plate <[hidden email]> - Editor
Chris Atkinson <[hidden email]> - Author
Joseph Jezak <[hidden email]> - Author
Roy Bamford <[hidden email]> - Author
Chris Gianelloni <[hidden email]> - Author

[hidden email] mailing list