Gentoo Weekly Newsletter 23 April 2007

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 23 April 2007

Chris Gianelloni
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 23 April 2007.

1. Gentoo News

Thanks from the GWN staff

Over the past week, the GWN staff has had many users contact them,
interested in writing articles for the GWN, and the GWN team would like to
publicly express our gratitude and thanks to the new GWN contributors.

This does not mean, however, that the GWN team is not looking for more
contributors, as the team is always looking for articles, ideas for 'Tip of
the week', and so on. Plus, as the saying goes - "The more the merrier!".
Feel free to email the GWN team at [hidden email] or visit us in
our IRC channel (#gentoo-gwn on for article suggestions
and any other ideas.

2. Developer of the Week

Markus Ullmann, aka Jokey

Figure 2.1: Markus Ullmann, aka Jokey

Markus Ullmann[1], also known as 'Teh Jokey (TM)' is a 25 year old developer
and part of our 'German conspiracy'. Markus currently lives in Uetersen,
together with his family. Markus is studying electrical engineering at the
HAW Hamburg University. He took an apprenticeship as industrial electrician
at Beiersdorf and quickly discovered that building such production machines
would be fun. He decided to become an engineer and is currently on his 3rd
semester. Markus gets a lot of practical courses involving numeric
simulations with C, developing on FPGA boards, and getting into the deep
secrets of diodes and transistors.

   1. [hidden email]

Of the variety of hobbies that Markus enjoys, which include working on
Gentoo, swimming, playing D20 (Dungeons and Dragons), and playing keyboard,
his favorite is swimming. Ironically, this self described computer nerd met
the love of his life, Svenja (who also considers herself a computer nerd),
via swimming.

So about that name, Jokey... Markus got the name Jokey from a LAN party
after having played pranks on several fellow gamers. Someone recalled the
children's cartoon 'The Smurfs' and the infamous character Jokey... the name
still sticks to this day.

Markus is an active member of two German Linux User groups: LUG Flensburg
e.V. and LUG Norderstedt e.V. He also likes to attend conventions and
FOSS-events. You could have met him at FOSDEM (Belgium) or CeBit (Germany).

Markus got started with Linux back in the SuSE 5.1 days, but his real Linux
life started with Xlinux 1.0 from a Golden Chip CD. He used that for several
years until he switched to LinuxFromScratch, since he was already compiling
most packages from scratch. After an OpenSSL update damaged his whole KDE
setup, he began looking for an alternative and ultimately found something
with an "automated" source build: Gentoo 1.2.

Around mid 2005, Jokey decided to help out with the heavily aging OpenLDAP
package as he wanted to get into the tree. After having fixed some 20 bugs
and sending various patches to Benjamin Smee[2], Benjamin mentored and lured
Markus down the path of dev-hood. Jokey is currently the Gentoo overlays
lead and sunrise lead. He also works in x86 and takes care of netmon, lcd
and OpenLDAP. Quite a busy bee right?

   2. [hidden email]

Markus' first apps are KDE, KVIRC, Thunderbird, Firefox, and gajim. He's
also a fan of Beryl as window manager to spice up his X-environment.

3. Gentoo developer moves


The following developers recently left the Gentoo project:

  * none this week


The following developers recently joined the Gentoo project:

  * Aggelos Orfanakos (agorf) Ruby/GWN teams
  * Christina Fullam (musikc) Developer Relations/GWN teams
  * Alistair John Bush (ali_bush) Java team


The following developers recently changed roles within the Gentoo project:

  * none this week

4. Gentoo security

xine-lib: Heap-based buffer overflow

xine-lib is vulnerable to a heap-based buffer overflow.

For more information, please see the GLSA Announcement[3]


Inkscape: Two format string vulnerabilities

Two format string vulnerabilities have been discovered in Inkscape, allowing
for user-assisted execution of arbitrary code.

For more information, please see the GLSA Announcement[4]


Vixie Cron: Denial of Service

The Gentoo implementation of Vixie Cron is vulnerable to a local Denial of

For more information, please see the GLSA Announcement[5]

   5. Multiple vulnerabilities

Multiple vulnerabilities have been discovered in, allowing
for remote execution of arbitrary code.

For more information, please see the GLSA Announcement[6]


File: Denial of Service

A vulnerability has been discovered in file allowing for a denial of

For more information, please see the GLSA Announcement[7]


FreeRADIUS: Denial of Service

A memory leak has been discovered in FreeRADIUS, possibly allowing for a
Denial of Service.

For more information, please see the GLSA Announcement[8]


MadWifi: Multiple vulnerabilities

Multiple vulnerabilities have been discovered in the MadWifi driver,
possibly leading to a Denial of Service and information disclosure.

For more information, please see the GLSA Announcement[9]


Aircrack-ng: Remote execution of arbitrary code

Aircrack-ng contains a buffer overflow that could lead to the remote
execution of arbitrary code with root privileges.

For more information, please see the GLSA Announcement[10]


3proxy: Buffer overflow

A vulnerability has been discovered in 3proxy allowing for the remote
execution of arbitrary code.

For more information, please see the GLSA Announcement[11]


Courier-IMAP: Remote execution of arbitrary code

A vulnerability has been discovered in Courier-IMAP allowing for remote code
execution with root privileges.

For more information, please see the GLSA Announcement[12]


5. Gentoo package moves

This section lists packages that have either been moved or added to the tree
and packages that have had their "last rites" announcement given to be
removed in the future. The package removals come from many locations,
including the Treecleaners[13] and various developers. Most packages which
are listed under the Last Rites section are in need of some love and care
and can remain in the tree if proper maintainership is established.



Package:                   Removal date: Contact:
media-gfx/plustek-parallel 16 Apr 2007   Patrick Kursawe[14]
app-editors/elisp-manual   18 Apr 2007   Ulrich Müller[15]
sci-electronics/modelsim   20 Apr 2007   Denis Dupeyron[16]
games-strategy/mylink      20 Apr 2007   Michael Sterrett[17]
games-puzzle/sdlvexed      20 Apr 2007   Michael Sterrett[17]
games-action/d1x           20 Apr 2007   Michael Sterrett[17]
app-crypt/aes-crypt        21 Apr 2007   Alon Bar-Lev[18]

  14. [hidden email]
  15. [hidden email]
  16. [hidden email]
  17. [hidden email]
  18. [hidden email]


Package:                      Addition date: Contact:
app-admin/eselect-emacs[19]   16 Apr 2007    Christian Faulhammer[20]
x11-misc/emacs-desktop[21]    16 Apr 2007    Christian Faulhammer[20]
net-misc/metacafe-dl[22]      16 Apr 2007    Aggelos Orfanakos[23]
sys-auth/pam_mktemp[24]       17 Apr 2007    Sven Wegener[25]
dev-php5/magickwand[26]       17 Apr 2007    Anant Narayanan[27]
dev-libs/stfl[28]             18 Apr 2007    Andrej Kacian[29]
dev-ruby/rubypants[30]        18 Apr 2007    Aggelos Orfanakos[23]
app-doc/elisp-manual[31]      18 Apr 2007    Ulrich Müller[15]
net-news/newsbeuter[32]       18 Apr 2007    Andrej Kacian[29]
media-libs/libdca[33]         18 Apr 2007    Alexis Ballier[34]
mail-filter/libdomainkeys[35] 18 Apr 2007    Colin Morey[36]
games-rpg/galaxymage[37]      19 Apr 2007    Alfredo Tupone[38]
dev-scheme/stklos[39]         19 Apr 2007    Marijn Schouten[40]
sci-astronomy/xfitsview[41]   19 Apr 2007    Sebastien Fabbro[42]
sys-apps/cciss_vol_status[43] 19 Apr 2007    Tony Vroon[44]
net-news/rsstail[45]          19 Apr 2007    Wulf Krueger[46]
dev-util/egypt[47]            19 Apr 2007    Mike Frysinger[48]
dev-ruby/htmlentities[49]     20 Apr 2007    Aggelos Orfanakos[23]
net-irc/znc[50]               20 Apr 2007    Raúl Porcel[51]
net-irc/sic[52]               20 Apr 2007    Raúl Porcel[51]
net-libs/telepathy-glib[53]   20 Apr 2007    Piotr Jaroszyński[54]
app-crypt/aesutil[55]         20 Apr 2007    Alon Bar-Lev[18]
sys-apps/pam_mount[56]        21 Apr 2007    Hanno Boeck[57]
games-arcade/xsfcave[58]      21 Apr 2007    Alfredo Tupone[38]
dev-java/jsap[59]             21 Apr 2007    Miroslav Šulc[60]
media-video/ttcut[61]         21 Apr 2007    Matthias Schwarzott[62]
dev-python/workingenv[63]     21 Apr 2007    Rob Cakebread[64]
media-sound/ttaenc[65]        22 Apr 2007    Samuli Suominen[66]

  15. [hidden email]
  18. [hidden email]
  20. [hidden email]
  23. [hidden email]
  25. [hidden email]
  27. [hidden email]
  29. [hidden email]
  34. [hidden email]
  36. [hidden email]
  38. [hidden email]
  40. [hidden email]
  42. [hidden email]
  44. [hidden email]
  46. [hidden email]
  48. [hidden email]
  51. [hidden email]
  54. [hidden email]
  57. [hidden email]
  60. [hidden email]
  62. [hidden email]
  64. [hidden email]
  66. [hidden email]

Last Rites:

Package:                             Removal date: Contact:
games-arcade/ddrmat[67]              16 May 2007   Chris Gianelloni[68]
net-dialup/slirp[69]                 17 May 2007   Alin Năstac[70]
media-gfx/graphicsmagick[71]         17 May 2007   Bryan Østergaard[72]
mail-client/claws-mail-maildir[73]   20 May 2007   Andrej Kacian[29]
app-emulation/vmware-gsx-console[74] 20 May 2007   Michael Sterrett[17]
dev-java/systray4j[75]               22 May 2007   Alistair Bush[76]
net-misc/tlsproxyd[77]               19 Jun 2007   Raúl Porcel[51]

  17. [hidden email]
  29. [hidden email]
  51. [hidden email]
  68. [hidden email]
  70. [hidden email]
  72. [hidden email]
  76. [hidden email]

6. Bugzilla


  * Statistics
  * Closed bug ranking
  * New bug rankings


The Gentoo community uses Bugzilla ([78]) to record and track
bugs, notifications, suggestions and other interactions with the development
team. Between 16 April 2007 and 22 April 2007, activity on the site has
resulted in:


  * 524 new bugs during this period
  * 320 bugs closed or resolved during this period
  * 16 previously closed bugs were reopened this period
  * 53 bugs marked as duplicates during this period

Of the 10066 currently open bugs: 14 are labeled 'blocker', 105 are labeled
'critical', and 369 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period

  * AMD64 Project[79], with 18 closed bugs[80]
  * Gentoo Linux Gnome Desktop Team[81], with 13 closed bugs[82]
  * GNU Emacs Herd[83], with 11 closed bugs[84]
  * Gentoo Security[85], with 9 closed bugs[86]
  * Gentoo Linux bug wranglers[87], with 9 closed bugs[88]
  * Gentoo's Team for Core System packages[89], with 8 closed bugs[90]
  * Karol Wojtaszek[91], with 7 closed bugs[92]
  * Gentoo KDE team[93], with 7 closed bugs[94]

  79. [hidden email]
  81. [hidden email]
  83. [hidden email]
  85. [hidden email]
  87. [hidden email]
  89. [hidden email]
  91. [hidden email]
  93. [hidden email]

New bug rankings

The developers and teams who have been assigned the most new bugs during
this period are:

  * Default Assignee for New Packages[95], with 27 new bugs[96]
  * Java team[97], with 11 new bugs[98]
  * AMD64 Project[79], with 8 new bugs[99]
  * Gentoo's Team for Core System packages[89], with 7 new bugs[100]
  * Gentoo Toolchain Maintainers[101], with 6 new bugs[102]
  * Gentoo Web Application Packages Maintainers[103], with 5 new
  * voip herd[105], with 5 new bugs[106]
  * Mobile Herd[107], with 5 new bugs[108]

  79. [hidden email]
  89. [hidden email]
  95. [hidden email]
  97. [hidden email]
 101. [hidden email]
 103. [hidden email]
 105. [hidden email]
 107. [hidden email]

7. GWN feedback

The GWN is staffed by volunteers and members of the community who submit
ideas and articles. If you are interested in writing for the GWN, have
feedback on an article that we have posted, or just have an idea or article
that you would like to submit to the GWN, please send us your feedback[109]
and help make the GWN better.

 109. [hidden email]

8. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email].

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email] from the e-mail address you are subscribed

9. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

  * Chinese (Simplified)[110]
  * Dutch[111]
  * English[112]
  * German[113]
  * Greek[114]
  * French[115]
  * Korean[116]
  * Japanese[117]
  * Italian[118]
  * Polish[119]
  * Portuguese (Brazil)[120]
  * Portuguese (Portugal)[121]
  * Russian[122]
  * Slovak[123]
  * Spanish[124]
  * Turkish[125]


Chris Gianelloni <[hidden email]> - Editor
Dimitry Bradt <[hidden email]> - Author
Chrissy Fullam <[hidden email]> - Author

[hidden email] mailing list