Gentoo Weekly Newsletter 24 April 2006

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 24 April 2006

Ulrich Plate
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 24 April 2006.
1. Gentoo news
Major OpenLDAP upgrade ahead
OpenLDAP Version 2.3 will be unmasked during this week. There are many new
features and some incompatibilities:
 * The slurpd sync method has been deprecated in favour of syncrepl
 * Existing databases need to be manually upgraded or they may get
trashed, instructions can be found in the ebuilds.
 * Although the libraries from 2.1 or 2.2 are kept if installed, a
revdep-rebuild is highly recommended
 * The dbm backend has been deprecated and is already removed in new
upstream version (2.4alpha), migrating to a different backend (bdb or hdb)
is recommended.
Subforums layout for
Subforums have been in use on for a while now, but
before creating further subforums we are looking to see if the layout
could be improved. There are some alternative layout proposals and the
forums team would like to get some input on what people prefer. A
thread[1] showing some examples of possible implementations including a
poll has been set up on the forums. Please take some time to review them,
vote and/or comment on them.

2. Heard in the community
Web forums
Gentoo Forums Improvements
Since the last upgrade of the Gentoo Forums announced in the GWN of the
previous week, the internationalization of the Gentoo Forums continues,
with even more languages translated, as well as many more parts that until
now were in English. Apart from that, some security enhancements and
restrictions have been incorporated into the current stable version of the
Gentoo Forums. Finally, a very significant bug that was affecting the
moderators was finally dispatched. You can see the full update log if you
follow the appropiate link below.
 * Gentoo Forums Improvements[2]
 * Merging threads while others reply breaks[3]

Is Gentoo more expensive than Red Hat?
One of our users, drakkan[4], who has been a fellow Gentoo User for over
two years, explains that he is afraid that it is more expensive to
maintain Gentoo servers than Red Hat ones. Two important reasons are the
constant need of recompilation of packages which takes some time, but also
the change in configuration files. Find out more about this in the thread

 * Is gentoo more expensive than red hat?[5]

Documentation, Tips & Tricks: Trackball configuration in modular xorg
davidgurvich[6] has started a very nice tricks thread where he explains
that there is no longer any need to use xmodmap with xorg-x11 7 to modify
which buttons point where as there seems to be a new option for that
within xorg.conf, "ButtonMapping". Get into the discussion and read more
about this topic in the thread below.

 * Trackball configuration in modular xorg[7]

Automatically killing invalid CFLAGS/warning about bad CFLAGS
The AMD64 team has been testing an addition to the profile.bashrc that
filters CFLAGS that are unrecognized by gcc. As it seems to work quite
well it could be implemented globally to reduce the number of bugs and
errors due to bad CFLAGS, potentially at the cost of flexibility.
 * automatically killing invalid CFLAGS/warning about bad CFLAGS [8]

Enroll users for testing packages
In the quest for better testing of packages Eldad Zack[9] proposes to
allow users to give more feedback on testing packages. The Arch Tester
program tries to fill that niche, but it is still hard for users to get
involved without spending too much of their time for Gentoo.

 9. [hidden email]
 * enroll users for testing packages [10]

Gentoo theming during bootup
In one of the bigger threads of the last weeks Donnie Berkholz[11] asks
for some help in creating an easy-to-install Gentoo theme for bootup. From
this start the thread goes into a heated debate on branding - should
Gentoo offer things as they are shipped by upstream or patch them to have
a Gentoo look?

 11. [hidden email]
 * Gentoo theming during bootup [12]

3. Gentoo in the press
Gentoo Wiki (23 April 2006)
Steve Dibb has written a nice Howto on dynamic DNS to point to a host
residing anywhere on a DSL or other access line with changing IP
addresses. Hosted on the inofficial Gentoo Wiki, the article[13] goes into
great detail explaining the entire process, from registering a domain name
to using the services of a dynamic domain name resolver -- EveryDNS in his
example -- to follow an ISP's dynamic IP address allocation.

4. Gentoo developer moves
The following developers recently left the Gentoo project:
 * None this week
The following developers recently joined the Gentoo project:
 * Thilo Bangert (bangert) - net-mail herd
The following developers recently changed roles within the Gentoo project:
 * Denis Dupeyron (calchan) - joined the embedded herd
5. Gentoo Security
libapreq2: Denial of Service vulnerability
A vulnerability has been reported in libapreq2 which could lead to a
Denial of Service.
For more information, please see the GLSA Announcement[14]

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
Cyrus-SASL contains a vulnerability in the DIGEST-MD5 process that could
lead to a Denial of Service.
For more information, please see the GLSA Announcement[15]

zgv, xzgv: Heap overflow
xzgv and zgv attempt to decode JPEG images within the CMYK/YCCK colour
space incorrectly, potentially resulting in the execution of arbitrary
For more information, please see the GLSA Announcement[16]

Crossfire server: Denial of Service and potential arbitrary code execution
The Crossfire game server is vulnerable to a Denial of Service and
potentially to the execution of arbitrary code.
For more information, please see the GLSA Announcement[17]

Mozilla Firefox: Multiple vulnerabilities
Several vulnerabilities in Mozilla Firefox allow attacks ranging from
execution of script code with elevated privileges to information leaks.
For more information, please see the GLSA Announcement[18]

fbida: Insecure temporary file creation
fbida is vulnerable to linking attacks, potentially allowing a local user
to overwrite arbitrary files.
For more information, please see the GLSA Announcement[19]

Dia: Arbitrary code execution through XFig import
Buffer overflows in Dia's XFig import could allow remote attackers to
execute arbitrary code.
For more information, please see the GLSA Announcement[20]

6. Bugzilla
The Gentoo community uses Bugzilla ([21]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 16 April 2006 and 23 April 2006, activity on the
site has resulted in:

 * 799 new bugs during this period
 * 470 bugs closed or resolved during this period
 * 38 previously closed bugs were reopened this period
Of the 9766 currently open bugs: 60 are labeled 'blocker', 144 are labeled
'critical', and 520 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period
 * Gentoo KDE team[22], with 26 closed bugs[23]  
 * Gentoo's Team for Core System packages[24], with 23 closed bugs[25]  
 * Gentoo Games[26], with 22 closed bugs[27]  
 * Portage team[28], with 22 closed bugs[29]  
 * media-video herd[30], with 18 closed bugs[31]  
 * Gentoo Toolchain Maintainers[32], with 17 closed bugs[33]  
 * Gentoo Linux Gnome Desktop Team[34], with 17 closed bugs[35]  
 * Gentoo Security[36], with 16 closed bugs[37]  
 22. [hidden email]
 24. [hidden email]
 26. [hidden email]
 28. [hidden email]
 30. [hidden email]
 32. [hidden email]
 34. [hidden email]
 36. [hidden email]

New bug rankings
The developers and teams who have been assigned the most new bugs during
this period are:
 * Default Assignee for New Packages[38], with 27 new bugs[39]  
 * AMD64 Project[40], with 12 new bugs[41]  
 * Jon Hood[42], with 10 new bugs[43]  
 * media-video herd[44], with 10 new bugs[45]  
 * Default Assignee for Orphaned Packages[46], with 9 new bugs[47]  
 * Gentoo KDE team[48], with 9 new bugs[49]  
 * SpanKY[50], with 7 new bugs[51]  
 * Gentoo Games[52], with 7 new bugs[53]  
 38. [hidden email]
 40. [hidden email]
 42. [hidden email]
 44. [hidden email]
 46. [hidden email]
 48. [hidden email]
 50. [hidden email]
 52. [hidden email]

7. GWN feedback
Please send us your feedback[54] and help make the GWN better.

 54. [hidden email]
8. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email].
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email] from the e-mail address you are
subscribed under.
9. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[55]  
 * Dutch[56]  
 * English[57]  
 * German[58]  
 * French[59]  
 * Korean[60]  
 * Japanese[61]  
 * Italian[62]  
 * Polish[63]  
 * Portuguese (Brazil)[64]  
 * Portuguese (Portugal)[65]  
 * Russian[66]  
 * Spanish[67]  
 * Turkish[68]  

Ulrich Plate <[hidden email]> - Editor
Ioannis Aslanidis <[hidden email]> - Author
Wernfried Haas <[hidden email]> - Author
Patrick Lauer <[hidden email]> - Author
Markus Ullmann <[hidden email]> - Author

[hidden email] mailing list