Gentoo Weekly Newsletter 26 March 2007

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 26 March 2007

Chris Gianelloni
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 26 March 2007.

1. Developer of the Week

Developer of the week: Daniel Drake (dsd)

Figure 1.1: Daniel Drake, aka dsd

Twenty year old Daniel Drake[1] is one of the Gentoo Linux kernel team and
is in the middle getting a Computer Science masters degree. He's studying at
the University of Manchester, UK, but this year, Daniel is doing an
industrial placement working for Brontes Technologies in the US. Brontes is
building a handheld 3D medical imaging device based on Gentoo Linux and
using some custom software. You can find info about them at

   1. [hidden email]

Daniel started using Linux around March 1999, but then suddenly dropped it.
In 2003, he started using it again and in 2004 he started developing. Gentoo
developer Seemant Kulleen[2] mentored him during that time. Although we all
know of Daniel's work as a kernel developer, he didn't actually start in the
Gentoo Linux kernel development team. Daniel used to develop GNOME and Mono,
which he still does when he finds the time. At the moment, Daniel is
handling 2.6 kernel bugs, kernel maintenance in Gentoo Linux and working on
2 projects: drivers for USB-WLAN adapters, and reverse engineering Microsoft
fingerprint scanning devices.

   2. [hidden email]

Daniel likes music a lot. His taste mostly revolves around non-mainstream
rock, such as The Beta Band, Mogwai and Soulwax. Though Daniel doesn't have
a lot of free time, he often enjoys his student life, by going out and
reading a good book. He also likes to go to conferences, and organized the
Gentoo UK event[3] last year.


When Daniel fires up his desktop, he uses: GNOME, vim, git, Mozilla Firefox,
audacious, Mozilla Thunderbird and irssi.

2. Gentoo International

Germany, Gentoo Village, Berlin

Instead of holding another Gentoo Summer Camp this year, there will be a
Gentoo Village at Chaos Communication Camp 2007[4]. The Chaos Communication
Camp is from 8 August to 12 August at Finow airport in Berlin. All Gentoo
users can camp together at the Gentoo Village, a small part of the camping
ground. If you need more details on the CCC you can look at the blog[5].
There is also a video[6] documentation of the CCC 2003 provided.


A program focusing on Gentoo is planned, but not yet ready. If you want to
contribute e.g held a speech, please write about it in the Wiki.


3. Gentoo developer moves


The following developers recently left the Gentoo project:

  * none this week


The following developers recently joined the Gentoo project:

  * Anant Narayanan (anant) PHP
  * Bernard Cafarelli (voyageur) NX
  * Antoine Raillon (cab) perl


The following developers recently changed roles within the Gentoo project:

  * none this week

4. Gentoo security

Note: Due to a mistake by the GWN staff, last week's security report was
empty. The report this week has last week's and this week's data.

Amarok: User-assisted remote execution of arbitrary code

The Magnatune component shipped with Amarok is vulnerable to the injection
of arbitrary shell code from a malicious Magnatune server.

For more information, please see the GLSA Announcement[7]


SILC Server: Denial of Service

SILC Server is affected by a Denial of Service vulnerability.

For more information, please see the GLSA Announcement[8]


SSH Communications Security's Secure Shell Server: SFTP privilege escalation

The SSH Secure Shell Server SFTP function is vulnerable to privilege

For more information, please see the GLSA Announcement[9]


Asterisk: SIP Denial of Service

Asterisk is vulnerable to Denial of Service in the SIP channel.

For more information, please see the GLSA Announcement[10]


PostgreSQL: Multiple vulnerabilities

PostgreSQL contains two vulnerabilities that could result in a Denial of
Service or unauthorized access to certain information.

For more information, please see the GLSA Announcement[11]


Apache JK Tomcat Connector: Remote execution of arbitrary code

The Apache Tomcat Connector (mod_jk) contains a buffer overflow
vulnerability that could result in the remote execution of arbitrary code.

For more information, please see the GLSA Announcement[12]


ulogd: Remote execution of arbitrary code

ulogd contains a possible buffer overflow potentially allowing for the
remote execution of arbitrary code.

For more information, please see the GLSA Announcement[13]


Mozilla Thunderbird: Multiple vulnerabilities

Multiple vulnerabilities have been reported in Mozilla Thunderbird, some of
which may allow user-assisted arbitrary remote code execution.

For more information, please see the GLSA Announcement[14]


LTSP: Authentication bypass in included LibVNCServer code

LTSP includes a version of libVNCServer that is vulnerable to an
authentication bypass.

For more information, please see the GLSA Announcement[15]


LSAT: Insecure temporary file creation

LSAT insecurely creates temporary files which can lead to symlink attacks
allowing a local user to overwrite arbitrary files.

For more information, please see the GLSA Announcement[16]


PHP: Multiple vulnerabilities

PHP contains several vulnerabilities including a heap buffer overflow,
potentially leading to the remote execution of arbitrary code under certain

For more information, please see the GLSA Announcement[17]


Mozilla Network Security Service: Remote execution of arbitrary code

The Mozilla Network Security Services libraries are vulnerable to two buffer
overflows that could result in the remote execution of arbitrary code.

For more information, please see the GLSA Announcement[18]


WordPress: Multiple vulnerabilities

Wordpress contains several cross-site scripting, cross-site request forgery
and information leak vulnerabilities.

For more information, please see the GLSA Announcement[19]


5. Gentoo package moves

This section lists packages that have either been moved or added to the tree
and packages that have had their "last rites" announcement given to be
removed in the future. The package removals come from many locations,
including the Treecleaners[20] and various developers. Most packages which
are listed under the Last Rites section are in need of some love and care
and can remain in the tree if proper maintainership is established.



Package:                             Removal date: Contact:
app-portage/emool                    19 Mar 2007   Simon Stelling[21]
www-client/mozilla                   19 Mar 2007   Raúl Porcel[22]
www-client/mozilla-bin               19 Mar 2007   Raúl Porcel[22]
games-fps/cube                       20 Mar 2007   Michael Sterrett[23]
media-sound/mute                     20 Mar 2007   Hanno Boeck[24]
games-emulation/mupen64-jttl_sound   20 Mar 2007   Tristan Heaven[25]
games-emulation/mupen64-glN64        20 Mar 2007   Tristan Heaven[25]
games-emulation/mupen64-blight-input 20 Mar 2007   Tristan Heaven[25]
xfce-extra/xfce4-artwork             22 Mar 2007   Samuli Suominen[26]
xfce-extra/xfce4-bglist-editor       22 Mar 2007   Samuli Suominen[26]
xfce-extra/xfce4-megahertz           22 Mar 2007   Samuli Suominen[26]
xfce-extra/xfce4-modemlights         22 Mar 2007   Samuli Suominen[26]
xfce-extra/xfce4-panelmenu           22 Mar 2007   Samuli Suominen[26]
xfce-extra/xfce4-websearch           22 Mar 2007   Samuli Suominen[26]
net-analyzer/netwatch                22 Mar 2007   Markus Ullmann[27]
media-libs/libhydrogen               24 Mar 2007   Stefan Schweizer[28]
media-video/xiron                    24 Mar 2007   Stefan Schweizer[28]
app-i18n/skkinput                    24 Mar 2007   Stefan Schweizer[28]
dev-perl/Text-ChaSen                 24 Mar 2007   Michael Cummings[29]

  21. [hidden email]
  22. [hidden email]
  23. [hidden email]
  24. [hidden email]
  25. [hidden email]
  26. [hidden email]
  27. [hidden email]
  28. [hidden email]
  29. [hidden email]


Package:                             Addition date: Contact:
sci-chemistry/bodr[30]               19 Mar 2007    Marcus D. Hanwell[31]
sci-mathematics/pspp[32]             19 Mar 2007    Sebastien Fabbro[33]
media-libs/libzzub[34]               20 Mar 2007    Hanno Boeck[24]
dev-python/pyzzub[35]                20 Mar 2007    Hanno Boeck[24]
media-sound/aldrin[36]               20 Mar 2007    Hanno Boeck[24]
dev-libs/libmowgli[37]               20 Mar 2007    Tony Vroon[38]
x11-misc/beryl-settings-bindings[39] 21 Mar 2007    Joshua Jackson[40]
x11-wm/aquamarine[41]                21 Mar 2007    Joshua Jackson[40]
sci-libs/arpack[42]                  22 Mar 2007    Sebastien Fabbro[33]
media-sound/shell-fm[43]             23 Mar 2007    Mike Kelly[44]
games-arcade/openbubbles[45]         24 Mar 2007    Alfredo Tupone[46]
gnome-base/libgnomekbd[47]           24 Mar 2007    Daniel Gryniewicz[48]
sys-devel/remake[49]                 24 Mar 2007    Mike Frysinger[50]
games-arcade/afternoonstalker[51]    24 Mar 2007    Alfredo Tupone[46]
dev-python/pp[52]                    24 Mar 2007    Tiziano Müller[53]
sys-auth/consolekit[54]              24 Mar 2007    Stephen Klimaszewski[55]
sci-geosciences/marble[56]           24 Mar 2007    Marcus D. Hanwell[31]
games-sports/toycars[57]             25 Mar 2007    Alfredo Tupone[46]
xfce-base/libxfce4menu[58]           25 Mar 2007    Samuli Suominen[26]
media-video/gtk-recordmydesktop[59]  25 Mar 2007    Alexis Ballier[60]
dev-java/bcmail[61]                  25 Mar 2007    William Thomson[62]

  24. [hidden email]
  26. [hidden email]
  31. [hidden email]
  33. [hidden email]
  38. [hidden email]
  40. [hidden email]
  44. [hidden email]
  46. [hidden email]
  48. [hidden email]
  50. [hidden email]
  53. [hidden email]
  55. [hidden email]
  60. [hidden email]
  62. [hidden email]

Last Rites:

Package:                              Removal date: Contact:
media-libs/hermes[63]                 19 Apr 2007   Michael Sterrett[23]
games-sports/trophy[64]               19 Apr 2007   Michael Sterrett[23]
games-action/clanbomber[65]           19 Apr 2007   Michael Sterrett[23]
games-puzzle/pingus[66]               19 Apr 2007   Michael Sterrett[23]
games-strategy/mylink[67]             21 Apr 2007   Michael Sterrett[23]
xfce-extra/xfce4-windowlist[68]       23 Apr 2007   Samuli Suominen[26]
xfce-extra/xfce4-showdesktop[69]      23 Apr 2007   Samuli Suominen[26]
xfce-extra/xfce4-taskbar[70]          23 Apr 2007   Samuli Suominen[26]
xfce-extra/xfce4-minicmd[71]          23 Apr 2007   Samuli Suominen[26]
xfce-extra/xfce4-iconbox[72]          23 Apr 2007   Samuli Suominen[26]
xfce-extra/xfce4-trigger-launcher[73] 23 Apr 2007   Samuli Suominen[26]
xfce-extra/xfce4-systray[74]          23 Apr 2007   Samuli Suominen[26]
xfce-extra/xfce4-toys[75]             23 Apr 2007   Samuli Suominen[26]
x11-libs/libzvt[76]                   24 Apr 2007   Stefan Schweizer[28]
app-admin/gnomesu[77]                 24 Apr 2007   Stefan Schweizer[28]
app-admin/xsu2[78]                    24 Apr 2007   Stefan Schweizer[28]
x11-misc/root-portal[79]              24 Apr 2007   Stefan Schweizer[28]
media-video/spca5xx[80]               24 Apr 2007   Mike Doty[81]
media-video/gspca[82]                 24 Apr 2007   Mike Doty[81]
virtual/x11[83]                       25 Apr 2007   Stefan Schweizer[28]

  23. [hidden email]
  26. [hidden email]
  28. [hidden email]
  81. [hidden email]

6. Bugzilla


  * Statistics
  * Closed bug ranking
  * New bug rankings


The Gentoo community uses Bugzilla ([84]) to record and track
bugs, notifications, suggestions and other interactions with the development
team. Between 18 March 2007 and 25 March 2007, activity on the site has
resulted in:


  * 552 new bugs during this period
  * 372 bugs closed or resolved during this period
  * 18 previously closed bugs were reopened this period
  * 80 bugs marked as duplicates during this period

Of the 10246 currently open bugs: 17 are labeled 'blocker', 102 are labeled
'critical', and 403 are labeled 'major'.

Closed bug rankings

The developers and teams who have closed the most bugs during this period

  * Gentoo Developer Relations Team[85], with 32 closed bugs[86]
  * Gentoo for Mac OS X[87], with 25 closed bugs[88]
  * Gentoo KDE team[89], with 14 closed bugs[90]
  * Gentoo Games[91], with 14 closed bugs[92]
  * media-video herd[93], with 13 closed bugs[94]
  * Camille Huot[95], with 12 closed bugs[96]
  * Gentoo's Team for Core System packages[97], with 12 closed bugs[98]
  * PHP Bugs[99], with 10 closed bugs[100]

  85. [hidden email]
  87. [hidden email]
  89. [hidden email]
  91. [hidden email]
  93. [hidden email]
  95. [hidden email]
  97. [hidden email]
  99. [hidden email]

New bug rankings

The developers and teams who have been assigned the most new bugs during
this period are:

  * Default Assignee for New Packages[101], with 15 new bugs[102]
  * AMD64 Project[103], with 12 new bugs[104]
  * Gentoo Games[91], with 9 new bugs[105]
  * Luis Medinas[106], with 7 new bugs[107]
  * Gentoo Linux Gnome Desktop Team[108], with 6 new bugs[109]
  * mips team[110], with 5 new bugs[111]
  * Gentoo KDE team[89], with 5 new bugs[112]
  * media-video herd[93], with 4 new bugs[113]

  89. [hidden email]
  91. [hidden email]
  93. [hidden email]
 101. [hidden email]
 103. [hidden email]
 106. [hidden email]
 108. [hidden email]
 110. [hidden email]

7. GWN feedback

The GWN is staffed by volunteers and members of the community who submit
ideas and articles. If you are interested in writing for the GWN, have
feedback on an article that we have posted, or just have an idea or article
that you would like to submit to the GWN, please send us your feedback[114]
and help make the GWN better.

 114. [hidden email]

8. GWN subscription information

To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email].

To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email] from the e-mail address you are subscribed

9. Other languages

The Gentoo Weekly Newsletter is also available in the following languages:

  * Chinese (Simplified)[115]
  * Dutch[116]
  * English[117]
  * German[118]
  * Greek[119]
  * French[120]
  * Korean[121]
  * Japanese[122]
  * Italian[123]
  * Polish[124]
  * Portuguese (Brazil)[125]
  * Portuguese (Portugal)[126]
  * Russian[127]
  * Slovak[128]
  * Spanish[129]
  * Turkish[130]


Chris Gianelloni <[hidden email]> - Editor
Dimitry Bradt <[hidden email]> - Author
Uwe Hoelzel <[hidden email]> - Author

[hidden email] mailing list