Gentoo Weekly Newsletter 8 May 2006

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Gentoo Weekly Newsletter 8 May 2006

Ulrich Plate
Gentoo Weekly Newsletter
This is the Gentoo Weekly Newsletter for the week of 8 May 2006.
1. Gentoo news
Improved Ada support in Portage - split ebuilds for gnat
"New generation" dev-ada/gnat-xxx compilers are now in Portage. They
follow the upstream more closely (now you get gnat-gcc to follow FSF's
in-gcc sources, and gnat-gpl to represent "official" AdaCore's code).
toolchain.eclass procedures are also more closely observed, allowing for
better integration with system gcc and better multilib support, and the
new compilers are properly SLOTted and can be installed in parallel (so
that you can have gnat-gcc-3.4.6, gnat-gcc-4.1.0 and gnat-gpl-
installed all at once). The selection of the active gnat is performed via
an eselect-gnat module in the usual manner. Work is under way to enhance
support for Ada libraries, so that they are built for each installed gnat
and can be switched on the fly. Anybody interested in helping is cordially
invited to visit the corresponding bug[1]. This includes a call for a
long-term Ada maintainer, too. Actual support work should be relatively
easy now that the transition itself is over, but candidates should be able
to make sense of the gnatbuild.eclass, gnat.eclass and toolchain.eclass
(and related), in addition, of course, to generally know your way around
ebuilds. Contact George Shapovalov[2] if you're interested.

 2. [hidden email]
Gnome 2.14 in Portage
GNOME 2.14 came out of package.mask this weekend. The tracker bug is
located at bug #119872[3]. Highlights of the release include performance
boosts and improvements to various applications and routines, and can be
found at the Gnome website[4]. If you have any problems upgrading, please
search bugzilla[5] or wander into #gentoo-desktop on

2. Heard in the community
Joshua Jackson[6] starts a discussion on the heritage and the historic
"symbols" of Gentoo - Larry the Cow, the floating alien guy and so on. In
the website redesign some of these have been removed. Should we keep these
leftovers from the old times or should we move on?

 6. [hidden email]
 * Heritage [7]

coldplug and hotplug
Our baselayout magician Roy Marples[8] started a discussion on the
behaviour of hotplug and coldplug - coldplug events can be limited via the
RC_COLDPLUG variable while hotplug does not. To unify this he proposed a
few changes, but then the discussion drifted away to problems with udev
and coldplug: Some users report problems with newer udev versions
automatically loading drivers and want to be able to completely disable
this behaviour.

 8. [hidden email]
 * Coldplug and hotplug [9]

Having fun with compression
As an experiment to see if distfile downloads could be shrunk Patrick
Lauer[10] did some tests converting from gzip to bzip2 and 7zip formats.
Over 15GB of .tar.gz files got converted in this experiment, showing on
average about 15% space reduction. While it is not practical to "just
convert" all files and no comparison of CPU usage has been done it is
nevertheless an interesting perspective for people with slower internet

 10. [hidden email]
 * Having fun with compression [11]

3. Gentoo international
Germany: asks 'Are you Gentoo?'
Inspired by a code-snippet posted by Forums moderator slick[12], the
German not-for-profit association created a quiz on their community-site,
asking "Are you Gentoo?[13]" The survey contains 20 questions, some of
them easy to answer, some tricky ones and some questions which need a
solid understanding of Gentoo's basics. Everyone who answers all 20
questions correctly can take part in a raffle where the 'Friends of Gentoo
e.V.' offer three prizes, including a Gentoo shirt and mousepad. If your
German is up to the task, take the challenge and solve the quiz[14].

4. Gentoo in the press
Desktop Linux (2 May 2006)
Desktop Linux finds two articles in other online magazines make for
"interesting reading," reads them for us and quotes a few highlights.
We're left with the choice of reading the original articles at[15] (an enthusiastic post-release 2006.0 review) and Linux
Watch[16] (Steven Vaughn-Nichols' slightly more downbeat assessment that
'Gentoo is not for everyone'), or be content with what we find at Desktop
Linux. Either way is just fine -- it'll stay within the range of Ziff
Davies Holding publications, anyway.

Desktop Linux (2 May 2006)
SystemRescueCD's new version released last week made the news at Desktop
Linux[17] on the same day as the press clippings for Gentoo Linux 2006.0
mentioned just above. The French project[18] provides a save-and-rescue
Linux environment -- based on Gentoo -- with everything on board you might
need for a system recovery, but also for administrative tasks like
partitioning harddrives with QtParted, claims the announcement.

Distrowatch (3 May 2006)
Yet another distribution based on Gentoo, this one specializing in 64bit
systems: Distrowatch reports[19] about the latest release of RR64,
probably because it's a full LiveDVD with Gnome and Xgl and whatnot
inside. Fabio Erculiani's Italian Gentoo flavour, the RR series[20] was
featured in the GWN[21] before.

5. Gentoo developer moves
The following developers recently left the Gentoo project:
 * Daniel Goller
The following developers recently joined the Gentoo project:
 * Mike Auty (ikelos) - VMware
 * Jon Hood (squinky86) - net-p2p, accessibility
The following developers recently changed roles within the Gentoo project:
 * Ferris McCormick (fmccor) - retired as developer relations lead
 * Jon Portnoy (avenj) - new devrel co-lead
6. Gentoo Security
MPlayer: Heap-based buffer overflow
MPlayer contains multiple integer overflows that may lead to a heap-based
buffer overflow.
For more information, please see the GLSA Announcement[22]

X.Org: Buffer overflow in XRender extension
A buffer overflow in the XRender extension potentially allows any X.Org
user to execute arbitrary code with elevated privileges.
For more information, please see the GLSA Announcement[23]

ClamAV: Buffer overflow in Freshclam
Freshclam is vulnerable to a buffer overflow that could lead to execution
of arbitrary code.
For more information, please see the GLSA Announcement[24]

phpWebSite: Local file inclusion
Remote attackers can include local files which may lead to the execution
of arbitrary code.
For more information, please see the GLSA Announcement[25]

rsync: Potential integer overflow
An attacker having write access to an rsync module might be able to
execute arbitrary code on an rsync server.
For more information, please see the GLSA Announcement[26]

Mozilla Firefox: Potential remote code execution
The Mozilla Firefox 1.5 line is vulnerable to a buffer overflow in the
JavaScript extension which may in theory lead to remote execution of
arbitrary code.
For more information, please see the GLSA Announcement[27]

Nagios: Buffer overflow
Nagios is vulnerable to a buffer overflow which may lead to remote
execution of arbitrary code.
For more information, please see the GLSA Announcement[28]

7. Bugzilla
The Gentoo community uses Bugzilla ([29]) to record and
track bugs, notifications, suggestions and other interactions with the
development team. Between 30 April 2006 and 07 May 2006, activity on the
site has resulted in:

 * 771 new bugs during this period
 * 396 bugs closed or resolved during this period
 * 35 previously closed bugs were reopened this period
Of the 9947 currently open bugs: 60 are labeled 'blocker', 143 are labeled
'critical', and 529 are labeled 'major'.
Closed bug rankings
The developers and teams who have closed the most bugs during this period
 * Gentoo Games[30], with 24 closed bugs[31]  
 * Gentoo KDE team[32], with 19 closed bugs[33]  
 * Gentoo Security[34], with 18 closed bugs[35]  
 * Gentoo's Team for Core System packages[36], with 17 closed bugs[37]  
 * AMD64 Project[38], with 17 closed bugs[39]  
 * Portage team[40], with 11 closed bugs[41]  
 * Gentoo Toolchain Maintainers[42], with 9 closed bugs[43]  
 * Gentoo Linux Gnome Desktop Team[44], with 9 closed bugs[45]  
 30. [hidden email]
 32. [hidden email]
 34. [hidden email]
 36. [hidden email]
 38. [hidden email]
 40. [hidden email]
 42. [hidden email]
 44. [hidden email]

New bug rankings
The developers and teams who have been assigned the most new bugs during
this period are:
 * Default Assignee for New Packages[46], with 28 new bugs[47]  
 * Default Assignee for Orphaned Packages[48], with 15 new bugs[49]  
 * AMD64 Project[50], with 12 new bugs[51]  
 * Gentoo Sound Team[52], with 11 new bugs[53]  
 * Gentoo X-windows packagers[54], with 10 new bugs[55]  
 * Gentoo Linux Gnome Desktop Team[56], with 8 new bugs[57]  
 * Gentoo Kernel Bug Wranglers and Kernel Maintainers[58], with 6 new
 * Gentoo Science Related Packages[60], with 5 new bugs[61]  
 46. [hidden email]
 48. [hidden email]
 50. [hidden email]
 52. [hidden email]
 54. [hidden email]
 56. [hidden email]
 58. [hidden email]
 60. [hidden email]

8. GWN feedback
Please send us your feedback[62] and help make the GWN better.

 62. [hidden email]
9. GWN subscription information
To subscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email].
To unsubscribe to the Gentoo Weekly Newsletter, send a blank e-mail to
[hidden email] from the e-mail address you are
subscribed under.
10. Other languages
The Gentoo Weekly Newsletter is also available in the following languages:
 * Danish[63]  
 * Dutch[64]  
 * English[65]  
 * German[66]  
 * French[67]  
 * Korean[68]  
 * Japanese[69]  
 * Italian[70]  
 * Polish[71]  
 * Portuguese (Brazil)[72]  
 * Portuguese (Portugal)[73]  
 * Russian[74]  
 * Spanish[75]  
 * Turkish[76]  

Ulrich Plate <[hidden email]> - Editor
John N. Laliberte <[hidden email]> - Author
Patrick Lauer <[hidden email]> - Author
Tobias Scherbaum <[hidden email]> - Author
George Shapovalov <[hidden email]> - Author

[hidden email] mailing list