Debian Weekly News - October 11th, 2005
---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2005/41/
Debian Weekly News - October 11th, 2005
---------------------------------------------------------------------------
Welcome to this year's 41st issue of DWN, the weekly newsletter for
the Debian community. The Georgia Tech Marine Robotics Group has built
an underwater [1]vehicle with Debian as the [2]base operating
system. Matt LaPlante started a [3]series of articles that describe
the set up and configuration of a firewall based on Debian, including
DHCP, DNS, proxy services and dynamic DNS.
1. http://cyberbuzz.gatech.edu/underwater/
2. http://cyberbuzz.gatech.edu/underwater/software.htm
3. http://www.cyberdogtech.com/firewalls/
Debian Security Infrastructure. The Debian project [4]announced that
the security network has been improved by splitting off the public
frontend to a new [5]host. This was a required step after an
[6]advisory recently caused the outgoing bandwidth of the old server
to be totally [7]saturated. Two more were [8]added afterward.
4. http://www.debian.org/News/2005/20051004
5. http://lists.debian.org/debian-news/debian-news-2005/msg00047.html
6. http://www.debian.org/security/2005/dsa-816
7. http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00206.html
8. http://www.infodrom.org/~joey/log/?200510050938
Dealing with Wiki Spam. Carlos Parra Camargo [9]noticed that several
pages in the old [10]Wiki were defaced by a user and restored to the
last revision. Riku Vopio [11]pointed to the [12]instructions on
dealing with spam in the Wiki.
9. http://lists.debian.org/debian-devel/2005/09/msg00604.html
10. http://wiki.debian.net/
11. http://lists.debian.org/debian-devel/2005/09/msg00607.html
12. http://wiki.debian.org/?DealingWithSpam
Security Updates for Mozilla and Friends. With [13]DSA 810 the
security team announced that security problems in Mozilla, Firefox,
Galeon and Thunderbird have to be fixed by more or less using the new
upstream version but [14]keeping the old version number. Thanks to the
work done by Eric Dorland and Alexander Sack this hasn't caused the
problems yet that were already anticipated.
13. http://www.debian.org/security/2005/dsa-810
14. http://lists.debian.org/debian-devel/2005/09/msg00632.html
Reviving the Debian FAQ. Javier Fernández-Sanguino Peña [15]called for
help with maintaining the [16]Debian FAQ. Together with Santiago Vila
he has cleaned up a lot of sections, but more improvements are
required. Osamu Aoki [17]added that the scope of the FAQ should be
limited to brief answers and defer to other documents for the details.
15. http://lists.debian.org/debian-devel/2005/09/msg00667.html
16. http://www.debian.org/doc/FAQ/
17. http://lists.debian.org/debian-devel/2005/09/msg01122.html
Cross-Chroot Account Information. Rob Browning [18]wondered how to
configure multiple chroot environments so that the account databases
will stay synchronous to the host system. An [19]LDAP backend as well
as [20]schroot and [21]bind mounts were mentioned. Daniel Jacobowitz
[22]pointed to his [23]shadow etc effort implemented with help of
fuse, the filesystem in userspace.
18. http://lists.debian.org/debian-devel/2005/09/msg00716.html
19. http://lists.debian.org/debian-devel/2005/09/msg00734.html
20. http://lists.debian.org/debian-devel/2005/09/msg00763.html
21. http://lists.debian.org/debian-devel/2005/09/msg00737.html
22. http://lists.debian.org/debian-devel/2005/09/msg00868.html
23. http://return.false.org/~drow/fuse/
Maintaining local Debian Patches. Sylvain Beucler [24]wondered if
there was a mechanism to keep local patches applied to Debian packages
even upon an upgrade. Francesco Lovergine [25]pointed him to
[26]apt-src that is able to take over part of the job. Paul Hampson
[27]explained that using a sane version number will stop [28]apt-get
from updating the package from the Debian source.
24. http://lists.debian.org/debian-devel/2005/09/msg00802.html
25. http://lists.debian.org/debian-devel/2005/09/msg00803.html
26. http://packages.debian.org/apt-src
27. http://lists.debian.org/debian-devel/2005/09/msg01072.html
28. http://packages.debian.org/apt
Hotplug Blacklists obsolete. Marco d'Itri [29]reported that the new
hotplug and coldplug subsystem that has been integrated into [30]udev
cannot handle the former blacklisting of modules anymore but only its
own. He later [31]added that he has implemented support for
user-supplied files in /etc/hotplug/blacklist.d/ in modprobe.
29. http://lists.debian.org/debian-devel/2005/09/msg00830.html
30. http://packages.debian.org/udev
31. http://lists.debian.org/debian-devel/2005/09/msg01311.html
Big Endian ARM Port. Lennert Buytenhek [32]announced the [33]intention
to work on a big endian ARM port for consumer devices such as the
Linksys NSLU2 or Synology DS101. Wouter Verhelst [34]offered his help
with maintaining a build daemon within the secondary buildd
[35]network.
32. http://lists.debian.org/debian-devel/2005/09/msg00860.html
33. http://lists.debian.org/debian-arm/2005/08/msg00011.html
34. http://lists.debian.org/debian-devel/2005/09/msg01051.html
35. http://experimental.buildd.net/
Linux Documentation Project License. Francesco Poli [36]discussed the
freeness of the Linux Documentation Project License version 2. Matthew
Garrett [37]responded positively and pointed out that only the so
called dissident test is a problem since the person who is making
modifications needs to be identified.
36. http://lists.debian.org/debian-legal/2005/09/msg00503.html
37. http://lists.debian.org/debian-legal/2005/09/msg00504.html
Debian Linux Kernel Handbook. Jurij Smakov et al. have published the
Debian Linux kernel [38]handbook which will help in documenting the
internals of the Debian Linux kernel build process. The document is
still work in progress with a lot of sections missing, but it's a
giant step in the right direction.
38. http://kernel-handbook.alioth.debian.org/
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* DSA 843: [39]arc -- Insecure temporary files.
* DSA 844: [40]mod-auth-shadow -- Authentication bypass.
* DSA 845: [41]mason -- Missing init script.
* DSA 846: [42]cpio -- Several vulnerabilities.
* DSA 847: [43]dia -- Arbitrary code execution.
* DSA 848: [44]masqmail -- Several vulnerabilities.
* DSA 849: [45]shorewall -- Firewall bypass.
* DSA 850: [46]tcpdump -- Denial of service.
* DSA 851: [47]openvpn -- Denial of service.
* DSA 852: [48]up-imapproxy -- Arbitrary code execution.
* DSA 853: [49]ethereal -- Several vulnerabilities.
* DSA 854: [50]tcpdump -- Denial of service.
* DSA 855: [51]weex -- Arbitrary code execution.
* DSA 855: [52]weex -- Arbitrary code execution.
* DSA 856: [53]py2play -- Arbitrary code execution.
* DSA 857: [54]graphviz -- Insecure temporary file.
* DSA 858: [55]xloadimage -- Arbitrary code execution.
* DSA 859: [56]xli -- Arbitrary code execution.
* DSA 860: [57]ruby -- Safety bypass.
* DSA 861: [58]uw-imap -- Arbitrary code execution.
* DSA 862: [59]ruby1.6 -- Safety bypass.
39. http://www.debian.org/security/2005/dsa-843
40. http://www.debian.org/security/2005/dsa-844
41. http://www.debian.org/security/2005/dsa-845
42. http://www.debian.org/security/2005/dsa-846
43. http://www.debian.org/security/2005/dsa-847
44. http://www.debian.org/security/2005/dsa-848
45. http://www.debian.org/security/2005/dsa-849
46. http://www.debian.org/security/2005/dsa-850
47. http://www.debian.org/security/2005/dsa-851
48. http://www.debian.org/security/2005/dsa-852
49. http://www.debian.org/security/2005/dsa-853
50. http://www.debian.org/security/2005/dsa-854
51. http://www.debian.org/security/2005/dsa-855
52. http://www.debian.org/security/2005/dsa-855
53. http://www.debian.org/security/2005/dsa-856
54. http://www.debian.org/security/2005/dsa-857
55. http://www.debian.org/security/2005/dsa-858
56. http://www.debian.org/security/2005/dsa-859
57. http://www.debian.org/security/2005/dsa-860
58. http://www.debian.org/security/2005/dsa-861
59. http://www.debian.org/security/2005/dsa-862
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive [60]recently or contain important updates.
60. http://packages.debian.org/unstable/newpkg_main
* [61]connect-proxy -- Establish TCP connection using SOCKS4/5 and
HTTP tunnel.
* [62]dangen -- Shoot 'em up game where accurate shooting matters.
* [63]fruit -- Chess engine, to calculates chess moves.
* [64]gtkhtml3.8 -- HTML rendering/editing library - bonobo
component binary.
* [65]japitools -- Java API compatibility testing tools.
* [66]keurocalc -- Universal currency converter and calculator.
* [67]lprof -- Hardware Color Profiler.
* [68]mozilla-biofox -- Extension of bioinformatics tools to Mozilla
and Firefox browsers.
* [69]tilda -- Terminal with first person shooter console likeness.
* [70]wmii -- Lightweight tabbed and tiled X11 window manager.
61. http://packages.debian.org/unstable/net/connect-proxy
62. http://packages.debian.org/unstable/games/dangen
63. http://packages.debian.org/unstable/games/fruit
64. http://packages.debian.org/unstable/gnome/gtkhtml3.8
65. http://packages.debian.org/unstable/devel/japitools
66. http://packages.debian.org/unstable/kde/keurocalc
67. http://packages.debian.org/unstable/graphics/lprof
68. http://packages.debian.org/unstable/science/mozilla-biofox
69. http://packages.debian.org/unstable/x11/tilda
70. http://packages.debian.org/unstable/x11/wmii
Orphaned Packages. 9 packages were orphaned this week and require a
new maintainer. This makes a total of 200 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the [71]WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.
71. http://www.debian.org/devel/wnpp/
* [72]heaplayers -- High-performance memory allocators.
([73]Bug#332536)
* [74]libend-perl -- Generalized END {}. ([75]Bug#333186)
* [76]libhoard -- Fast memory allocation library. ([77]Bug#332538)
* [78]libhtml-table-perl -- Perl module for creating HTML tables.
([79]Bug#333188)
* [80]libintl-perl -- Uniforum message translations system
compatible i18n library. ([81]Bug#333190)
* [82]libnews-nntpclient-perl -- News::NNTPClient, Perl support for
accessing NNTP servers. ([83]Bug#333192)
* [84]libperlmenu-perl -- Menu and Template (curses-based) UI for
Perl. ([85]Bug#333193)
* [86]libterm-prompt-perl -- Perl extension for prompting a user for
information. ([87]Bug#333194)
* [88]libtest-reporter-perl -- Sends test results to
cpan-testers@perl.org. ([89]Bug#333195)
72. http://packages.debian.org/unstable/libdevel/heaplayers
73. http://bugs.debian.org/332536
74. http://packages.debian.org/unstable/perl/libend-perl
75. http://bugs.debian.org/333186
76. http://packages.debian.org/unstable/libs/libhoard
77. http://bugs.debian.org/332538
78. http://packages.debian.org/unstable/perl/libhtml-table-perl
79. http://bugs.debian.org/333188
80. http://packages.debian.org/unstable/perl/libintl-perl
81. http://bugs.debian.org/333190
82. http://packages.debian.org/unstable/perl/libnews-nntpclient-perl
83. http://bugs.debian.org/333192
84. http://packages.debian.org/unstable/perl/libperlmenu-perl
85. http://bugs.debian.org/333193
86. http://packages.debian.org/unstable/perl/libterm-prompt-perl
87. http://bugs.debian.org/333194
88. http://packages.debian.org/unstable/perl/libtest-reporter-perl
89. http://bugs.debian.org/333195
Removed Packages. 17 packages have been [90]removed from the Debian
archive during the past week:
90. http://ftp-master.debian.org/removals.txt
* doc-debian-ko -- Debian FAQ and other documents to Korean
[91]Bug#327764: Request of maintainer, orphaned, outdated
* php3 -- server-side, HTML-embedded scripting language
[92]Bug#330656: Request of maintainer, superseded by php4/php5
* busybox-cvs -- Tiny utilities for small and embedded systems
[93]Bug#331153: Request of QA, RC-buggy, superseded by busybox
* login.app -- A login application designed with the NeXTStep look
in mind
[94]Bug#256681: Request of QA, inactive upstream, alternatives
exist
* gupsc -- GNOME client for the Network UPS Tools Package (nut)
[95]Bug#263613: Request of QA, abandoned upstream, alternatives
exist
* cantus -- Gnome tool to mass-rename/tag mp3 and ogg files
[96]Bug#287985: Request of QA, outdated, better alternatives
* xml-soap -- SOAP (Simple Object Access Protocol) implementation in
Java
[97]Bug#307284: Request of QA, superseded by axis
* chastity-list -- blacklists for SquidGuard
[98]Bug#321594: Request of QA, abandoned upstream, very outdated
* cyrus-imapd -- CMU Cyrus mail system (administration tool)
[99]Bug#330696: Request of maintainer, obsolete
* pd-externals -- PD external collection
[100]Bug#331385: Request of maintainer, few users; out-of-date;
buggy
* bidwatcher -- Tool for watching and bidding on eBay auctions
[101]Bug#331684: Request of maintainer, broken; security issues
* ghc5 -- GHC - the Glasgow Haskell Compilation system
[102]Bug#331701: Request of maintainer, superseded by ghc6
* nhc98 -- aNother Haskell Compiler (the nhc98 Haskell Compiler)
[103]Bug#331704: Request of maintainer, obsolete
* oftpd -- Secure anonymous FTP server
[104]Bug#332186: Request of maintainer, dead upstream; security
issues
* jpilot-mail -- Mail plugin for jpilot (Palm Pilot desktop)
[105]Bug#332636: Request of maintainer, has never been part of a
stable release; RC bugs
* libosip -- Session Initiation Protocol (SIP) library
[106]Bug#331167: Request of maintainer, superseded by libosip2
* python-gtkextra -- Python module for the GtkExtra widget set
extension
[107]Bug#279541: Request of QA, obsolete, unneeded
91. http://bugs.debian.org/327764
92. http://bugs.debian.org/330656
93. http://bugs.debian.org/331153
94. http://bugs.debian.org/256681
95. http://bugs.debian.org/263613
96. http://bugs.debian.org/287985
97. http://bugs.debian.org/307284
98. http://bugs.debian.org/321594
99. http://bugs.debian.org/330696
100. http://bugs.debian.org/331385
101. http://bugs.debian.org/331684
102. http://bugs.debian.org/331701
103. http://bugs.debian.org/331704
104. http://bugs.debian.org/332186
105. http://bugs.debian.org/332636
106. http://bugs.debian.org/331167
107. http://bugs.debian.org/279541
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the [108]contributing
page to find out how to help. We're looking forward to receiving your
mail at [109]dwn@debian.org.
108. http://www.debian.org/News/weekly/contributing
109. mailto:dwn@debian.org
Reply to: