[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian Weekly News - October 11th, 2005

Debian Weekly News
Debian Weekly News - October 11th, 2005

Welcome to this year's 41st issue of DWN, the weekly newsletter for
the Debian community. The Georgia Tech Marine Robotics Group has built
an underwater [1]vehicle with Debian as the [2]base operating
system. Matt LaPlante started a [3]series of articles that describe
the set up and configuration of a firewall based on Debian, including
DHCP, DNS, proxy services and dynamic DNS.

 1. http://cyberbuzz.gatech.edu/underwater/
 2. http://cyberbuzz.gatech.edu/underwater/software.htm
 3. http://www.cyberdogtech.com/firewalls/

Debian Security Infrastructure. The Debian project [4]announced that
the security network has been improved by splitting off the public
frontend to a new [5]host. This was a required step after an
[6]advisory recently caused the outgoing bandwidth of the old server
to be totally [7]saturated. Two more were [8]added afterward.

 4. http://www.debian.org/News/2005/20051004
 5. http://lists.debian.org/debian-news/debian-news-2005/msg00047.html
 6. http://www.debian.org/security/2005/dsa-816
 7. http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00206.html
 8. http://www.infodrom.org/~joey/log/?200510050938

Dealing with Wiki Spam. Carlos Parra Camargo [9]noticed that several
pages in the old [10]Wiki were defaced by a user and restored to the
last revision. Riku Vopio [11]pointed to the [12]instructions on
dealing with spam in the Wiki.

 9. http://lists.debian.org/debian-devel/2005/09/msg00604.html
 10. http://wiki.debian.net/
 11. http://lists.debian.org/debian-devel/2005/09/msg00607.html
 12. http://wiki.debian.org/?DealingWithSpam

Security Updates for Mozilla and Friends. With [13]DSA 810 the
security team announced that security problems in Mozilla, Firefox,
Galeon and Thunderbird have to be fixed by more or less using the new
upstream version but [14]keeping the old version number. Thanks to the
work done by Eric Dorland and Alexander Sack this hasn't caused the
problems yet that were already anticipated.

 13. http://www.debian.org/security/2005/dsa-810
 14. http://lists.debian.org/debian-devel/2005/09/msg00632.html

Reviving the Debian FAQ. Javier Fernández-Sanguino Peña [15]called for
help with maintaining the [16]Debian FAQ. Together with Santiago Vila
he has cleaned up a lot of sections, but more improvements are
required. Osamu Aoki [17]added that the scope of the FAQ should be
limited to brief answers and defer to other documents for the details.

 15. http://lists.debian.org/debian-devel/2005/09/msg00667.html
 16. http://www.debian.org/doc/FAQ/
 17. http://lists.debian.org/debian-devel/2005/09/msg01122.html

Cross-Chroot Account Information. Rob Browning [18]wondered how to
configure multiple chroot environments so that the account databases
will stay synchronous to the host system. An [19]LDAP backend as well
as [20]schroot and [21]bind mounts were mentioned. Daniel Jacobowitz
[22]pointed to his [23]shadow etc effort implemented with help of
fuse, the filesystem in userspace.

 18. http://lists.debian.org/debian-devel/2005/09/msg00716.html
 19. http://lists.debian.org/debian-devel/2005/09/msg00734.html
 20. http://lists.debian.org/debian-devel/2005/09/msg00763.html
 21. http://lists.debian.org/debian-devel/2005/09/msg00737.html
 22. http://lists.debian.org/debian-devel/2005/09/msg00868.html
 23. http://return.false.org/~drow/fuse/

Maintaining local Debian Patches. Sylvain Beucler [24]wondered if
there was a mechanism to keep local patches applied to Debian packages
even upon an upgrade. Francesco Lovergine [25]pointed him to
[26]apt-src that is able to take over part of the job. Paul Hampson
[27]explained that using a sane version number will stop [28]apt-get
from updating the package from the Debian source.

 24. http://lists.debian.org/debian-devel/2005/09/msg00802.html
 25. http://lists.debian.org/debian-devel/2005/09/msg00803.html
 26. http://packages.debian.org/apt-src
 27. http://lists.debian.org/debian-devel/2005/09/msg01072.html
 28. http://packages.debian.org/apt

Hotplug Blacklists obsolete. Marco d'Itri [29]reported that the new
hotplug and coldplug subsystem that has been integrated into [30]udev
cannot handle the former blacklisting of modules anymore but only its
own. He later [31]added that he has implemented support for
user-supplied files in /etc/hotplug/blacklist.d/ in modprobe.

 29. http://lists.debian.org/debian-devel/2005/09/msg00830.html
 30. http://packages.debian.org/udev
 31. http://lists.debian.org/debian-devel/2005/09/msg01311.html

Big Endian ARM Port. Lennert Buytenhek [32]announced the [33]intention
to work on a big endian ARM port for consumer devices such as the
Linksys NSLU2 or Synology DS101. Wouter Verhelst [34]offered his help
with maintaining a build daemon within the secondary buildd

 32. http://lists.debian.org/debian-devel/2005/09/msg00860.html
 33. http://lists.debian.org/debian-arm/2005/08/msg00011.html
 34. http://lists.debian.org/debian-devel/2005/09/msg01051.html
 35. http://experimental.buildd.net/

Linux Documentation Project License. Francesco Poli [36]discussed the
freeness of the Linux Documentation Project License version 2. Matthew
Garrett [37]responded positively and pointed out that only the so
called dissident test is a problem since the person who is making
modifications needs to be identified.

 36. http://lists.debian.org/debian-legal/2005/09/msg00503.html
 37. http://lists.debian.org/debian-legal/2005/09/msg00504.html

Debian Linux Kernel Handbook. Jurij Smakov et al. have published the
Debian Linux kernel [38]handbook which will help in documenting the
internals of the Debian Linux kernel build process. The document is
still work in progress with a lot of sections missing, but it's a
giant step in the right direction.

 38. http://kernel-handbook.alioth.debian.org/

Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.

 * DSA 843: [39]arc -- Insecure temporary files.
 * DSA 844: [40]mod-auth-shadow -- Authentication bypass.
 * DSA 845: [41]mason -- Missing init script.
 * DSA 846: [42]cpio -- Several vulnerabilities.
 * DSA 847: [43]dia -- Arbitrary code execution.
 * DSA 848: [44]masqmail -- Several vulnerabilities.
 * DSA 849: [45]shorewall -- Firewall bypass.
 * DSA 850: [46]tcpdump -- Denial of service.
 * DSA 851: [47]openvpn -- Denial of service.
 * DSA 852: [48]up-imapproxy -- Arbitrary code execution.
 * DSA 853: [49]ethereal -- Several vulnerabilities.
 * DSA 854: [50]tcpdump -- Denial of service.
 * DSA 855: [51]weex -- Arbitrary code execution.
 * DSA 855: [52]weex -- Arbitrary code execution.
 * DSA 856: [53]py2play -- Arbitrary code execution.
 * DSA 857: [54]graphviz -- Insecure temporary file.
 * DSA 858: [55]xloadimage -- Arbitrary code execution.
 * DSA 859: [56]xli -- Arbitrary code execution.
 * DSA 860: [57]ruby -- Safety bypass.
 * DSA 861: [58]uw-imap -- Arbitrary code execution.
 * DSA 862: [59]ruby1.6 -- Safety bypass.

 39. http://www.debian.org/security/2005/dsa-843
 40. http://www.debian.org/security/2005/dsa-844
 41. http://www.debian.org/security/2005/dsa-845
 42. http://www.debian.org/security/2005/dsa-846
 43. http://www.debian.org/security/2005/dsa-847
 44. http://www.debian.org/security/2005/dsa-848
 45. http://www.debian.org/security/2005/dsa-849
 46. http://www.debian.org/security/2005/dsa-850
 47. http://www.debian.org/security/2005/dsa-851
 48. http://www.debian.org/security/2005/dsa-852
 49. http://www.debian.org/security/2005/dsa-853
 50. http://www.debian.org/security/2005/dsa-854
 51. http://www.debian.org/security/2005/dsa-855
 52. http://www.debian.org/security/2005/dsa-855
 53. http://www.debian.org/security/2005/dsa-856
 54. http://www.debian.org/security/2005/dsa-857
 55. http://www.debian.org/security/2005/dsa-858
 56. http://www.debian.org/security/2005/dsa-859
 57. http://www.debian.org/security/2005/dsa-860
 58. http://www.debian.org/security/2005/dsa-861
 59. http://www.debian.org/security/2005/dsa-862

New or Noteworthy Packages. The following packages were added to the
unstable Debian archive [60]recently or contain important updates.

 60. http://packages.debian.org/unstable/newpkg_main

 * [61]connect-proxy -- Establish TCP connection using SOCKS4/5 and
   HTTP tunnel.
 * [62]dangen -- Shoot 'em up game where accurate shooting matters.
 * [63]fruit -- Chess engine, to calculates chess moves.
 * [64]gtkhtml3.8 -- HTML rendering/editing library - bonobo
   component binary.
 * [65]japitools -- Java API compatibility testing tools.
 * [66]keurocalc -- Universal currency converter and calculator.
 * [67]lprof -- Hardware Color Profiler.
 * [68]mozilla-biofox -- Extension of bioinformatics tools to Mozilla
   and Firefox browsers.
 * [69]tilda -- Terminal with first person shooter console likeness.
 * [70]wmii -- Lightweight tabbed and tiled X11 window manager.

 61. http://packages.debian.org/unstable/net/connect-proxy
 62. http://packages.debian.org/unstable/games/dangen
 63. http://packages.debian.org/unstable/games/fruit
 64. http://packages.debian.org/unstable/gnome/gtkhtml3.8
 65. http://packages.debian.org/unstable/devel/japitools
 66. http://packages.debian.org/unstable/kde/keurocalc
 67. http://packages.debian.org/unstable/graphics/lprof
 68. http://packages.debian.org/unstable/science/mozilla-biofox
 69. http://packages.debian.org/unstable/x11/tilda
 70. http://packages.debian.org/unstable/x11/wmii

Orphaned Packages. 9 packages were orphaned this week and require a
new maintainer. This makes a total of 200 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the [71]WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package.

 71. http://www.debian.org/devel/wnpp/

 * [72]heaplayers -- High-performance memory allocators.
 * [74]libend-perl -- Generalized END {}. ([75]Bug#333186)
 * [76]libhoard -- Fast memory allocation library. ([77]Bug#332538)
 * [78]libhtml-table-perl -- Perl module for creating HTML tables.
 * [80]libintl-perl -- Uniforum message translations system
   compatible i18n library. ([81]Bug#333190)
 * [82]libnews-nntpclient-perl -- News::NNTPClient, Perl support for
   accessing NNTP servers. ([83]Bug#333192)
 * [84]libperlmenu-perl -- Menu and Template (curses-based) UI for
   Perl. ([85]Bug#333193)
 * [86]libterm-prompt-perl -- Perl extension for prompting a user for
   information. ([87]Bug#333194)
 * [88]libtest-reporter-perl -- Sends test results to
   cpan-testers@perl.org. ([89]Bug#333195)

 72. http://packages.debian.org/unstable/libdevel/heaplayers
 73. http://bugs.debian.org/332536
 74. http://packages.debian.org/unstable/perl/libend-perl
 75. http://bugs.debian.org/333186
 76. http://packages.debian.org/unstable/libs/libhoard
 77. http://bugs.debian.org/332538
 78. http://packages.debian.org/unstable/perl/libhtml-table-perl
 79. http://bugs.debian.org/333188
 80. http://packages.debian.org/unstable/perl/libintl-perl
 81. http://bugs.debian.org/333190
 82. http://packages.debian.org/unstable/perl/libnews-nntpclient-perl
 83. http://bugs.debian.org/333192
 84. http://packages.debian.org/unstable/perl/libperlmenu-perl
 85. http://bugs.debian.org/333193
 86. http://packages.debian.org/unstable/perl/libterm-prompt-perl
 87. http://bugs.debian.org/333194
 88. http://packages.debian.org/unstable/perl/libtest-reporter-perl
 89. http://bugs.debian.org/333195

Removed Packages. 17 packages have been [90]removed from the Debian
archive during the past week:

 90. http://ftp-master.debian.org/removals.txt

 * doc-debian-ko -- Debian FAQ and other documents to Korean
   [91]Bug#327764: Request of maintainer, orphaned, outdated
 * php3 -- server-side, HTML-embedded scripting language
   [92]Bug#330656: Request of maintainer, superseded by php4/php5
 * busybox-cvs -- Tiny utilities for small and embedded systems
   [93]Bug#331153: Request of QA, RC-buggy, superseded by busybox
 * login.app -- A login application designed with the NeXTStep look
   in mind
   [94]Bug#256681: Request of QA, inactive upstream, alternatives
 * gupsc -- GNOME client for the Network UPS Tools Package (nut)
   [95]Bug#263613: Request of QA, abandoned upstream, alternatives
 * cantus -- Gnome tool to mass-rename/tag mp3 and ogg files
   [96]Bug#287985: Request of QA, outdated, better alternatives
 * xml-soap -- SOAP (Simple Object Access Protocol) implementation in
   [97]Bug#307284: Request of QA, superseded by axis
 * chastity-list -- blacklists for SquidGuard
   [98]Bug#321594: Request of QA, abandoned upstream, very outdated
 * cyrus-imapd -- CMU Cyrus mail system (administration tool)
   [99]Bug#330696: Request of maintainer, obsolete
 * pd-externals -- PD external collection
   [100]Bug#331385: Request of maintainer, few users; out-of-date;
 * bidwatcher -- Tool for watching and bidding on eBay auctions
   [101]Bug#331684: Request of maintainer, broken; security issues
 * ghc5 -- GHC - the Glasgow Haskell Compilation system
   [102]Bug#331701: Request of maintainer, superseded by ghc6
 * nhc98 -- aNother Haskell Compiler (the nhc98 Haskell Compiler)
   [103]Bug#331704: Request of maintainer, obsolete
 * oftpd -- Secure anonymous FTP server
   [104]Bug#332186: Request of maintainer, dead upstream; security
 * jpilot-mail -- Mail plugin for jpilot (Palm Pilot desktop)
   [105]Bug#332636: Request of maintainer, has never been part of a
   stable release; RC bugs
 * libosip -- Session Initiation Protocol (SIP) library
   [106]Bug#331167: Request of maintainer, superseded by libosip2
 * python-gtkextra -- Python module for the GtkExtra widget set
   [107]Bug#279541: Request of QA, obsolete, unneeded

 91. http://bugs.debian.org/327764
 92. http://bugs.debian.org/330656
 93. http://bugs.debian.org/331153
 94. http://bugs.debian.org/256681
 95. http://bugs.debian.org/263613
 96. http://bugs.debian.org/287985
 97. http://bugs.debian.org/307284
 98. http://bugs.debian.org/321594
 99. http://bugs.debian.org/330696
 100. http://bugs.debian.org/331385
 101. http://bugs.debian.org/331684
 102. http://bugs.debian.org/331701
 103. http://bugs.debian.org/331704
 104. http://bugs.debian.org/332186
 105. http://bugs.debian.org/332636
 106. http://bugs.debian.org/331167
 107. http://bugs.debian.org/279541

Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the [108]contributing
page to find out how to help. We're looking forward to receiving your
mail at [109]dwn@debian.org.

 108. http://www.debian.org/News/weekly/contributing
 109. mailto:dwn@debian.org

Reply to: