Debian Weekly News - July 3rd, 2007

Posted by Scott_Ruecker on Jul 4, 2007 4:02 AM EDT
Debian.org
Mail this story
Print this story

Welcome to this year's 6th issue of DWN, the newsletter for the Debian community. Ulrich Hansen created a set of nice looking CD and DVD covers for the just released Debian GNU/Linux 4.0. Roland Mas announced that Alioth has been upgrade to etch. Kurt Gramlich announced a Skolelinux Youngster Meeting on July 20th to 26th in Chemnitz, Germany.

---------------------------------------------------------------------------
Debian Weekly News
http://www.debian.org/News/weekly/2007/06/
Debian Weekly News - July 3rd, 2007
---------------------------------------------------------------------------

Welcome to this year's 6th issue of DWN, the newsletter for the Debian community. Ulrich Hansen created a set of nice looking CD and DVD [1]covers for the just released [2]Debian GNU/Linux 4.0. Roland Mas [3]announced that [4]Alioth has been upgrade to [5]etch. Kurt Gramlich [6]announced a Skolelinux Youngster Meeting on July 20th to 26th in Chemnitz, Germany.

1. http://www.ulrich-hansen.de/etch/ 2. http://www.debian.org/releases/etch/ 3. http://lists.debian.org/debian-devel-announce/2007/05/msg00001.html 4. http://alioth.debian.org/ 5. http://www.debian.org/releases/etch/ 6. http://lists.debian.org/debian-events-eu/2007/06/msg00015.html

Call for Papers for LVEE-2007. Vlad Shakhov [7]called for papers and speakers for the upcoming [8]Linux Vacation/Eastern Europe (LVEE) meeting. The event takes place from June, 14th to 17th near Hrodna, Belarus. The conference goal is to provide open exchange of ideas and experience between developers and users, give them ability to establish personal contacts. Participants and speakers are asked to apply not later than 1st of June.

7. http://lists.debian.org/debian-events-eu/2007/04/msg00012.html 8. http://lvee.org.by/

Interviews with Sam Hocevar. The new Debian project [9]leader was interviewed by [10]itwire and [11]linux.com. Sam expressed that he wants to focus on social aspects like improving the internal communication, teamwork and motivating Ubuntu developers to contribute to Debian. About the GPLv3 discussion he said that most GPLv2 software in Debian is already GPLv3 compatible and that using the GPLv3 in Debian would cause even more license incompatibilities.

9. http://www.debian.org/devel/leader 10. http://www.itwire.com.au/content/view/11654/1090/ 11. http://www.linux.com/article.pl?sid=07%2F04%2F26%2F1520212

Collection of Debian Art. André Luiz Rodrigues Ferreira [12]announced the [13]Debian Art website. It aims to create an archive for high quality artwork like wallpaper, splash screens, icons, logos, screenshots or system sounds which can be freely used for KDE, GNOME, Xfce or t-shirts and labels. This user contributed artwork can be included in upcoming Debian releases.

12. http://lists.debian.org/debian-devel/2007/05/msg00275.html 13. http://www.debianart.org/

Removing PHP4. Sean Finney [14]announced that PHP4 will be removed from [15]unstable and thus [16]testing. Sean has setup a Wiki [17]page to give detailed information for packages depending on PHP4 and to track the progress. He asked the respective maintainers to fix their packages to avoid mass bug filing.

14. http://lists.debian.org/debian-devel/2007/05/msg00126.html 15. http://www.debian.org/releases/sid/ 16. http://www.debian.org/releases/testing/ 17. http://wiki.debian.org/PHP4Removal

Release Team Meeting Results. Andreas Barth [18]summarised the release team meeting that took place in Jülich, Germany. A review of the [19]etch release process lead to simplifying the use of release [20]goals for the upcoming release of [21]lenny. Architecture qualification status notes are due to be published every two months and release updates should be sent out more regularly. The report also contains a rough release schedule which aims at the next release in the second half of 2008.

18. http://lists.debian.org/debian-devel-announce/2007/06/msg00005.html 19. http://www.debian.org/releases/etch/ 20. http://release.debian.org/lenny-goals.txt 21. http://www.debian.org/releases/lenny/

Boosting the Release Team. Luk Claes [22]called for new release assistants for the lenny release cycle in order to distribute the workload better among them. Assistants need to have done Quality Assurance for Debian already, have loads of spare time to use for release work, have a good understanding of several scripting languages and acknowledge that they will be doing merely basic work without authority over the release.

22. http://lists.debian.org/debian-devel-announce/2007/06/msg00007.html

Serious Problem Reminder. Lucas Nussbaum [23]announced that he's going to send mails to maintainers of packages with serious problems once a month. When a release-critical bug is open for more than 30 days, or when the package has not yet migrated into testing the maintainer will be informed about the problems.

23. http://lists.debian.org/debian-devel/2007/06/msg01063.html

FrOSCon Debian Sub-Conference. Martin Zobel-Helas [24]called for papers for a Debian sub-conference at this years' [25]FrOSCon that takes place on August 25th and 26th in St. Augustin, Germany. In addition to the developer room the project will also [26]run a booth in the exhibition area.

24. http://lists.debian.org/debian-events-eu/2007/06/msg00019.html 25. http://www.froscon.org/ 26. http://lists.debian.org/debian-events-eu/2007/06/msg00006.html

Format String Vulnerabilities in Debian. Karl Chen and David Wagner will present an [27]analysis on format string vulnerabilities in the [28]sarge distribution for the ACM SIGPLAN Workshop on [29]Programming Languages and Analysis for Security that takes place on June 14th in San Diego, U.S.A. Tools have marked more than 1,500 packages potentially insecure of which 87 were determined with true format string bugs.

27. http://www.cs.berkeley.edu/~daw/papers/fmtstr-plas07.pdf 28. http://www.debian.org/releases/sarge/ 29. http://www.cs.umd.edu/~mwh/PLAS07/

Backports for Debian Etch. Alexander Wirt [30]announced the availability of [31]backports for etch. Backported packages should be available in the testing distribution, contain new and important features and there has to be user demand for them. Backports for [32]sarge are still supported and may need to be removed before the system is upgraded to etch.

30. http://lists.backports.org/lurker-bpo/message/20070419.092600.5007052f.en.html 31. http://www.backports.org/ 32. http://www.debian.org/releases/sarge/

Transition to GCC 4.2. Martin Michlmayr [33]called for developers interested in helping with the transition to GCC 4.2 by uploading packages and inspecting build failures. Throughout the development of GCC 4.2, the entire Debian archive has been recompiled regularly with development snapshots of GCC to ensure a reliable compiler.

33. http://lists.debian.org/debian-devel-announce/2007/06/msg00008.html

Package Build Status. Sergei Golovan [34]wondered about the meaning of state "uploaded". Goswin von Brederlow [35]explained that it means the [36]build daemon has received a signed changes file and has uploaded the package into the incoming queue. When this status does not change for a while something went wrong. The buildd admin has to upload the package again or return it for a rebuild.

34. http://lists.debian.org/debian-devel/2007/06/msg01266.html 35. http://lists.debian.org/debian-devel/2007/07/msg00015.html 36. http://www.debian.org/devel/buildd/

Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.

* DSA 1280: [37]aircrack-ng -- Arbitrary code execution. * DSA 1281: [38]clamav -- Several vulnerabilities. * DSA 1282: [39]PHP4 -- Several vulnerabilities. * DSA 1283: [40]PHP5 -- Several vulnerabilities. * DSA 1284: [41]qemu -- Several vulnerabilities. * DSA 1285: [42]wordpress -- Several vulnerabilities. * DSA 1286: [43]Linux 2.6.18 -- Several vulnerabilities. * DSA 1287: [44]ldap-account-manager -- Arbitrary Several vulnerabilities. * DSA 1288: [45]pptpd -- Denial of service. * DSA 1289: [46]Linux 2.6.18 -- Several vulnerabilities. * DSA 1290: [47]squirrelmail -- Cross-site scripting. * DSA 1291: [48]samba -- Several vulnerabilities. * DSA 1292: [49]qt4-x11 -- Cross-site scripting. * DSA 1293: [50]quagga -- Denial of service. * DSA 1294: [51]XFree86 -- Several vulnerabilities. * DSA 1295: [52]PHP5 -- Several vulnerabilities. * DSA 1296: [53]PHP4 -- Privilege escalation. * DSA 1297: [54]gforge-plugin-scmcvs -- Arbitrary shell command execution. * DSA 1298: [55]otrs2 -- Cross-site scripting. * DSA 1299: [56]ipsec-tools -- Denial of service. * DSA 1300: [57]iceape -- Several vulnerabilities. * DSA 1301: [58]GIMP -- Arbitrary code execution. * DSA 1302: [59]freetype -- Arbitrary code execution. * DSA 1303: [60]lighttpd -- Denial of service. * DSA 1304: [61]Linux 2.6.8 -- Several vulnerabilities. * DSA 1305: [62]icedove -- Several vulnerabilities. * DSA 1306: [63]xulrunner -- Several vulnerabilities. * DSA 1307: [64]OpenOffice.org -- Arbitrary code execution. * DSA 1308: [65]iceweasel -- Several vulnerabilities. * DSA 1309: [66]PostgreSQL 8.1 -- Privilege escalation. * DSA 1310: [67]libexif -- Denial of service. * DSA 1311: [68]PostgreSQL 7.4 -- Privilege escalation. * DSA 1312: [69]libapache-mod-jk -- Information disclosure. * DSA 1313: [70]mplayer -- Arbitrary code execution. * DSA 1314: [71]open-iscsi -- Several vulnerabilities. * DSA 1315: [72]libphp-phpmailer -- Arbitrary shell command execution. * DSA 1316: [73]emacs21 -- Denial of service. * DSA 1317: [74]tinymux -- Arbitrary code execution. * DSA 1318: [75]ekg -- Denial of service. * DSA 1319: [76]maradns -- Denial of service. * DSA 1320: [77]clamav -- Several vulnerabilities. * DSA 1321: [78]evolution-data-server -- Arbitrary code execution. * DSA 1322: [79]wireshark -- Denial of service. * DSA 1323: [80]krb5 -- Several vulnerabilities. * DSA 1324: [81]hiki -- Privilege escalation. * DSA 1325: [82]evolution -- Arbitrary code execution. * DSA 1326: [83]fireflier-server -- Insecure temporary files. * DSA 1327: [84]gsambad -- Insecure temporary files. * DSA 1328: [85]unicon-imc2 -- Arbitrary code execution.

37. http://www.debian.org/security/2007/dsa-1280 38. http://www.debian.org/security/2007/dsa-1281 39. http://www.debian.org/security/2007/dsa-1282 40. http://www.debian.org/security/2007/dsa-1283 41. http://www.debian.org/security/2007/dsa-1284 42. http://www.debian.org/security/2007/dsa-1285 43. http://www.debian.org/security/2007/dsa-1286 44. http://www.debian.org/security/2007/dsa-1287 45. http://www.debian.org/security/2007/dsa-1288 46. http://www.debian.org/security/2007/dsa-1289 47. http://www.debian.org/security/2007/dsa-1290 48. http://www.debian.org/security/2007/dsa-1291 49. http://www.debian.org/security/2007/dsa-1292 50. http://www.debian.org/security/2007/dsa-1293 51. http://www.debian.org/security/2007/dsa-1294 52. http://www.debian.org/security/2007/dsa-1295 53. http://www.debian.org/security/2007/dsa-1296 54. http://www.debian.org/security/2007/dsa-1297 55. http://www.debian.org/security/2007/dsa-1298 56. http://www.debian.org/security/2007/dsa-1299 57. http://www.debian.org/security/2007/dsa-1300 58. http://www.debian.org/security/2007/dsa-1301 59. http://www.debian.org/security/2007/dsa-1302 60. http://www.debian.org/security/2007/dsa-1303 61. http://www.debian.org/security/2007/dsa-1304 62. http://www.debian.org/security/2007/dsa-1305 63. http://www.debian.org/security/2007/dsa-1306 64. http://www.debian.org/security/2007/dsa-1307 65. http://www.debian.org/security/2007/dsa-1308 66. http://www.debian.org/security/2007/dsa-1309 67. http://www.debian.org/security/2007/dsa-1310 68. http://www.debian.org/security/2007/dsa-1311 69. http://www.debian.org/security/2007/dsa-1312 70. http://www.debian.org/security/2007/dsa-1313 71. http://www.debian.org/security/2007/dsa-1314 72. http://www.debian.org/security/2007/dsa-1315 73. http://www.debian.org/security/2007/dsa-1316 74. http://www.debian.org/security/2007/dsa-1317 75. http://www.debian.org/security/2007/dsa-1318 76. http://www.debian.org/security/2007/dsa-1319 77. http://www.debian.org/security/2007/dsa-1320 78. http://www.debian.org/security/2007/dsa-1321 79. http://www.debian.org/security/2007/dsa-1322 80. http://www.debian.org/security/2007/dsa-1323 81. http://www.debian.org/security/2007/dsa-1324 82. http://www.debian.org/security/2007/dsa-1325 83. http://www.debian.org/security/2007/dsa-1326 84. http://www.debian.org/security/2007/dsa-1327 85. http://www.debian.org/security/2007/dsa-1328

New or Noteworthy Packages. The following packages were added to the unstable Debian archive [86]recently.

86. http://packages.debian.org/unstable/newpkg_main

* [87]apparix -- Console-based bookmark tool for fast file system navigation. * [88]apt-transport-https -- APT HTTPS transport. * [89]bitstormlite -- BitTorrent Client based on C++/GTK+2.0. * [90]ctorrent -- BitTorrent Client written in C. * [91]ecj -- Standalone version of the Eclipse Java compiler. * [92]ept-cache -- Command line tool to search the package archive. * [93]fdm -- Fetching, filtering and delivering emails. * [94]fische -- Standalone sound visualisation for Linux. * [95]gfa -- GTK+ fast address book. * [96]giggle -- GTK+ frontend for the git directory tracker. * [97]gozerbot -- IRC and Jabber bot written in Python. * [98]gpodder -- GTK+ Media aggregator and Podcast catcher. * [99]hgsvn -- Scripts to work locally on Subversion checkouts using Mercurial. * [100]jlgui -- Graphical music player. * [101]ksniffer -- Network traffic analyser for KDE. * [102]mtpaint -- Painting program to create pixel art and manipulate digital photos. * [103]mummer -- Efficient sequence alignment of full genomes. * [104]ophcrack -- Microsoft Windows password cracker using rainbow tables. * [105]postpone -- Schedules commands to be executed later. * [106]powertop -- Linux tool to find out what is using power on a laptop. * [107]pybackpack -- User friendly file backup tool for GNOME. * [108]qgfe -- Qt based Gnuplot Frontend. * [109]qtemu -- Graphical user interface for QEMU. * [110]qtiplot -- Data analysis and scientific plotting. * [111]qtractor -- MIDI/Audio multi-track sequencer application. * [112]renpy -- Framework for developing visual-novel type games. * [113]rofs -- Read-Only Filesystem for FUSE. * [114]slim -- Desktop-independent graphical login manager for X11. * [115]taxbird -- First free Elster client (German Tax Declarations). * [116]tripod -- iPod photo uploader. * [117]tmw -- Mana World is a great Online Rolegame. * [118]wavbreaker -- Tool to split wave files into multiple chunks. * [119]xindy -- Index generator for structured documents like LaTeX or SGML.

87. http://packages.debian.org/unstable/utils/apparix 88. http://packages.debian.org/unstable/admin/apt-transport-https 89. http://packages.debian.org/unstable/net/bitstormlite 90. http://packages.debian.org/unstable/net/ctorrent 91. http://packages.debian.org/unstable/devel/ecj 92. http://packages.debian.org/unstable/misc/ept-cache 93. http://packages.debian.org/unstable/mail/fdm 94. http://packages.debian.org/unstable/sound/fische 95. http://packages.debian.org/unstable/utils/gfa 96. http://packages.debian.org/unstable/devel/giggle 97. http://packages.debian.org/unstable/net/gozerbot 98. http://packages.debian.org/unstable/x11/gpodder 99. http://packages.debian.org/unstable/devel/hgsvn 100. http://packages.debian.org/unstable/sound/jlgui 101. http://packages.debian.org/unstable/kde/ksniffer 102. http://packages.debian.org/unstable/graphics/mtpaint 103. http://packages.debian.org/unstable/science/mummer 104. http://packages.debian.org/unstable/admin/ophcrack 105. http://packages.debian.org/unstable/utils/postpone 106. http://packages.debian.org/unstable/x11/powertop 107. http://packages.debian.org/unstable/gnome/pybackpack 108. http://packages.debian.org/unstable/math/qgfe 109. http://packages.debian.org/unstable/x11/qtemu 110. http://packages.debian.org/unstable/math/qtiplot 111. http://packages.debian.org/unstable/sound/qtractor 112. http://packages.debian.org/unstable/games/renpy 113. http://packages.debian.org/unstable/utils/rofs 114. http://packages.debian.org/unstable/x11/slim 115. http://packages.debian.org/unstable/gnome/taxbird 116. http://packages.debian.org/unstable/graphics/tripod 117. http://packages.debian.org/unstable/games/tmw 118. http://packages.debian.org/unstable/x11/wavbreaker 119. http://packages.debian.org/unstable/text/xindy

Orphaned Packages. 58 packages were orphaned since the last issue and require a new maintainer. Below is an excerpt of the entire list. This makes a total of 409 orphaned packages. Many thanks to the previous maintainers who contributed to the Free Software community. Please see the [120]WNPP pages for the full list, and please add a note to the bug report and retitle it to ITA: if you plan to take over a package. To find out which orphaned packages are installed on your system the wnpp-alert program from devscripts may be helpful.

120. http://www.debian.org/devel/wnpp/

* [121]airsnort -- WLAN sniffer. ([122]Bug#429507) * [123]cfourcc -- Command line tool for changing FourCC in Microsoft RIFF AVI files. ([124]Bug#425242) * [125]datefudge -- Fake the system date. ([126]Bug#429467) * [127]divxcomp -- Bitrate calculator for DivX:-) movies written in perl. ([128]Bug#424713) * [129]dvi2tty -- Previewing dvi-files on text-only devices. ([130]Bug#430129) * [131]ecawave -- Graphical audio file editor. ([132]Bug#431141) * [133]fblogo -- Converts images to framebuffer-logo header file. ([134]Bug#427139) * [135]flyspray -- Lightweight Bug Tracking System (BTS) in PHP. ([136]Bug#428366) * [137]gscanbus -- Scan IEEE1394 (firewire/i.link) bus. ([138]Bug#429559) * [139]kforth -- Small Forth Interpreter Written in C++. ([140]Bug#429469) * [141]labrea -- "Sticky" honeypot and IDS. ([142]Bug#424715) * [143]libc-scan-perl -- Scan C language files for easily recognised constructs. ([144]Bug#430977) * [145]medussa -- Distributed password cracking system. ([146]Bug#424716) * [147]metacam -- Extract EXIF information from digital camera files. ([148]Bug#425241) * [149]outguess -- Universal Steganographic tool. ([150]Bug#424718) * [151]pmidi -- Command line MIDI player for ALSA. ([152]Bug#429755) * [153]procmail-lib -- Library of useful procmail recipes. ([154]Bug#430981) * [155]stegdetect -- Detect and extract steganography messages inside JPEG. ([156]Bug#424720) * [157]tcpick -- TCP stream sniffer and connection tracker. ([158]Bug#430030) * [159]wmcalc -- Dockable calculator application. ([160]Bug#427132)

121. http://packages.debian.org/unstable/net/airsnort 122. http://bugs.debian.org/429507 123. http://packages.debian.org/unstable/graphics/cfourcc 124. http://bugs.debian.org/425242 125. http://packages.debian.org/unstable/devel/datefudge 126. http://bugs.debian.org/429467 127. http://packages.debian.org/unstable/utils/divxcomp 128. http://bugs.debian.org/424713 129. http://packages.debian.org/unstable/tex/dvi2tty 130. http://bugs.debian.org/430129 131. http://packages.debian.org/unstable/sound/ecawave 132. http://bugs.debian.org/431141 133. http://packages.debian.org/unstable/devel/fblogo 134. http://bugs.debian.org/427139 135. http://packages.debian.org/unstable/web/flyspray 136. http://bugs.debian.org/428366 137. http://packages.debian.org/unstable/utils/gscanbus 138. http://bugs.debian.org/429559 139. http://packages.debian.org/unstable/interpreters/kforth 140. http://bugs.debian.org/429469 141. http://packages.debian.org/unstable/net/labrea 142. http://bugs.debian.org/424715 143. http://packages.debian.org/unstable/perl/libc-scan-perl 144. http://bugs.debian.org/430977 145. http://packages.debian.org/unstable/admin/medussa 146. http://bugs.debian.org/424716 147. http://packages.debian.org/unstable/graphics/metacam 148. http://bugs.debian.org/425241 149. http://packages.debian.org/unstable/utils/outguess 150. http://bugs.debian.org/424718 151. http://packages.debian.org/unstable/sound/pmidi 152. http://bugs.debian.org/429755 153. http://packages.debian.org/unstable/mail/procmail-lib 154. http://bugs.debian.org/430981 155. http://packages.debian.org/unstable/utils/stegdetect 156. http://bugs.debian.org/424720 157. http://packages.debian.org/unstable/net/tcpick 158. http://bugs.debian.org/430030 159. http://packages.debian.org/unstable/x11/wmcalc 160. http://bugs.debian.org/427132

Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the [161]contributing page to find out how to help. We're looking forward to receiving your mail at [162]dwn@debian.org.

161. http://www.debian.org/News/weekly/contributing 162. mailto:dwn@debian.org

This issue of Debian Weekly News was edited by Sebastian Feltel, Thomas Bliesener, Y Giridhar Appaji Nag and Martin 'Joey' Schulze.

-- To UNSUBSCRIBE, email to [e-mail:debian-news-REQUEST@lists.debian.org] with a subject of "unsubscribe". Trouble? Contact [e-mail:listmaster@lists.debian.org]

  Nav
» Read more about: Story Type: Newsletter; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.