Debian Weekly News - July 3rd, 2007
Welcome to this year's 6th issue of DWN, the newsletter for the Debian community. Ulrich Hansen created a set of nice looking CD and DVD covers for the just released Debian GNU/Linux 4.0. Roland Mas announced that Alioth has been upgrade to etch. Kurt Gramlich announced a Skolelinux Youngster Meeting on July 20th to 26th in Chemnitz, Germany.
Call for Papers for LVEE-2007. Vlad Shakhov called for papers and speakers for the upcoming Linux Vacation/Eastern Europe (LVEE) meeting. The event takes place from June, 14th to 17th near Hrodna, Belarus. The conference goal is to provide open exchange of ideas and experience between developers and users, give them ability to establish personal contacts. Participants and speakers are asked to apply not later than 1st of June.
Interviews with Sam Hocevar. The new Debian project leader was interviewed by itwire and linux.com. Sam expressed that he wants to focus on social aspects like improving the internal communication, teamwork and motivating Ubuntu developers to contribute to Debian. About the GPLv3 discussion he said that most GPLv2 software in Debian is already GPLv3 compatible and that using the GPLv3 in Debian would cause even more license incompatibilities.
Collection of Debian Art. André Luiz Rodrigues Ferreira announced the Debian Art website. It aims to create an archive for high quality artwork like wallpaper, splash screens, icons, logos, screenshots and system sounds which can be freely used for KDE, GNOME, Xfce or t-shirts and labels. This user contributed artwork can be included in upcoming Debian releases.
Removing PHP4. Sean Finney announced that PHP4 will be removed from unstable and thus testing. Sean has setup a Wiki page to give detailed information for packages depending on PHP4 and to track the progress. He asked the respective maintainers to fix their packages to avoid mass bug filing.
Release Team Meeting Results. Andreas Barth summarised the release team meeting that took place in Jülich, Germany. A review of the etch release process lead to simplifying the use of release goals for the upcoming release of lenny. Architecture qualification status notes are due to be published every two months and release updates should be sent out more regularly. The report also contains a rough release schedule which aims at the next release in the second half of 2008.
Boosting the Release Team. Luk Claes called for new release assistants for the lenny release cycle in order to distribute the workload better among them. Assistants need to have done Quality Assurance for Debian already, have loads of spare time to use for release work, have a good understanding of several scripting languages and acknowledge that they will be doing merely basic work without authority over the release.
Serious Problem Reminder. Lucas Nussbaum announced that he's going to send mails to maintainers of packages with serious problems once a month. When a release-critical bug is open for more than 30 days, or when the package has not yet migrated into testing the maintainer will be informed about the problems.
FrOSCon Debian Sub-Conference. Martin Zobel-Helas called for papers for a Debian sub-conference at this years' FrOSCon that takes place on August 25th and 26th in St. Augustin, Germany. In addition to the developer room the project will also run a booth in the exhibition area.
Format String Vulnerabilities in Debian. Karl Chen and David Wagner presented an analysis on format string vulnerabilities in the sarge distribution for the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security that took place on June 14th in San Diego, U.S.A. Tools have marked more than 1,500 packages potentially insecure of which 87 were determined with true format string bugs.
Backports for Debian Etch. Alexander Wirt announced the availability of backports for etch. Backported packages should be available in the testing distribution, contain new and important features and there has to be user demand for them. Backports for sarge are still supported and may need to be removed before the system is upgraded to etch.
Transition to GCC 4.2. Martin Michlmayr called for developers interested in helping with the transition to GCC 4.2 by uploading packages and inspecting build failures. Throughout the development of GCC 4.2, the entire Debian archive has been recompiled regularly with development snapshots of GCC to ensure a reliable compiler.
Package Build Status. Sergei Golovan wondered
about the meaning of state
uploaded. Goswin von Brederlow explained
that it means the build daemon has
received a signed changes file and has uploaded the package into the incoming
queue. When this status does not change for a while something went wrong.
The buildd admin has to upload the package again or return it for a
Security Updates. You know the drill. Please make sure that you update your systems if you have any of these packages installed.
- DSA 1280: aircrack-ng -- Arbitrary code execution.
- DSA 1281: clamav -- Several vulnerabilities.
- DSA 1282: PHP4 -- Several vulnerabilities.
- DSA 1283: PHP5 -- Several vulnerabilities.
- DSA 1284: qemu -- Several vulnerabilities.
- DSA 1285: wordpress -- Several vulnerabilities.
- DSA 1286: Linux 2.6.18 -- Several vulnerabilities.
- DSA 1287: ldap-account-manager -- Several vulnerabilities.
- DSA 1288: pptpd -- Denial of service.
- DSA 1289: Linux 2.6.18 -- Several vulnerabilities.
- DSA 1290: squirrelmail -- Cross-site scripting.
- DSA 1291: samba -- Several vulnerabilities.
- DSA 1292: qt4-x11 -- Cross-site scripting.
- DSA 1293: quagga -- Denial of service.
- DSA 1294: XFree86 -- Several vulnerabilities.
- DSA 1295: PHP5 -- Several vulnerabilities.
- DSA 1296: PHP4 -- Privilege escalation.
- DSA 1297: gforge-plugin-scmcvs -- Arbitrary shell command execution.
- DSA 1298: otrs2 -- Cross-site scripting.
- DSA 1299: ipsec-tools -- Denial of service.
- DSA 1300: iceape -- Several vulnerabilities.
- DSA 1301: GIMP -- Arbitrary code execution.
- DSA 1302: freetype -- Arbitrary code execution.
- DSA 1303: lighttpd -- Denial of service.
- DSA 1304: Linux 2.6.8 -- Several vulnerabilities.
- DSA 1305: icedove -- Several vulnerabilities.
- DSA 1306: xulrunner -- Several vulnerabilities.
- DSA 1307: OpenOffice.org -- Arbitrary code execution.
- DSA 1308: iceweasel -- Several vulnerabilities.
- DSA 1309: PostgreSQL 8.1 -- Privilege escalation.
- DSA 1310: libexif -- Denial of service.
- DSA 1311: PostgreSQL 7.4 -- Privilege escalation.
- DSA 1312: libapache-mod-jk -- Information disclosure.
- DSA 1313: mplayer -- Arbitrary code execution.
- DSA 1314: open-iscsi -- Several vulnerabilities.
- DSA 1315: libphp-phpmailer -- Arbitrary shell command execution.
- DSA 1316: emacs21 -- Denial of service.
- DSA 1317: tinymux -- Arbitrary code execution.
- DSA 1318: ekg -- Denial of service.
- DSA 1319: maradns -- Denial of service.
- DSA 1320: clamav -- Several vulnerabilities.
- DSA 1321: evolution-data-server -- Arbitrary code execution.
- DSA 1322: wireshark -- Denial of service.
- DSA 1323: krb5 -- Several vulnerabilities.
- DSA 1324: hiki -- Privilege escalation.
- DSA 1325: evolution -- Arbitrary code execution.
- DSA 1326: fireflier-server -- Insecure temporary files.
- DSA 1327: gsambad -- Insecure temporary files.
- DSA 1328: unicon-imc2 -- Arbitrary code execution.
New or Noteworthy Packages. The following packages were added to the unstable Debian archive recently.
- apparix — Console-based bookmark tool for fast file system navigation.
- apt-transport-https — APT HTTPS transport.
- bitstormlite — BitTorrent Client based on C++/GTK+2.0.
- ctorrent — BitTorrent Client written in C.
- ecj — Standalone version of the Eclipse Java compiler.
- ept-cache — Command line tool to search the package archive.
- fdm — Fetching, filtering and delivering emails.
- fische — Standalone sound visualisation for Linux.
- gfa — GTK+ fast address book.
- giggle — GTK+ frontend for the git directory tracker.
- gozerbot — IRC and Jabber bot written in Python.
- gpodder — GTK+ Media aggregator and Podcast catcher.
- hgsvn — Scripts to work locally on Subversion checkouts using Mercurial.
- jlgui — Graphical music player.
- ksniffer — Network traffic analyser for KDE.
- mtpaint — Painting program to create pixel art and manipulate digital photos.
- mummer — Efficient sequence alignment of full genomes.
- ophcrack — Microsoft Windows password cracker using rainbow tables.
- postpone — Schedules commands to be executed later.
- powertop — Linux tool to find out what is using power on a laptop.
- pybackpack — User friendly file backup tool for GNOME.
- qgfe — Qt based Gnuplot Frontend.
- qtemu — Graphical user interface for QEMU.
- qtiplot — Data analysis and scientific plotting.
- qtractor — MIDI/Audio multi-track sequencer application.
- renpy — Framework for developing visual-novel type games.
- rofs — Read-Only Filesystem for FUSE.
- slim — Desktop-independent graphical login manager for X11.
- taxbird — First free Elster client (German Tax Declarations).
- tripod — iPod photo uploader.
- tmw — Mana World is a great Online Rolegame.
- wavbreaker — Tool to split wave files into multiple chunks.
- xindy — Index generator for structured documents like LaTeX or SGML.
Orphaned Packages. 58 packages were orphaned since
the last issue and require a new maintainer. Below is an excerpt
of the entire list. This makes a total of 409 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free Software
community. Please see the WNPP pages for
the full list, and please add a note to the bug report and retitle it to ITA:
if you plan to take over a package. To find out which orphaned packages are
installed on your system the
wnpp-alert program from
devscripts may be helpful.
- airsnort — WLAN sniffer. (Bug#429507)
- cfourcc — Command line tool for changing FourCC in Microsoft RIFF AVI files. (Bug#425242)
- datefudge — Fake the system date. (Bug#429467)
- divxcomp — Bitrate calculator for DivX:-) movies written in perl. (Bug#424713)
- dvi2tty — Previewing dvi-files on text-only devices. (Bug#430129)
- ecawave — Graphical audio file editor. (Bug#431141)
- fblogo — Converts images to framebuffer-logo header files. (Bug#427139)
- flyspray — Lightweight Bug Tracking System (BTS) in PHP. (Bug#428366)
- gscanbus — Scan IEEE1394 (firewire/i.link) bus. (Bug#429559)
- kforth — Small Forth Interpreter Written in C++. (Bug#429469)
Stickyhoneypot and IDS. (Bug#424715)
- libc-scan-perl — Scan C language files for easily recognised constructs. (Bug#430977)
- medussa — Distributed password cracking system. (Bug#424716)
- metacam — Extract EXIF information from digital camera files. (Bug#425241)
- outguess — Universal steganographic tool. (Bug#424718)
- pmidi — Command line MIDI player for ALSA. (Bug#429755)
- procmail-lib — Library of useful procmail recipes. (Bug#430981)
- stegdetect — Detect and extract steganography messages inside JPEG. (Bug#424720)
- tcpick — TCP stream sniffer and connection tracker. (Bug#430030)
- wmcalc — Dockable calculator application. (Bug#427132)
Want to continue reading DWN? Please help us create this newsletter. We still need more volunteer writers who watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at email@example.com.
To receive this newsletter weekly in your mailbox, subscribe to the debian-news mailing list.
Back issues of this newsletter are available.
This issue of Debian Weekly News was edited by Sebastian Feltel, Thomas Bliesener, Y Giridhar Appaji Nag and Martin 'Joey' Schulze.