This weeks DWN contains items on Debian Server restored after Compromise, Updated Sarge CD Images with newer Kernel and Old debian-devel Channel on Freenode.
Debian Weekly News
Debian Weekly News – July 18th, 2006
Welcome to this year's 29th issue of DWN, the weekly newsletter for
the Debian community. Harald Welte announced the availability of a
root filesystem based on Debian sarge and a corresponding kernel
plus instructions for EZX phones. Raphaël Hertzog has the
impression that the Debian project is merely trying to keep
packages up-to-date and that the project is not making any significant
Debian Server restored after Compromise. James Troup reported that
gluck.debian.org was compromised. The machine was taken down for
investigation and the system was reinstalled. The intruder got
access via a compromised developer account and used a local kernel
vulnerability to elevate privileges.
Updated Sarge CD Images with newer Kernel. Kenshi Muto announced
updated CD images for the i386 architecture for sarge that
use a more recent kernel. With Linux 2.6.16-15 from backports.org
several base utilities such as grub, udev and parted have been updated
Old debian-devel Channel on Freenode. Erich Schubert discovered
that the old debian-devel IRC channel on freenode is officially
flagged as abandoned. After the irc.debian.org alias has been
transferred from freenode to OFTC the old channel wasn't used
much anymore. The remaining users in the channel are encouraged to
switch over to the one on OFTC.
Swap on a logical Volume. David Härdeman wondered whether to
change LVM packages so that the swap partition is created as a
logical volume rather than a separate partition during the
installation. This would allow swap space to be easily enlarged and
shrunk using the regular tools when needed.
New Wildcard Behaviour of tar. Bdale Garbee explained that the new
version of tar incorporates a new behaviour with respect to
wildcards passed to the program. The upstream developers have altered
tar in order to make it conform to the UNIX98 specification and
compatible with the original version of the utility. The change is
documented in detail in a special NEWS.Debian file.
Packages to be removed. Kevin McCarty updated the list of
packages that have open release-critical bugs older than one month and
only very few users recorded in popcon. 15 out of 52 source
packages have been fixed and 8 source packages have received an
acknowledgement from the maintainer to be removed.
Support for Intel-based Macs. Junichi Uekawa announced his effort
to foster Debian support for Intel-based Mac computers. Frans Pop
added that some work has already been done on the installer.
Owners of such machines are welcome to jump in and contact the
developers on the debian-boot list.
Debian Packages for Squid 3. Luigi Gangitano announced his
intent to package the new version of squid, the Internet
object cache, for Debian. It has been rewritten from scratch and
provides a number of new features. The squid3 packages may be
installed in parallel with the older packages.
Packages Diff Files. Tyler MacDonald wondered if index diff files
should be used for local archives at all. They have been invented to
avoid the need to download several megabytes of Packages files upon
upgrade, especially for machines with low or limited bandwidth. Alec
Berryman pointed out how to disable this feature. Mike Hommey
additionally reported that after a long time without an update and
with decent bandwidth it actually takes more time merging all diff
files than downloading the full file.
Security Updates. You know the drill. Please make sure that you update
your systems if you have any of these packages installed.
* DSA 1109: rssh — Privilege escalation.
* DSA 1110: samba — Denial of service.
* DSA 1111: Linux 2.6.8 — Privilege escalation.
New or Noteworthy Packages. The following packages were added to the
unstable Debian archive recently or contain important updates.
* adacontrol — Ada rules controller.
* amap-align — Protein multiple alignment by sequence
* apbs — Adaptive Poisson Boltzmann Solver.
* aspell-fa — Persian dictionary for GNU Aspell.
* casper — Debian Live initramfs generator.
* courierpassd — Change courier user passwords using poppassd
* gapcmon — Apcupsd monitor GUI.
* gbdfed — X11 font editor.
* haxe — Web programming language generating Flash, AJAX or
* last-exit — Last.fm audio player.
* lphoto — Digital photo manager.
* mcabber — Small Jabber console client.
* opencity — 3D city simulator game.
* oping — Sends ICMP_ECHO requests to network hosts.
* pgagent — Job scheduler for PostgreSQL.
* ploticus — Script driven business graphics package.
* refit — Graphical boot-loader for EFI-based ia32 systems.
* skyeye — Embedded Hardware Simulation.
* squid3 — Full featured Web Proxy cache (HTTP proxy).
* syrep — Generic file repository synchronisation tool.
* tclxapian — Xapian search engine interface for Tcl.
* tikiwiki — Groupware and content management system.
* tntnet — Modular, multi-threaded web application server for
* treeviewx — Displays and prints phylogenetic trees.
* wormux — Funny fight game on 2D maps.
* zmakebas — Convert text files into ZX Spectrum Basic
Orphaned Packages. 12 packages were orphaned this week and require a
new maintainer. This makes a total of 326 orphaned packages. Many
thanks to the previous maintainers who contributed to the Free
Software community. Please see the WNPP pages for the full list,
and please add a note to the bug report and retitle it to ITA: if you
plan to take over a package. To find out which orphaned packages are
installed on your system the wnpp-alert program from devscripts may be
* cl-awk — Common Lisp package with the features of AWK and
* cl-lexer — Lexical-analyser-generator package for Common
* cl-parse-number — Provides functions to parse any Common Lisp
number string. (Bug#377921)
* cl-regex — Common Lisp regular expression compiler/matcher.
* cl-tclink — Common Lisp bindings to the TrustCommerce
transaction system. (Bug#377923)
* dtmfdial — DTMF Tone Dialer. (Bug#377869)
* ld.so.preload-manager — Utility to manage the libraries in
* libxbox — Library for Xbox Linux utilities (Bug#377861)
* printop — Graphical interface to the LPRng print system.
* rolldice — Virtual dice roller. (Bug#377870)
* sipp — Development library for sipp. (Bug#377925)
* xbox-cromwell — Xbox BIOS image. (Bug#377862)
Removed Packages. 5 packages have been removed from the Debian
archive during the past week:
* bcm4400-source — Module source for Broadcom's bcm4400 ethernet
Bug#271798: Request of maintainer, unmaintained and
* messagewall — SMTP proxy daemon, designed to help keep out
Bug#274732: Request of QA, orphaned, dead upstream
* libdbix-class-loader-perl — Dynamic definition of DBIx::Class sub
Bug#369556: Request of Maintainer, dead upstream; superseded
* libcharles0 — Data structure library for Ada95 modelled on the
Bug#377927: Request of Maintainer, superseded by gnat-4.1
* xmbdfed — X11 font editor
Bug#377954: Request of Maintainer, licensing issues
Want to continue reading DWN? Please help us create this newsletter.
We still need more volunteer writers who watch the Debian community
and report about what is going on. Please see the contributing
page to find out how to help. We're looking forward to receiving your
mail at firstname.lastname@example.org.
This issue of Debian Weekly News was edited by Sebastian Feltel
and Martin 'Joey' Schulze.