Browse Space
|
October 2007 |
|
||||
|---|---|---|---|---|---|---|
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
Nov 30, 2007
Sep 01, 2007
2007/10/02
Foresight Linux Newsletter Volume 1, Issue 7 (September 2007)
Welcome to the September edition of the Foresight Linux Newsletter. This month we take a look at the recently released Foresight Linux 1.4 including GNOME 2.20, development news, security updates, and tips and tricks.
In this issue:
Foresight Linux News
- Foresight Linux 1.4 released
Security Updates
- Recent packages updated to fix security flaws
Development News
- Developer Meeting
Foresight Linux Tour
- Michigan User Group
- Ohio Linux Fest
Tips and Tricks
- Avant Window Navigator Updates
- PackageKit update
Contributing to Foresight Linux
Join the Foresight Community
Downloading and Getting Help with Foresight Linux
Foresight Linux Information
Foresight Linux News
Foresight Linux 1.4 released September 19th
Foresight Linux 1.4 was released on September 19th, with the GNOME 2.20 release. Foresight Linux 1.4 features the latest GNOME, including updates to Evolution Email and Calendar, Tomboy Notes, Power Manager, Epiphany Web Browser the GNOME Image Viewer, Eye of GNOME and more. Foresight Linux 1.4 also features the latest Conary package manager and an updated GTK theme. You can read the full release notes here.
Foresight Linux 1.4 is available for download on 1 DVD, 2 CDs, or through a number of different virtualization images. Visit the download pagefor more information.
GNOME 2.20 Live Media
Foresight Linux is proud to be the distribution offering the latest version of GNOME via a number of different choices of Live Media. Making it simple for users who want to test the latest GNOME release, four images are available for testing GNOME without having to install it directly on your hard drive. These images include a LiveCD, VMWare image, and a Parallels / QEMU image. GNOME Live Media is available for download at http://torrent.gnome.org.
Security Updates
Security updates are published on the Foresight Security mailing list. This month's security updates include:
| FLEA-2007-0053-1 | fetchmail |
2007-09-06 | Previous versions of the fetchmail package may crash when attempting to deliver an internal warning or error message through an untrusted or compromised SMTP server, leading to a possible Denial of Service. |
| FLEA-2007-0052-1 |
gd | 2007-09-06 | Previous versions of the gd package are vulnerable to multiple attacks in which an attacker may cause unbounded CPU consumption or application crashes (Denial of Service), possibly leading to the execution of malicious code (Unauthorized Access). These attacks are generally limited to uses of the gd library to load existing images rather than generate new images. |
| FLEA-2007-0051-1 | star |
2007-09-06 | Previous versions of star, an archival program, are vulnerable to an attack in which unpacking an intentionally-malformed tar archive can overwrite arbitrary files to which the user running tar has write access. If unpacked by a superuser, this can lead to arbitrary code execution at root permission levels. |
| FLEA-2007-0050-1 | krb-5 |
2007-09-06 | CVE-2007-4743 was also assigned to this vulnerability due to a problem with the originally published patch (for CVE-2007-3999), which did not fully correct the vulnerability. The update provided for rPath Linux used the revised patch, which fully corrected the vulnerability. |
| FLEA-2007-0054-1 | lighttpd |
2007-09-17 | Previous versions of the lighttpd package are vulnerable to a remote Arbitrary Code Execution attack due to a header overflow in the mod_fastcgi extension. Note that the Foresight System Manager (aka rAPA or rAA), the only user of lighttpd on a default Foresight install, does not enable the mod_fastcgi extension, and so is not vulnerable to this attack. |
| FLEA-2007-0055-1 | openssh | 2007-09-17 | Previous versions of openssh could use a trusted X11 cookie if creation of an untrusted cookie failed, a minor privilege escalation attack. |
| FLEA-2007-0056-1 | openoffice.org | 2007-09-18 | Previous versions of openoffice.org allow unauthorized arbitrary code execution when a user opens a malformed TIFF image. |
Development News
Foresight Linux 2.0
There will be a Foresight Developer meeting held in IRC on Freenode, channel #foresight-devel on Wednesday, Oct. 3rd 2007 at UTC 5:00 p.m / BST 6:00 p.m / EST 1:00 p.m / 9:00 p.m. AKDT.
All are welcome to attend, and you can find the agenda on the Developer Meeting wiki page. The major agenda items will be updates on Foresight Linux 2.0 development, sub-team creation and web resources.
Foresight Linux Tour
The Foresight Linux tour continued in September, with two stops in the U.S. Midwest at the Michigan User Group and Ohio LinuxFest.
Ken Vandine and Michael K. Johnson were at the Michigan!/usr/groupon September 11th and presented on how rPath makes Internet appliances easy. More information is available from the Mug website and a MP3 file of their talk is also available. Michael's slide presentation is available his webpage.
Foresight Linux had a booth at the most recent Ohio LinuxFest held on Saturday, September 29th. The Foresight Linux booth was organized by Kevin Harriss. Ken Vandine, Ryan Kolak and others helped out manning the booth and talking to attendees. Over 250 Foresight Linux DVDs were gone within hours. Ken VanDine co-hosted a GNOME presentation with Canonical's Jorge Castro, and Michael K. Johnson hosted a presentation on rPath and Conary. Ken and Michael also held a BoF that lasted over two hours discussing Conary, rPath, and Foresight with attendees.
Kevin, Ken and Ryan at Ohio LinuxFest 2007:
Photo courtesy of Kevin Harriss.
Tips and Tricks
PackageKit
PackageKit is now available for alpha testing for Foresight users. From a terminal, type:
sudo conary update PackageKit gnome-packagekit
Current operations PackageKit supports on Foresight:
- refresh-cache
- seach-name
- search-details
- get-updates
- update-system
- install
- remove
- get-depends
- get-description
After installing PackageKit, you will need to reboot your computer. PackageKit can be found in Applications -> System Tools -> Add / Remove Software. When trying to install a package and given a choice between noarch and x86, please choose the x86 option.
PackageKit running on Foresight:
PackageKit search for "avant" and returns Avant Window Navigator and shows as installed:
PackageKit search for "Exaile" and shows not installed. After installing and then uninstalling, PackageKit also shows a notification applet that it completed uninstalling:
Please send feedback or bug reports to the Foresight issue tracker.
PackageKit will be included in Foresight Linux 2.0 as the GUI for package management.
Avant Window Navigator
Avant Window Navigator was featured in the July Newsletter, and Paul Scott-Wilson (aka pscott in IRC) has been keeping Avant Window Navigtor up to date in the Foresight repositories from Avant Window Navigator's bazaar repository.
Avant Window Navigator now features a Preferences menu, available in System -> Preferences -> AWN Manager or by right clicking on the dock.
A number of applets have been added, such as a workspace switcher, trash applet, or GNOME menu applet:
GNOME menu applet (Thumbnail, click to enlarge)
Additionally, Avant features new 3D effects, for both the bar and the icons. For icons on the dock you can choose from Classic, Fade, Spotlight, Zoom, Squish or 3D Turn.
Join the Foresight Community
Foresight users and developers are active on a number of different social networking sites.
Share your musical tastes and favorite artists with other Foresight users in the Foresight groupon Last.fm. Banshee, Foresight's default music manager, has built in support for Last.fm.
Follow a few Foresight developers every waking moment via Twitter.
Share pictures of your Foresight Linux desktop at the Foresight Linux Flickr group.
Join the Foresight group on Mugshot. Mugshot is a social networking application available as a web service and desktop service that aggregates a number of different social networks, such as Facebook, Digg, Youtube, Flickr, Reddit and many others. Need an invitation to Mugshot? Email pcutler@foresightlinux.org for an invitation. To install Mugshot on your Foresight Linux desktop, from a terminal type:
sudo conary update mugshot
Last, but not least, add http://www.foresightlinux.org/planet to your bookmarks or favorite feed reader, such as Liferea, to read blog updates from Foresight Developers. Are you a Foresight contributor or developer, and would like your blog syndicated? Email feedback@foresightlinux.org with your blog's feed and a brief note about your blog.
Contributing to Foresight Linux
Contribute to Foresight Linux
Foresight Linux Website
With the upcoming launch of Foresight Linux 2.0, the Foresight Linux team is looking to develop a new website as well. We are looking for volunteers to help with both web design and web development. If interested, please stop by #foresight on Freenode or IRC or email feedback@foresightlinux.org.
Foresight Linux 2.0 Testing
As mentioned above in the Development section, we are looking for users to help test the upcoming Foresight Linux 2.0 beta releases. From testing to bug reporting, all help and feedback is welcome.
For other oportunities to contribute to Foresight Linux, visit the Getting Involved page on the Getting Started with Foresight Linux user guide.
Contribute to the Foresight Linux Newsletter
Have a package or piece of software you want to share in the monthly newsletter? Send it in! We are always looking for more writers or contributors, and building the newsletter is a collaborative process using the Foresight Linux Newsletter wiki. We are also looking for volunteers to interview people in the Foresight and GNOME communities, links to news articles on the web or in print regarding Foresight Linux, and all the other content that makes up the newsletter.
Have thoughts or comments on the newsletter? Email feedback@foresightlinux.org and your letter may be published in the next issue!
Contributors to Issue #7: Paul Cutler (editor), Kevin Harriss
Portuguese translation by Vladimir Melo
Downloading and Getting Help with Foresight Linux
Download and install Foresight Linux:
Live Media, including Live CD, VMWare image, and QEMU and Parallels images
Help is available in many forms, and you can choose what you're most comfortable with.
- IRC: Visit the Foresight IRC channel, #foresight on Freenode, and ask questions. We have one of the most friendly IRC channels you'll come across with everyone from users to developers reaching out to help answer questions.
- Forums: Our forums continue to grow, and are a good source of information to check if a specific problem or question has come up before.
- Wiki: Documentation on the wiki is growing on a daily basis, with updates often to the Frequently Asked Questions and other how-to's to get you going with Foresight Linux.
- Mailing Lists:
- General List: General discussion around Foresight Linux
- Commits list:(high traffic): All package commits are emailed to this list
- Packagers List: Discuss packaging applications for Foresight using Conary and rBuilder
- Developers List: Discuss topics related to Foresight development projects
- Translation List: Help translate Foresight Linux into many different languages
Foresight Linux Information
Learn more about Foresight Linux at Foresight's homepage, http://www.foresightlinux.org.
Read what the developers are working on via their blogs, aggregated at Planet Foresight, http://www.foresightlinux.org/planet/ or subscribe via RSS at http://web.foresightlinux.org/planet/feed/rss/.
Subscribe to the newsletter via RSS: http://feeds.feedburner.com/foresightnewsletter.
Have feedback on Foresight Linux or the newsletter? Email feedback@foresightlinux.org and share your thoughts, we'd love to hear from you!
