Added by Paul Cutler, last edited by Paul Cutler on Dec 03, 2007  (view change)

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.
 

Foresight Linux Newsletter Volume 1, Issue 8 (November 2007)

Welcome to the November edition of the Foresight Linux Newsletter.  With the recent release of the first alpha of Foresight Linux 2, this month's newsletter will take a detailed look at the release, including changes from the 1.x releases, how to test both the GNOME edition and new KDE edition, and the next alpha of Foresight Linux 2.  Also in this month's newsletter: security updates for 1.4, Foresight in the press, and help volunteer with Foresight.

In this issue:

Letter from the Editor

Foresight Linux News

  • Latest version: Foresight Linux 1.4.1

Security Updates

  • Recent packages updated to fix security flaws

Tips and Tricks

  • PackageKit 

Development News

  • Foresight Linux 2 Alpha 1 released
    • Overview
    • Known Bugs
    • KDE and XFCE editions
  • Foresight Linux 2 Alpha 2 and upcoming changes

Foresight Linux in the press

  • Linux Link Podcast
  • Blogosphere: Cthulhu Linux

Contributing to Foresight Linux

Join the Foresight Community

Downloading and Getting Help with Foresight Linux

Foresight Linux Information

Letter from the Editor

I'm pleased to bring back the Foresight Linux Newsletter after a one month break. Due to an upgrade with the wiki, which was down for a few weeks during October, we were unable to bring you an October newsletter. A lot has happened in the world of Foresight since our last newsletter at the end of September, most notably the first alpha release of Foresight Linux 2.0. 2.0 is an exciting release, with major changes from the current branch, and in this month's newsletter we'll take a look at some of those changes. I also wanted to apologize to those of you who subscribe in a newsreader, when the wiki was upgraded, all of the newsletters were published through the feed again. Thanks for reading the newsletter, and we promise not to skip any more months!

Paul Cutler
Editor 

Foresight Linux News

Foresight Linux 1.4 released October 19th

Foresight Linux 1.4.1 was released one month after 1.4, on October 19th.  Foresight Linux 1.4.1 features the first inclusion of PackageKit, Foresight's new GUI for searching, adding and removing packages.  The 1.4.1 release also updates GNOME to 2.20.1, and the latest Conary and GTK.  You can read the full release notes here.

Foresight Linux 1.4.1 is available for download on 1 DVD, 2 CDs, or through a number of different virtualization images.  Visit the download page for more information.

GNOME 2.20 Live Media

Foresight Linux is proud to be the distribution offering the latest version of GNOME via a number of different choices of Live Media.  Making it simple for users who want to test the latest GNOME release, four images are available for testing GNOME without having to install it directly on your hard drive.  These images include a LiveCD, VMWare image, and a Parallels / QEMU image.  GNOME Live Media is available for download at http://torrent.gnome.org.

Security Updates

Security updates are published on the Foresight Security mailing list. This month's security updates include:

FLEA-2007-0057-1 pidgin
2007-10-02 Previous versions of the pidgin package are vulnerable to a Denial of Service (crash) caused by a user not on the target's buddy list sending a "nudge," a feature of the MSN protocol.
FLEA-2007-0058-1
dist 2007-10-03 Previous versions of the openssl package are vulnerable to a buffer overflow, possibly enabling remote attackers to execute arbitrary code through applications that use the openssl libraries.
FLEA-2007-0059-1 dist
2007-10-04 Previous version of the qt package are vulnerable to a Denial of Service attack in which a maliciously crafted Unicode string may cause a heap-based buffer overflow in applications that use the Qt libraries. Note that while Foresight ships qt for compatibility with third-party applications, Foresight Linux does not include any components which use qt, so a default install is not exposed to this issue.
FLEA-2007-0060-1 initscripts
2007-10-26 Previous versions of the initscripts package do not set sufficiently restrictive permissions on the /var/log/btmp file, leading to an information exposure issue in which users' passwords may be revealed to unprivileged users in cases when the passwords have been inadvertently entered as usernames at some login prompts.
FLEA-2007-0061-1 java
2007-10-26 Previous versions of Sun's Java implementation are vulnerable to multiple issues which allow attackers to break the security model of the Java Virtual Machine and run arbitrary code as the user running Java (most often a non-root user in a browser setting) via multiple vectors.
FLEA-2007-0062-1 firefox 2007-10-28 Previous versions of the firefox package are vulnerable to several types of attacks, some of which are understood to allow compromised or malicious sites to run arbitrary code as the user running firefox.
FLEA-2007-0063-1 perl 2007-011-09 Previous versions of the perl package contain weaknesses when evaluating regular expressions. If a system is serving a perl-based web application that evaluates remote input as a regular expression, an attacker may be be able to exploit these weaknesses to execute arbitrary, attacker-provided code on the system, potentially elevating this to a remote, deterministic unauthorized access vulnerability. Foresight Linux does not, by default, enable or contain any such services.
FLEA-2007-0064-1 pcre 2007-011-11 Previous versions of the pcre package contain multiple vulnerabilities which may allow an attacker to execute arbitrary code. The pcre library and utilities are not known to be exposed via any privileged or remote interfaces within Foresight Linux by default, but many applications linked to the pcre library are routinely exposed to untrusted data.
FLEA-2007-0065-1 libpng 2007-011-11 Previous versions of the libpng package can cause applications to crash when loading malformed PNG files. It is not currently known that this vulnerability can be exploited to execute malicious code.
FLEA-2007-0066-1 ImageMagick 2007-011-11 Previous versions of the ImageMagick package are vulnerable to multiple attacks whereby an attacker might be able to execute arbitrary code by coercing the user into opening specially-crafted files with ImageMagick.
FLEA-2007-0067-1 pidgin 2007-011-11 Previous versions of pidgin are vulnerable to a denial-of-service when pidgin has been configured to use HTML logging. Logging is not enabled by default, so the default install of Foresight Linux is not vulnerable to this issue.
FLEA-2007-0068-1 ruby 2007-011-11 Previous versions of the ruby package include a library, Net::HTTPS, which does not properly verify the CN (common name) field in ssl certificates, making it easier to perform a man-in-the-middle attack. It is believed that Foresight Linux does not include any programs which rely on this feature of the Net::HTTPS library, and so is not affected by default.
FLEA-2007-0069-1 perl 2007-011-11 Previous versions of the perl package contain a buffer overflow in the regular expression parsing code which could allow an attacker to execute arbitrary code via a program which uses perl to parse untrusted input as a regular expression. Foresight Linux does not include any such program by default.

Tips and Tricks

After a new installation of Foresight Linux 1.4.1, if you want to customize the packages installed right away, you may need to be patient.  After an installation, PackageKit needs to refresh the package cache, so it knows what packages are available for installation.  If you try to install a package almost immediately after installation, you may get an error that the package is not found.

If this occurs, you also have the option refresh the cache manually instead of waiting until PackageKit does it.  From a terminal, run

pkcon refresh

and be patient, this process could take up to a half hour.  Installing packages from the PackageKit GUI should work after this.

Alternatively, you can always use Conary from a terminal to install software without waiting for PackageKit to build the cache.  From a terminal, type:

sudo conary update packagename

Where packagename is the name of the software you wish to install from Foresight's repository. 

Development News

Foresight Linux 2.0 Alpha 1

Overview 

The first alpha of Foresight 2.0 was released on Friday, November 9th.  You can read the complete release announcement here and download the alpha here.  This first release is an alpha, and is not recommended for production environments or everyday use. 

We are actively looking for help in testing Foresight.  Please file any bugs or enhancement requests in JIRA, our bug tracker, email your thoughts and feedback to us at feedback@foresightlinux.org, or stop by Freenode IRC, channel #foresight, and share your feedback. 

A brief list of changes to Foresight:

  • Tar based installer resulting in total installation times under 10 minutes using the DVD ISO
  • First release of 64 bit (x86_64) version, in addition to the normal x86 release
  • Built on a new toolchain including GCC 4.1.1
  • Compiz Fusion
  • Smaller default install size, almost 1 GB smaller than Foresight 1.4
Known bugs in this first alpha:
  • Missing printer configuration
  • OpenOffice.org is not included in this first alpha release (available already as an update)
  • Limited additional packages: most packages available in Foresight contrib repository for 1.4 still need to be re-packaged for 2.0, including a bittorrent client. If you are interested in learning packaging for Foresight Linux, please visit the developer IRC channel on the Freenode IRC network, channel #foresight-devel.
  • Off Kernel drivers are not supported in this initial release, including drivers such as the Intel Wireless IPW3945 chipset for notebook computer users, as well as other wireless drivers.(available already as an  update support for all Intel Wireless offerings, and as well for rtxxxx wireless chipsets. NVidia closed graphics driver support is available already)
  • Limited functionality with Compiz-Fusion for some Intel and ATI (radeon driver) users
KDE and XFCE Editions

We are very proud to annouce that Foresight Linux will be adding a XFCE and KDE editions to the next release cycle.

The KDE edition is in full development and already shows off the benefits of the new technological advances planned for Foresight 2.0, with a single CD ISO install and "flavored" for both x86 and x86_64 platforms. The alpha images can be downloaded for those interested in alpha testing, download the x86 version here and the x86_64 version here.

The XFCE edition is also enjoying some extensive work and we should be releasing an alpha image in the very near future.  If you're interested in helping us out, stop by Freenode on IRC, channel #foresight-devel and ping kenvandine, jtate, int or mark__t.

Alpha 2 

A second alpha should be released in the next week or two, with the following changes:

  • The debut of Syslinux as a GRUB replacement.
  • Updated PackageKit
  • Assorted updates and tweaks to already existing features.

Foresight Linux in the Press

Podcasts 

The Linux Link Tech Show podcast featured Foresight's founder and lead developer, Ken VanDine, on  the November 7th podcast.  Interviewed for almost an hour, Ken shared lots of information on Foresight and Conary, including a discussion on the upcoming Foresight 2 release. Download the MP3or Oggversions of the podcast.

Blogosphere

In the blogosphere, Foresight enjoyed a brief review at Cthulhu Linux, a blog dedicated to trying out different distributions.  Cthulhu Linux had kind words for Foresight, including:

It is loaded with all the latest drivers and codecs, and is a pleasure to use; fast, secure and stable, while quite easy on the eyes-sadly as this was in a virtual machine I had no opportunity to try out how well Compiz ran, but if the installation and the rest of the packages and performance are any indication, it will be something sublime, as a great deal of care has been put into this very user-friendly Linux distribution.

This is one distro to keep your eye on, particularly if you are a fan of the GNOME desktop environment; they are off to a most excellent beginning, and the 2.0 release shortly will no doubt build on what is a very successful initial offering. Can't wait to try this on a real machine, and will report back when I have had a chance to do so.

Og Maciel, a Foresight developer, recently represented Foresight at FOSScamp.  Og presented on translating using Rosetta, and attended a number of different sessions as well as the KDE 4.0 Release Event.  Visit Og's blog and read the full report.

Phoronix previewed the 2.0 Alpha release, including a number of screenshots Foresight Linux 2.0. 

Get Involved

Join the Foresight Community

Foresight users and developers are active on a number of different social networking sites.

Share your musical tastes and favorite artists with other Foresight users in the Foresight groupon Last.fm.  Banshee, Foresight's default music manager, has built in support for Last.fm.

Follow a few Foresight developers every waking moment via Twitter.

Share pictures of your Foresight Linux desktop at the Foresight Linux Flickr group.

Join the Foresight group on Mugshot.  Mugshot is a social networking application available as a web service and desktop service that aggregates a number of different social networks, such as Facebook, Digg, Youtube, Flickr, Reddit and many others.  Need an invitation to Mugshot?  Email pcutler@foresightlinux.org for an invitation.  To install Mugshot on your Foresight Linux desktop, from a terminal type:

sudo conary update mugshot

Last, but not least, add http://www.foresightlinux.org/planet to your bookmarks or favorite feed reader, such as Liferea, to read blog updates from Foresight Developers.  Are you a Foresight contributor or developer, and would like your blog syndicated?  Email feedback@foresightlinux.org with your blog's feed and a brief note about your blog.

Contributing to Foresight Linux

Contribute to Foresight Linux

Foresight Linux Website 

With the upcoming launch of Foresight Linux 2.0, the Foresight Linux team is looking to develop a new website as well.  We are looking for volunteers to help with both web design and web development.  We are looking to update or add new forums, a new planet, a new website layout, including better localization, and a blog for publishing Foresight news.  If interested, please stop by #foresight on Freenode or IRC or email feedback@foresightlinux.org.

Foresight Linux 2.0 Testing

As mentioned above in the Development section, we are looking for users to help test the upcoming Foresight Linux 2.0 beta releases.  From testing to bug reporting, all help and feedback is welcome. 

For other oportunities to contribute to Foresight Linux, visit the Getting Involved page on the Getting Started with Foresight Linux user guide. 

Contribute to the Foresight Linux Newsletter

Have a package or piece of software you want to share in the monthly newsletter?   Send it in!  We are always looking for more writers or contributors, and building the newsletter is a collaborative process using the Foresight Linux Newsletter wiki.  We are also looking for volunteers to interview people in the Foresight and GNOME communities, links to news articles on the web or in print regarding Foresight Linux, and all the other content that makes up the newsletter.

Have thoughts or comments on the newsletter?  Email feedback@foresightlinux.org and your letter may be published in the next issue! 

Contributors to Issue #8:  Paul Cutler (editor), Ken VanDine

Portuguese translation by Vladimir Melo 

Downloading and Getting Help with Foresight Linux

Download and install Foresight Linux:

Live Media, including Live CD, VMWare image, and QEMU and Parallels images

Help is available in many forms, and you can choose what you're most comfortable with.

  • IRC:  Visit the Foresight IRC channel, #foresight on Freenode, and ask questions.  We have one of the most friendly IRC channels you'll come across with everyone from users to developers reaching out to help answer questions.
  • Forums: Our forums continue to grow, and are a good source of information to check if a specific problem or question has come up before.
  • Wiki: Documentation on the wiki is growing on a daily basis, with updates often to the Frequently Asked Questions and other how-to's to get you going with Foresight Linux.
  • Mailing Lists
    • General List: General discussion around Foresight Linux
    • Commits list:(high traffic): All package commits are emailed to this list
    • Packagers List: Discuss packaging applications for Foresight using Conary and rBuilder
    • Developers List: Discuss topics related to Foresight development projects
    • Translation List: Help translate Foresight Linux into many different languages

Foresight Linux Information

Learn more about Foresight Linux at Foresight's homepage, http://www.foresightlinux.org.

Read what the developers are working on via their blogs, aggregated at Planet Foresight, http://www.foresightlinux.org/planet/ or subscribe via RSS at http://web.foresightlinux.org/planet/feed/rss/.

Subscribe to the newsletter via RSS: http://feeds.feedburner.com/foresightnewsletter.

Have feedback on Foresight Linux or the newsletter?  Email feedback@foresightlinux.org and share your thoughts, we'd love to hear from you! 
November 2007
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Volume I, Issue 9 (December 2007)
Foresight Linux Newsletter Volume I, Issue 7 (September 2007)