Foresight Linux Newsletter Volume 1, Issue 10 (January 2008)
Welcome to the February edition of the Foresight Linux Newsletter. This month's newsletter takes a look at updates to the 4th alpha of Foresight 2.0 and it's development cycle including release dates, security updates, a look back at recent conferences Foresight attended, GNOME-Do, Foresight Community updates and more.
In this issue:
- Latest version: Foresight 1.4.2
- Recent packages updated to fix security flaws
- Foresight Linux 2 Alpha 4 released
- Updates from Alpha 3 to Alpha 4
- Known Bugs
- Missing Packages
- Release Schedule
- Foresight 2 Developer HOWTOs
- New website in development
- Foresight at SCALE
- Foresight at FOSDEM
- Upcoming Conferences
- Becoming a member and developer
- Newly approved members and developers
Foresight Linux News
Foresight Linux 1.4.2 released November 30th
Foresight Linux 1.4.2 was released Friday, November 30th. Foresight Linux 1.4.2 features the first inclusion of PackageKit, Foresight's new GUI for searching, adding and removing packages. The 1.4.2 release also updates GNOME to 2.20.2, and the latest Conary and GTK. You can read the full release notes here.
Foresight Linux 1.4.2 is available for download on 1 DVD, 2 CDs, or through a number of different virtualization images. Visit the download page for more information.
Foresight 1.5, the last release in the 1.x series, will be released day and date with GNOME 2.22 on March 12th.
GNOME 2.20 Live Media
Foresight Linux is proud to be the distribution offering the latest version of GNOME via a number of different choices of Live Media. Making it simple for users who want to test the latest GNOME release, four images are available for testing GNOME without having to install it directly on your hard drive. These images include a LiveCD, VMWare image, and a Parallels / QEMU image. GNOME Live Media is available for download at http://torrent.gnome.org.
Security Updates
Security updates are published on the Foresight Security mailing list. This month's security updates include:
| FLEA-2008-0001-1 |
firefox
|
2008-02-11 |
Multiple vulnerabilities have been fixed in firefox, the most serious of which is thought to allow unauthorized remote execution of abitrary code at the permission level of the user running firefox. |
FLEA-2008-0002-1
|
python |
2008-02-11 |
Previous versions of the python package contain an integer overflow in the imageop module which could cause a denial-of-service (crash) or possibly leak sensitive information. |
| FLEA-2008-0003-1 |
nss_ldap
|
2008-02-11 |
Previous versions of nss_ldap contain a race condition that can allow nss_ldap to return the wrong information, allowing for the possibility of improper information disclosure. |
| FLEA-2008-0004-1 |
rsync
|
2008-02-11 |
Previous versions of the rsync package contain vulnerabilities in the rsync server, potentially allowing users to bypass security restrictions. Foresight Linux does not, by default, configure the rsync server to run. |
| FLEA-2008-0005-1 |
e2fsprogs
|
2008-02-11 |
Previous versions of the e2fsprogs package are vulnerable to multiple
integer overflows which may be exploited via specially-crafted filesystems. The workaround for is to not run fsck on a filesystem to which an untrusted user has the ability to directly modify filesystem metadata. This is most commonly an issue when using a virtualization solution in which the root user for the guest OS is not trusted, and can convince the host's root user to run fsck on the guests's filesystem. Foresight Linux neither enables nor supports any form of virtualization in the default install. |
| FLEA-2008-0006-1 |
tetex |
2008-02-11 |
Previous versions of the tetex package are vulnerable to multiple issues, the worst of which is believed to allow arbitrary code execution via user-assisted vectors when dvips or dviljk are run of specially-crafted files, or when loading malformed font data using t1lib. |
| FLEA-2008-0007-1 |
tetex |
2008-02-11 |
Previous versions of the gd package are vulnerable to a possible Arbitrary Code Execution attack in which an attacker may use a maliciously crafted GIF file to trigger a buffer overflow. The libgd
library is not exposed via any privileged or remote interfaces within Foresight Linux proper. |
Package of the Month
GNOME Do
GNOME Do is a recent development, and Foresight ships with GNOME-Do enabled by default in Foresight 2. What is GNOME Do? From it's website:
GNOME Do allows you to quickly search for many items present in your GNOME desktop environment (applications, Evolution contacts, Firefox bookmarks, files, artists and albums in Rhythmbox, Pidgin buddies, etc.) and perform commonly used actions on those items (Run, Open, Email, Chat, Play, etc.). GNOME Do is inspired by Quicksilver and GNOME Launch Box.
GNOME Do allows you to quickly open folders, run applications or search your desktop. To start GNOME Do, press the Super key (also known as the Windows key) and spacebar at the same time on your keyboard, and GNOME Do will be brought up.
The next step is just to start typing, and GNOME Do will use auto-complete to bring up applications, URLs or the dictionary to match the text you're typing. Once GNOME Do shows you a match for what you want, you can hit enter and GNOME-Do will run the associated command.
Starting an application:
Start an application, such as Banshee (music player): Bring up GNOME Do by hitting super-space. Start to type "Banshee". It will auto-complete for you, as seen in the screenshot below, as all that was typed was "ba". As soon as the Banshee icon appears, hit tab and enter, and Banshee will start.
Navigate to a URL
You can quickly navigate to web pages by typing the URL. Bring up GNOME DO by hitting super-space, enter a URL, such as www.google.com, and as it auto-completes and shows "Open URL" on the right, hit enter and it will open the URL you typed in your browser.
Open a directory
You can quickly open a directory using GNOME Do. Bring up GNOME Do by hitting super-space, and enter the directory name, such as /usr/lib/ and hit enter when GNOME DO shows open directory, as seen in the below screenshot:
These are just a few of the examples of tasks GNOME Do can run. GNOME Do is a very powerful and versatile way to navigate your computer.
For more information on GNOME Do:
Development News
Foresight Linux 2.0 Alpha 4
Overview
The latest alpha release of Foresight was released Friday, February 22nd. You can read the release announcement here, and the release notes here. This release is an alpha, and is not recommended for production environments or everyday use.
We are actively looking for help in testing Foresight. Please file any bugs or enhancement requests in JIRA, our bug tracker, email your thoughts and feedback to us at feedback@foresightlinux.org, or stop by Freenode IRC, channel #foresight, and share your feedback.
A brief list of changes to Foresight:
- Tar based installer resulting in total installation times under 10 minutes using the DVD ISO
- First release of 64 bit (x86_64) version, in addition to the normal x86 release
- Built on a new toolchain including GCC 4.1.1
- Smaller default install size, almost 1 GB smaller than Foresight 1.4
- Inclusion of GNOME-Do (more on GNOME-Do below in the Package of the Month)
Updates from Alpha 3 to Alpha 4: (JIRA issue numbers in parantheses)
- PackageKit has been updated to 0.1.7 released 2/14/08. PackageKit features a new UI from Alpha 3 that shows what kind of updates are available and what packages are available for update.
- OpenOffice.org has been fixed and is now available in the default installation.
- Pulse Audio should be more stable in Alpha 4 than it was in Alpha 3.
- GNOME has been updated to 2.21.91
- The new GNOME clock applet includes the ability to add weather and timezones.
- GNOME-DO has been updated to the latest release (bzr 113) and includes the new background theming. Users will need to install plugins manually.
- Transmission, a Bittorrent client, has been added to the default installation and has been updated to the latest release, 1.04. (FL-856)
- Keyboard layout options are now recognized (FL-859)
- Liferea should now be working (FL-868)
- Banshee 0.13.2 is included with better iPod functionality through ipod-sleuth
Current bugs: (JIRA issue numbers in parantheses)
- There is a bug when logging in via console that allows root to login without a password. This is an issue with Anaconda templates and will be fixed shortly. (FL-864)
- The latest Nvidia and ATI drivers need to be packaged. The Nvidia 169.07 is currently available for installation. (FL-844)
- Unpinning and uninstalling an older kernel when you have multiple kernels may cause Syslinux to not boot. (FL-864)
- Epiphany extensions are not available in GNOME 2.21 (FL-852 due to upstream bug)
- GTK-Engines is not theming 32 bit Firefox correctly on 64 bit systems (FL-893)
- Release notes are not viewable during installation due to a bug in Anaconda
- 32 bit Firefox will be included in the 64 bit version to enable Flash for users, but is not included in this release. Users will need to remove the included 64 bit Firefox and manually install 32 bit Firefox. (FL-898, which also includes installation steps)
- There is an issue with ldconfig that may cause issues with wireless connectivity and / or cause GNOMEPanel crashes for users upgrading from Alpha 3 to Alpha 4. This bug has not been reproduced on new installations. (FL-877 and FL-891)
KDE and XFCE Editions
We are very proud to announce that Foresight Linux will be adding a XFCE and KDE editions to the next release cycle.
The KDE edition is in full development and already shows off the benefits of the new technological advances planned for Foresight 2.0, with a single CD ISO install and "flavored" for both x86 and x86_64 platforms. The alpha images can be downloaded for those interested in alpha testing, download the x86 version here and the x86_64 version here.
The XFCE edition is also enjoying some extensive work and we should be releasing an alpha image in the very near future. If you're interested in helping us out, stop by Freenode on IRC, channel #foresight-devel and ping kenvandine, jtate, int or mark__t.
Release Schedule
- Foresight Beta 1 is currently planned for release on March 3rd
- This will include major bug fixes from Alpha 4, including the Anaconda fixes
- This will quickly be followed by Beta 2 on March 7th
- RC1 is scheduled for release on March 13th with GNOME 2.22
- Foresight 2.0 will be released on March 17th
Developer HOWTOs
A number of HOWTOs for developers packaging for Foresight 2.0 have been added to the wiki recently:
Foresight Marketing News
New Website Development
A number of Foresight volunteers have been working to re-design the current Foresight. The new website is set to launch in March, and features a new sleek re-design, updated content, and information about all 3 Foresight editions, including GNOME, KDE and Xfce.
The new website will also feature better localization features, and if you are interested in helping develop the new site or contribute translations, please join the Foresight Marketing List on Google Groups.
After the website launches, we will also be launching a new forums, powered by SMF. Look for more news on the forum soon!
Foresight at SCALE
Foresight had a booth at SCALE, the Southern California Linux Exposition held in Los Angeles this past February. This two day exposition featured keynotes, talks, an exposition floor and social events. Paul Cutler, Kevin Harriss, and Ken VanDine hosted the Foresight booth.
Ken also represented GNOME, and gave a talk on "GNOME: 10 Years of Freedom".
For more information on Foresight and GNOME at SCALE:
Foresight at FOSDEM
Foresight developers recently got together at FOSDEM this past February 23rd and 24th in Brussels, Belgium. Ken VanDine, Mark Trompell, and Antonio Meireles met up, with Ken giving a talk on the GNOME DevKit in the GNOME DevRoom and Antonio spoke on creating a rolling release distribution.
Upcoming Conferences
Foresight will be participating in a number of conferences in 2008. If you're looking to learn more about Foresight, or would like to meet Foresight's contributors and developers, stop by!
- APRIL
- Flourish (Chicago, Illinois, USA)
- Foresight User and Developer Conference (Raleigh, North Carolina, USA)
- OCTOBER
Foresight Community Updates
Joining Foresight
Foresight has recently posted guidelines to formally become a Foresight member and / or developer. If you believe your contributions to Foresight meet the guidelines, request to join! Benefits include a foresightlinux.org email address, Freenode IRC hostmasks, and commit access to the Foresight repository.
For more information:
- [Becoming a member]
- [Becoming a developer ]
Newly approved members and developers:
Members:
Developers:
- Mark Trompell
- Eric Lake
- Will Farrington
Get Involved
Join the Foresight Community
Foresight users and developers are active on a number of different social networking sites.
Share your musical tastes and favorite artists with other Foresight users in the Foresight group on Last.fm. Banshee, Foresight's default music manager, has built in support for Last.fm.
Follow a few Foresight developers every waking moment via Twitter.
Share pictures of your Foresight Linux desktop at the Foresight Linux Flickr group.
Join the Foresight group on Mugshot. Mugshot is a social networking application available as a web service and desktop service that aggregates a number of different social networks, such as Facebook, Digg, Youtube, Flickr, Reddit and many others. Need an invitation to Mugshot? Email pcutler@foresightlinux.org for an invitation. To install Mugshot on your Foresight Linux desktop, from a terminal type:
sudo conary update mugshot
Last, but not least, add http://www.foresightlinux.org/planet to your bookmarks or favorite feed reader, such as Liferea, to read blog updates from Foresight Developers. Are you a Foresight contributor or developer, and would like your blog syndicated? Email feedback@foresightlinux.org with your blog's feed and a brief note about your blog.
Contributing to Foresight Linux
Contribute to Foresight Linux
Foresight Linux Website
With the upcoming launch of Foresight Linux 2.0, the Foresight Linux team is looking to develop a new website as well. We are looking for volunteers to help with both web design and web development. We are looking to update or add new forums, a new planet, a new website layout, including better localization, and a blog for publishing Foresight news. If interested, please stop by #foresight on Freenode or IRC or email feedback@foresightlinux.org.
Foresight Linux 2.0 Testing
As mentioned above in the Development section, we are looking for users to help test the upcoming Foresight Linux 2.0 beta releases. From testing to bug reporting, all help and feedback is welcome.
For other opportunities to contribute to Foresight Linux, visit the Getting Involved page on the Getting Started with Foresight Linux user guide.
Contribute to the Foresight Linux Newsletter
Have a package or piece of software you want to share in the monthly newsletter? Send it in! We are always looking for more writers or contributors, and building the newsletter is a collaborative process using the Foresight Linux Newsletter wiki. We are also looking for volunteers to interview people in the Foresight and GNOME communities, links to news articles on the web or in print regarding Foresight Linux, and all the other content that makes up the newsletter.
Have thoughts or comments on the newsletter? Email feedback@foresightlinux.org and your letter may be published in the next issue!
Contributors to Issue #10: Paul Cutler (editor), Kevin Harriss
Downloading and Getting Help with Foresight Linux
Download and install Foresight Linux:
Live Media, including Live CD, VMWare image, and QEMU and Parallels images
Help is available in many forms, and you can choose what you're most comfortable with.
- IRC: Visit the Foresight IRC channel, #foresight on Freenode, and ask questions. We have one of the most friendly IRC channels you'll come across with everyone from users to developers reaching out to help answer questions.
- Forums: Our forums continue to grow, and are a good source of information to check if a specific problem or question has come up before.
- Wiki: Documentation on the wiki is growing on a daily basis, with updates often to the Frequently Asked Questions and other how-to's to get you going with Foresight Linux.
- Mailing Lists:
- General List: General discussion around Foresight Linux
- Commits list:(high traffic): All package commits are emailed to this list
- Packagers List: Discuss packaging applications for Foresight using Conary and rBuilder
- Developers List: Discuss topics related to Foresight development projects
- Translation List: Help translate Foresight Linux into many different languages
Foresight Linux Information
Learn more about Foresight Linux at Foresight's homepage, http://www.foresightlinux.org.
Read what the developers are working on via their blogs, aggregated at Planet Foresight, http://www.foresightlinux.org/planet/ or subscribe via RSS at http://web.foresightlinux.org/planet/feed/rss/.
Subscribe to the newsletter via RSS: http://feeds.feedburner.com/foresightnewsletter.
Have feedback on Foresight Linux or the newsletter? Email feedback@foresightlinux.org and share your thoughts, we'd love to hear from you!
News Operations
Browse Space
