For those that may be interested, attached is a draft of newsletter issue 34 in HTML format.
May you always be Frugal, Russell Dickenson (AKA phayz)
Frugalware Linux Newsletter - Issue FIXME
...to inform...to educate...to entertain
FIXME - insert quote
Welcome
The newsletter's aim is to keep you up to date with what's happened recently in the world of the Linux distribution 'Frugalware'.
Features of this issue include:
- FIXME
Events
Here's a selection of events which have occurred since the previous newsletter:
-
New wallpapers
Léo - a member of the Frugalware artwork team - recently made new wallpapers for Frugalware's next release - code named "Anacreon". Devil505 has put the preview images here - http://frugalware.org/~devil505/preview_leo_wall/. Note that since official Frugalware wallpapers don't have the releases' version number marked on them, you're welcome to use them with any release.
-
Czech it out - Frugalware has a new web site
Martin Burda - AKA "Head of Czech section" - has created a new Czech-language web site devoted to Frugalware - http://www.frugalware.hostend.eu/. All Czech-speaking Frugalware users are encouraged to visit the web site. Note: Sorry for the title of this item. In spoken English, "Czech" has the same sound as the English word "check", and the phrase "Check it out" means "Look at this". Am I insulting anyone by explaining this? I certainly hope not.
-
FIXME
FIXME
Getting To Know You
In this new section of the newsletter, we get to know Frugalware Linux a little at a time. This is not meant to replace the official documentation but instead make it easier to read. This should suit those those people who, like me, have short attention spans. :)
gitweb is your friend :)
Actually gitweb is my friend but you can borrow him for a while. gitweb provides a web interface to git repositories. Since all Frugalware development work is stored in one or more git repositories, it's natural that gitweb is also used.
If you want information about just one package, you can search for the package via the FIXME menu option on the web site. Amongst the packages' details will be a "Git entry" link. Click on this link and you'll see all the files associated with the package.
If you simply want to browse the git repositories, you can go to the FIXME link. There you'll see a list of all the repositories, including a brief description. The view and navigation is very similar to the default view you get when browsing an FTP site with a web browser. Why not have a look one day, you never know what you might find.
Tips and tricks
Disclaimer - Be aware that the hints & tips provided here have NOT been tested and so come with no warranty.-
Openbox and Firefox's FIXME - submitted by FIXME
One aspect of Firefox's default behaviour can be a problem if you're running the Openbox window manager. You may find that when switching workspaces that the Firefox window has moved when you switch back to the desktop containing Firefox. The solution to this is to set the configuration option FIXME to FIXME.
Thanks to FIXME for this tip, since he submitted it on the Openbox mailing list and agreed that I use it here.
-
Google for spam
For some time, Google have provided the option of retrieving email from your other email accounts. The aim of this is to make it easier to manage several email accounts. When this option is used, all retrieved email is filtered for spam. This can be used as a method of filtering spam, even if you don't use a Google mail account as your primary email account.
The procedure for setting this up is:
- Create a Google email account (if you don't already have one)
- Configure your Google email account to retrieve mail from your other mail account
- Reconfigure your email client to retrieve email from Google - via POP or IMAP
If you use this method, you should also use another Google mail feature which provides your "regular" email address as to "reply to" address for all retrieved email. If you don't do this, people might suddenly be confused when they start receiving email from you with an email address they don't know.
-
Firefox extensions
FIXME
This section relies on your contributions! If have some tips and tricks that you would like to be shown in the newsletter, please post them on the forums.
Focus On Package(s)
FIXME
FIXME
Bug fixes
The following table gives you a overview of activity on bugs and feature requests as at FIXME. In each cell of the table is a link to a detailed list of the relevant bugs or feature requests.
| Activity | Bugs | Feature Requests |
|---|---|---|
| Open | FIXME | FIXME |
| Opened since the last newsletter | FIXME | FIXME |
| Closed since the previous newsletter | FIXME | FIXME |
Security announcements
Remember - According to the normal support arrangements for Frugalware, the release of 0.9 ("Solaria") means that support for the previous release has ended. This means that no further security or bug fixes will be released for Frugalware 0.8 ("Kalgan").
Here is a list of security issues which have been discovered and fixed in the 0.9 release since the previous newsletter.
| FSA | Package | FSA Description | Upgrade To |
|---|---|---|---|
| FSA503 | openldap | A vulnerability has been reported in OpenLDAP, which can be exploited by malicious people to cause a DoS (Denial of Service) | openldap-2.3.43-1kalgan1 |
| FSA502 | afuse | Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths | afuse-0.2-2kalgan1 |
| FSA501 | phpbb | Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()." | phpbb-3.0.2-1kalgan1 |
| FSA500 | pidgin | Some vulnerabilities have been reported in Pidgin, which potentially can be exploited by malicious people to compromise a user's system | pidgin-2.4.3-1kalgan1 |
| FSA499 | ffmpeg | A vulnerability has been reported in FFmpeg, which potentially can be exploited by malicious people to compromise a user's system | ffmpeg-20070422-4kalgan1 |
| FSA498 | checkinstall | Two security issues have been reported in CheckInstall, which can be exploited by malicious, local users to perform certain actions with escalated privileges | checkinstall-1.6.1-2kalgan1 |
| FSA497 | byacc | Otto Moerbeck has reported the following potential out of bounds of the allocated stack access in the yacc binary. Fix an venerable bug: if we're reducing a rule that has an empty right hand side and the yacc stackpointer is pointing at the very end of the allocated stack, we end up accessing the stack out of bounds by the implicit $$ = $1 action | byacc-1.9-2kalgan1 |
| FSA496 | perl | A vulnerability has been reported in Perl, which can be exploited by malicious, local user to perform actions with escalated privileges | perl-5.10.0-4kalgan1 |
| FSA495 | bind | A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to poison the DNS cache | bind-9.4.2-3kalgan1 |
| FSA494 | wireshark | A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) | wireshark-1.0.2-1kalgan1 |
| FSA493 | drupal | A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct session fixation attacks | drupal-5.9-1kalgan1 |
| FSA492 | drupal | Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct SQL injection and script insertion attacks | drupal-5.9-1kalgan1 |
| FSA491 | phpmyadmin | Aung Khant has discovered some vulnerabilities in phpMyAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks | phpmyadmin-2.11.7.1-1kalgan1 |
| FSA490 | clamav | A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) | clamav-0.93.3-1kalgan1 |
About the newsletter
Author
The Frugalware newsletter is written and edited by Russell Dickenson (AKA phayz). Credit for the Frugalware distribution goes to the development team.
Translations
The newsletter is currently translated into French and Danish. The French translation is provided by the French Frugalware community. The Danish translation is provided by the Danish Frugalware community. Thanks to all those involved in providing and hosting these translations.
Release
To allow time for review and corrections, each newsletter is written ahead of its release date. Therefore it may not mention events which occured in the few days before its release - e.g. security fixes. To be sure that you've got the very latest information on these topics, go to the appropriate page of the Frugalware web site.
Feedback
If you have feedback about the Frugalware newsletter - whether good or bad - please provide it via the forums. Your feedback is valuable because we want the newsletter to meet the needs of Frugalware's users.
_______________________________________________ Frugalware-devel mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-devel
