Attached is newsletter issue 33. Enjoy. :) I tried to push it myself but got an error message that the remote end had hung up. :(
May you always be Frugal, Russell Dickenson (AKA phayz)
Frugalware Linux Newsletter - Issue 33
...to inform...to educate...to entertain
Who is the happiest of men? He who values the merits of others, and in their pleasure takes joy, even as though 'twere his own. Johann Wolfgang von Goethe
Welcome
The newsletter's aim is to keep you up to date with what's happened recently in the world of the Linux distribution 'Frugalware'.
Features of this issue include:
- Gnome 2.24 has arrived at repo near you
- Compiz Fusion gets more bling
- Getting To Know You - pacman-g2 and its cache
- Tips and tricks - Midnight Commander
- Focus On Package(s) - Secret Maryo Chronicles
Events
Here's a selection of events which have occurred since the previous newsletter:
-
Gnome 2.24 has arrived at repo near you
For those that don't already know, Gnome 2.24 was recently released. Highlights of the release include:
- New - Empathy instant messenger (IM) client
- New - Panel application to make it easier to track time spent on activities
- New - Sound theme support
- Ekiga 3.0 - fully-featured SIP audio/video conferencing client
- Nautilus now has a tabbed interface when browsing directories, also a compact view
- Improved accessibility
Bouleetbil has been very busy recently, packaging the latest release and its associated applications in the 'current' repository. There's a lot of work involved in packaging something as large and complex as Gnome so a big thankyou goes to Bouleetbil for his work.
-
Compiz Fusion gets more bling
Compiz Fusion version 0.7.8 was recently released, with changes including several new plugins and bug fixes.
-
Xfce 4.6 beta's packaging is underway
The Xfce development team recently released a beta of their new release - 4.6. Priyank has been busy, packaging this in a work-in-progress (WIP) repository - xfce46. Making the beta available in a separate repository allows developers and others to check for bugs. Note: only i686 packages are available because Priyank doesn't have an x86_64 computer available.
To test the release, add the following line to /etc/pacman-g2.conf, before the "Include" line for any other repository.
Include = /etc/pacman-g2/repos/xfce46And, create a file named xfce46 in /etc/pacman-g2/repos which contains the following line :
Server = http://ftp.frugalware.org/pub/other/people/priyank/xfce46/frugalware-i686Then do a
pacman -Syuofcourse :P -
And you thought Frugalware's developers were too serious :P
During a recent discussion in IRC about the graphical installer that's in development, DeX77 and vmiklos began discussing wives and girlfriends. I don't know how the discussion started, but for the record, here are their wise words:
< DeX77 > am I the only one thinking "Fwife" is a not so good name? ;) < vmiklos > i think it's a minor detail atm. but i have no idea what Fhusband will do, then :] < DeX77 > just call it Fgirlfriend for now and upgrade to wife in v 2.0 ;) < vmiklos > pf :)
Getting To Know You
In this section of the newsletter, we get to know Frugalware Linux a little at a time. This is not meant to replace the official documentation but instead present the same information in small "bites". This should suit those people who, like me, have short attention spans. :)
"What does the '-g2' in pacman-g2 mean"?
pacman-g2 was once named "pacman" - i.e. there was no "-g2" on the end of the name. At that time the version of pacman used by Frugalware was the same as that used by the Arch Linux distribution. When it became clear that the changes proposed for pacman by the Frugalware developers weren't going to be accepted by the Arch Linux developers, pacman was forked. The "-g2" suffix was added to pacman's name to make it clear that it's different to the original pacman package manager. At the command line you only have to type pacman because this has been set up as a BASH alias.
Tidy your pacman-g2 cache (oh, and your mother said "Tidy your room")
When pacman-g2 downloads a package (*.fpm) it's copied to pacman's cache folder - /var/cache/pacman-g2/pkg by default. The more packages you ask pacman-g2 to download, the more disk space is used because downloaded package files are not automatically deleted. Instead you need to tidy up pacman-g2's cache and there are two options available to help.
The command pacman-g2 -Sc will delete package files where a greater version of the package is already in the cache folder. As an example - if the files kdebase-3.5.9-1.fpm and kdebase-3.5.9-2.fpm are in the cache folder, kdebase-3.5.9-1.fpm will be deleted. You will be prompted to confirm the package deletions (unless you use the "--noconfirm" switch).
The command pacman-g2 -Scc will delete all package files in the cache folder. Take notice that this command has TWO 'c's. You will be prompted to confirm the package deletions (unless you use the "--noconfirm" switch).
Tips and tricks
Disclaimer - Be aware that the hints & tips provided here have NOT been tested and so come with no warranty.
Each of the following tips are for Midnight Commander, a text-based file manager. Even if you usually use a GUI file manager, having MC available is useful in those situations when working with a CLI is faster, or perhaps X isn't working (sigh).
-
"Transparent" mode
Imagine the scene - you've spent months tweaking your desktop until it looks better than Halle Berry, including a transparent terminal. (OK, I know nothing can quite compare, but please read on...). You want to do some file management and, because it's so light on resources, you run Midnight Commander (MC). Ugh! MC appears in all its ugly colours, making your transparent terminal look ugly. The answer is to use the "-b" switch, which makes MC appear with white text on a black background.
-
Daah, dah dah dah dah dah dah, dah dah...It's EDIT Time
The title of this hint is to be sung to the tune "U Can't Touch This" by MC Hammer. If you didn't sing along, please go back and try singing it this time. If you don't know the tune, don't Google for it because the song really wasn't that good. The man certainly had some fancy pants, though. :) If you're not already lost in my gibberish, here's the MC tip.
MC has a built-in editor which can also be used as a standalone editor. The command
mceditis a symlink to the MC executable and launches the editor. While it's not vim nor emacs (thank goodness), it has many features - including syntax highlighting. For information on features and keybindings, refer to MC's home page. Note: vim and emacs fans can send their feedback to get_a_better_editor [AT] mc.rocks.org
This section relies on your contributions! If have some tips and tricks that you would like to be shown in the newsletter, please post them on the forums.
Focus On Package(s) - by Devil505
Secret Maryo Chronicles
Secret Maryo Chronicles is a free and open source clone of the Nintendo game, Super Mario World. A new version (1.6) has just been released with new features including:
- new translations
- complete update of the level editor
- graphics improvements
The official website can be found at: http://www.secretmaryo.org
Try it !
# pacman-g2 -S smc
Hint: Don't miss the mushroom ;-)
Bug fixes
The following table gives you an overview of activity on bugs and feature requests as at 1 November 2008. In each cell of the table is a link to a detailed list of the relevant bugs or feature requests.
| Activity | Bugs | Feature Requests |
|---|---|---|
| Open | 197 | 202 |
| Opened since the last newsletter | 28 | 4 |
| Closed since the previous newsletter | 28 | 2 |
Security announcements
Remember - According to the normal support arrangements for Frugalware, the release of 0.9 ("Solaria") means that no further security or bug fixes will be released for prior Frugalware releases.
Here is a list of security issues which have been discovered and fixed in the 0.9 release since the previous newsletter, as at 18 October 2008.
| FSA | Package | FSA Description | Upgrade To |
|---|---|---|---|
| FSA546 | vlc | A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system | vlc-0.9.4-1solaria1 |
| FSA545 | proftpd | A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to conduct cross-site request forgery attacks | proftpd-1.3.1-5solaria1 |
| FSA544 | libxml2 | Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library | libxml2-2.7.2-1solaria1 |
| FSA543 | wireshark | Some vulnerabilities and a weakness have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) | wireshark-1.0.4-1solaria1 |
| FSA542 | mantis | EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system | mantis-1.1.4-1solaria1 |
| FSA541 | dovecot | Two security issues have been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions | dovecot-1.1.4-1solaria1 |
| FSA540 | mplayer | Some vulnerabilities have been reported in MPlayer, which potentially can be exploited by malicious people to compromise a user's system | mplayer-1.0rc2-7solaria1 |
| FSA539 | mediawiki | A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks | mediawiki-1.13.2-1solaria1 |
| FSA538 | django | A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks | django-1.0-1solaria1 |
| FSA537 | libpng | A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service) | libpng-1.2.32-1solaria1 |
| FSA536 | jasper | Multiple integer overflows in JasPer might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | jasper-1.900.1-3solaria1 |
| FSA535 | lighttpd | A weakness and two vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service) | lighttpd-1.4.20-1solaria1 |
| FSA534 | drupal-cck | Some vulnerabilities have been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to conduct script insertion attacks | drupal-cck-5.x_1.9-1solaria1 |
| FSA533 | wordpress | Stefan Esser has reported a vulnerability in WordPress, which can be exploited by malicious people to guess automatically generated passwords | wordpress-2.6.2-1solaria1 |
| FSA532 | drupal6 | A vulnerability has been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions | drupal6-6.5-1solaria1 |
| FSA531 | drupal | Two vulnerabilities have been reported in Drupal, which can be exploited by malicious people and users to bypass certain security restrictions | drupal-5.11-1solaria1 |
| FSA530 | wireshark | Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) | wireshark-1.0.3-1solaria1 |
| FSA529 | drupal-simplenews | A vulnerability has been reported in the Simplenews module for Drupal, which can be exploited by malicious users to conduct script insertion attacks | drupal-simplenews-5.x_1.5-1solaria1 |
| FSA528 | phpmyadmin | A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks | phpmyadmin-2.11.9.2-1solaria1 |
| FSA527 | bitlbee | A security issue has been reported in BitlBee, which can be exploited by malicious people to bypass certain security restrictions and hijack accounts | bitlbee-1.2.3-1solaria1 |
| FSA526 | phpmyadmin | Norman Hippert has reported a vulnerability in phpMyAdmin, which can be exploited by malicious users to compromise a vulnerable system | phpmyadmin-2.11.9.1-1solaria1 |
About the newsletter
Author
The Frugalware newsletter is written and edited by Russell Dickenson (AKA phayz). Credit for the Frugalware distribution goes to the development team. Thanks to Devil505 for his contribution to this issue of the article on Secret Maryo Chronicles.
Translations
The newsletter is currently translated into French and Danish. The French translation is provided by the French Frugalware community. The Danish translation is provided by the Danish Frugalware community. Thanks to all those involved in providing and hosting these translations.
Release
To allow time for review and corrections, each newsletter is written ahead of its release date. Therefore it may not mention events which occured in the few days before its release - e.g. security fixes. To be sure that you've got the very latest information on these topics, go to the appropriate page of the Frugalware web site.
Feedback
If you have feedback about the Frugalware newsletter - whether good or bad - please provide it via the forums. Your feedback is valuable because we want the newsletter to meet the needs of Frugalware's users.
_______________________________________________ Frugalware-devel mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-devel
