Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=500639669e5972ccf4e185d035d4f5523d72625b
commit 500639669e5972ccf4e185d035d4f5523d72625b Author: Russell Dickenson <[EMAIL PROTECTED]> Date: Wed Apr 30 21:16:38 2008 +1000 newsletter issue 21 diff --git a/frugalware/images/interviews/boobaa.jpg b/frugalware/images/interviews/boobaa.jpg new file mode 100755 index 0000000..a39af73 Binary files /dev/null and b/frugalware/images/interviews/boobaa.jpg differ diff --git a/frugalware/weeklynews/issue21.html b/frugalware/weeklynews/issue21.html new file mode 100755 index 0000000..e399ff9 --- /dev/null +++ b/frugalware/weeklynews/issue21.html @@ -0,0 +1,160 @@ +<h2>Table of Contents</h2> +<ul> + <li><a href="#welcome">Welcome</a></li> + <li><a href="#events">Events</a></li> + <li><a href="#interview">Frugalware's developer are people too!</a></li> + <li><a href="#tips">Tips and tricks</a></li> + <li><a href="#packages">Focus on package(s)</a></li> + <li><a href="#fixes">Bug fixes</a></li> + <li><a href="#security">Security announcements</a></li> + <li><a href="#about">About the newsletter</a></li> +</ul> + +<a name="welcome"></a> +<h2>Welcome</h2> +<p> + The newsletter's aim is to keep you up to date with what's happened recently in the world of the Linux distribution 'Frugalware'. +</p> +<p> + I apologise that, due to personal circumstances beyond my control, this issue of the newsletter is late. +</p> +<p> + Features of this issue include: + <ul> + <li>New Frugalware mirrors</li> + <li><b>MANY</b> Security fixes</li> + <li>Frugalware's developers are people too! - Boobaa</li> + <li>Focus On Package(s) - Openbox</li> + </ul> +</p> + +<a name="events"></a> +<h2>Events</h2> +<p> + Here's a selection of events which have occurred since the previous newsletter: +</p> +<ul> + <li> + <h3>New Frugalware mirrors</h3> + <p>Since the release of Frugalware 0.8, three mirrors have been created - numbers 2, 7 and 8:</p> + <ul> + <li>Number 2 - Christian Hamar (ftp/100 MBit), located in Hungary</li> + <li>Number 7 - botux.net (http/100 MBit), located in France</li> + <li>Number 8 - linux-de.org (ftp, http & rsync/100 MBit), located in Germany</li> + </ul> + <p>To ensure you have the current mirror list for pacman-g2, make sure your pacman-g2 package is up to date.</p> + </li> + <li> + <h3>Are Frugalware's mirrors up to date?</h3> + <p>Again on the topic of mirrors, it can be useful to know which mirrors are up to date and which are not. With the help of a FOSS utility named 'mirmon', VMiklos has created a <a href="http://frugalware.org/~vmiklos/stats/mirmon/";>web page</a> which details the status of all Frugalware mirrors. Pacman-g2 will automatically try each mirror in turn when downloading a package, so there's no need to manually edit the list of mirrors.</p> + </li> +</ul> + + +<a name="interview"></a> + <h2>Frugalware's developers are people too!</h2> + <p>In this feature of the newsletter, Frugalware's developers reveal a little about themselves. The aim is to show that "Frugalware's developers are people too!" I thank the developers for taking the time to answer the questions. There will be one interview per newsletter (until we run out of developers).</p> + + <h3>boobaa</h3> + <p>This issue's interview is with boobaa, whose roles in the Frugalware development team include maintaining various packages, also some server-side code. Please stand and hum the Hungarian national anthem while you read his interview.</p> + +<dl> + <dt><b>What's your name?</b></dt> + <dd>CSÃCSY László</dd> + <dt><b>What's your IRC nickname?</b></dt> + <dd>Boobaa - but I will not disclose its story in general public, if that is possible. ;)</dd> + <dt><b>In what country do you live?</b></dt> + <dd>Hungary</dd> + <dt><b>In what country were you born?</b></dt> + <dd>Hungary</dd> + <dt><b>What do you like the most about where you live?</b></dt> + <dd>If you mean the country, my answer is that I was born here, and I can buy a bread anywhere if I ask for it in Hungarian. If you mean some smaller area, eg. the town, the answer is the friends: we can rely on each other, and there are topics and times when we really do so.</dd> + <dt><b>What do you do for the Frugalware project?</b></dt> + <dd>I maintain some packages (some games, some server-side stuff and others), and I share my ideas with those who can implement them. This means some algorithms I have learnt at school, but cannot code by myself, for example, or some not-worth-mentioning smallish things.</dd> + <dt><b>What motivates you to work on Frugalware?</b></dt> + <dd>It may sound weird from an IT guy but I think that adding my skills to a FOSS project can be a way of serving my Savior, the Living God: He was the one who gave me the opportunity to use open-source software freely (both as a bird and as a beer) as well as to give back some tiny bits of the knowledge He gave me. To be honest there are other, more easily comprehensible reasons as well: it is easier to rely on stuff that I am allowed to bend if I need to - and I really like the fact that Frugalware stuff is so easy to blend to suit my needs.</dd> + <dt><b>What do you do when you're not working on Frugalware?</b></dt> + <dd>I have a family of two sons and one :) wife; we like going out. I play football with my friends every week, but if I had to pick my most favourite "sport", I would choose geocaching. I cannot live without reading as well, and it does not matter what I read: from Star Wars novels to some 19th century Hungarian writers, from Harry Potter in English to ingredients of the washing powder... I like taking photographs, too - I am running kind of a photoblog at http://csecsy.hu (in Hungarian).</dd> + <dt><b>What's the view from your front door?</b></dt> + <dd>As I live in a block house it would not tell you anything, so I have attached a shot made from the balcony instead. Those flowers are only a week old. ;) Step out on the balcony and <a href="http://frugalware.org/images/interviews/boobaa.jpg";>have a look.</a> +</dd> +</dl> + + +<a name="tips"></a> + <h2>Tips and tricks</h2> + <b>Disclaimer</b> - Be aware that the hints & tips provided here have NOT been tested and so come with no warranty. +<ul> + <li> + <h3>Where is that package? - submitted by 'phayz'</h3> + <p>If you're looking for a package to meet a specific need, try searching for it via the 'Package search' function on the Frugalware web site. For example, if you're looking for a PDF viewer, you might be best to enter "pdf" in the description field.</p> + </li> +</ul> + <p>This section relies on your contributions! If have some tips and tricks that you would like to be shown in the newsletter, <b><u><i>please</i></u></b> post them on the forums in the Tips and Tricks section!</p> + + +<a name="packages"</a> +<h2>Focus On Package(s)</h2> + + <h3>Openbox</h3> + <p>According to its official web site, "Openbox is a highly configurable, next generation window manager with extensive standards support." As the description states, Openbox is a window manager, not a desktop environment, and it's important to understand the difference. It prides itself on being light on resource usage and compliant with the freedesktop standards. It's a little easier to configure when compared with similar window managers, such as IceWM, Fluxbox etc because a GUI configuration tool, also a menu configuration tool are available. Another interesting feature is that it can fit easily into desktop environments - Gnome, KDE, XFCE - as a replacement for the native window manager. With this option you have the best of both worlds. The documentation on the Openbox web site is very good, explaining how to tweak it for maximum productivity. Why not try it and see for yourself if it suits you. Be sure you have enough disk space though, because the Frugalw are package requires an enourmous 1.25 Mb disk space when installed. :)</p> + + +<a name="fixes"></a> +<h2>Bug fixes</h2> + +<p> + A list of bugs closed since the previous newsletter is available <a href="http://bugs.frugalware.org/index.php?string=&project=1&type%5B%5D=&sev%5B%5D=&pri%5B%5D=&due%5B%5D=&reported%5B%5D=&cat%5B%5D=&status%5B%5D=closed&percent%5B%5D=&opened=&dev=&closed=&duedatefrom=&duedateto=&changedfrom=&changedto=&openedfrom=&openedto=&closedfrom=2008-04-08&closedto=&do=index&submit=";>here</a>. +</p> + + +<a name="security"></a> +<h2>Security announcements</h2> +<p> + <b>Remember</b> - According to the normal support arrangements for Frugalware, the release of 0.8 ("Kalgan") means that support for the previous release has ended. This means that no further security or bug fixes will be released for Frugalware 0.7 ("Sayshell"). +</p> + +<p> + Here is a list of <a href="/security">security issues</a> which have been discovered and fixed in the 0.8 release since the previous newsletter. +</p> +<ul> + <li>FSA436 - phpmyadmin: A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious users to disclose sensitive information. Please upgrade to phpmyadmin-2.11.5.2-1kalgan1.</li> + <li>FSA435 - openssh: A weakness has been reported in OpenSSH, which can be exploited by malicious, local users to bypass certain security restrictions. Please upgrade to openssh-4.7p1-4kalgan2.</li> + <li>FSA434 - libpng: Tavis Ormandy has reported a vulnerability in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library. Please upgrade to libpng-1.2.24-2kalgan1.</li> + <li>FSA433 - cups: Thomas Pollet has reported a vulnerability in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. Please upgrade to cups-1.3.6-2kalgan2.</li> + <li>FSA432 - clamav: Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to bypass certain security restrictions, to cause a DoS (Denial of Service), or to compromise a vulnerable system. Please upgrade to clamav-0.93-1kalgan1.</li> + <li>FSA431 - firefox: A vulnerability has been reported in Mozilla Firefox, which can potentially be exploited by malicious people to compromise a user's system. Please upgrade to firefox-2.0.0.14-1kalgan1.</li> + <li>FSA430 - sweep: A vulnerability has been reported in sweep, which can potentially be exploited by malicious people to compromise a vulnerable system. Please upgrade to sweep-0.9.2-3kalgan1.</li> + <li>FSA429 - vlc: A vulnerability has been reported in vlc, which can potentially be exploited by malicious people to compromise a vulnerable system. Please upgrade to vlc-0.8.6-12kalgan2.</li> + <li>FSA428 - sdl_sound: A vulnerability has been reported in sdl_sound, which can potentially be exploited by malicious people to compromise a vulnerable system. Please upgrade to sdl_sound-1.0.1-5kalgan1.</li> + <li>FSA427 - gst-plugins-good: A vulnerability has been reported in gst-plugins-good, which can potentially be exploited by malicious people to compromise a vulnerable system. Please upgrade to gst-plugins-good-0.10.7-2kalgan1.</li> + <li>FSA426 - speex: The reference speex decoder from the Speex library is performing insufficient boundary checks on a header structure read from user input. Please upgrade to speex-1.2beta3-2kalgan1.</li> + <li>FSA425 - mailman: A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Please upgrade to mailman-2.1.9-3kalgan1.</li> + <li>FSA424 - comix: A vulnerability has been reported in Comix, which can be exploited by malicious people to compromise a user's sytem. Please upgrade to comix-3.6.4-2kalgan1.</li> + <li>FSA423 - emacs: Steve Grubb discovered that vcdiff script as shipped with Emacs uses temporary files insecurely, which makes it possible for local attacker to conduct a symlink attack and make the victim overwrite arbitrary file.. Please upgrade to emacs-22.1-3kalgan1.</li> + <li>FSA422 - vlc: Some vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. Please upgrade to vlc-0.8.6-12kalgan1.</li> + <li>FSA421 - sdlimage: Two vulnerabilities have been reported in SDL_image, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Please upgrade to sdlimage-1.2.6-2kalgan1.</li> + <li>FSA420 - flashplugin: Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system. Please upgrade to flashplugin-9.0.124.0-1kalgan1.</li> + <li>FSA419 - gnome-screensaver: A weakness and a security issue have been reported in gnome-screensaver, which can be exploited by malicious people with physical access to disclose potentially sensitive information or bypass certain security restrictions. Please upgrade to gnome-screensaver-2.20.0-2kalgan1.</li> + <li>FSA418 - mtr: David Leadbeater has reported a vulnerability in mtr, which can be exploited by malicious people to cause a DoS (Denial of Service). Please upgrade to mtr-0.73-1kalgan1.</li> + <li>FSA417 - xine-lib: Luigi Auriemma has reported some vulnerabilities in xine-lib, which potentially can be exploited by malicious people to compromise a user's system. Please upgrade to xine-lib-1.1.11-1kalgan2.</li> + <li>FSA416 - pdns-recursor: Amit Klein has reported a vulnerability in PowerDNS Recursor, which can be exploited by malicious people to poison the DNS cache. Please upgrade to pdns-recursor-3.1.5-1kalgan1.</li> + <li>FSA415 - m4: A vulnerability and a security issue have been reported in GNU M4, which can be exploited by malicious people to manipulate certain data or to potentially compromise a user's system. Please upgrade to m4-1.4.10-2kalgan1.</li> + <li>FSA414 - lighttpd: A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). Please upgrade to lighttpd-1.4.19-1kalgan2.</li> + <li>FSA413 - python: David Remahl has discovered a security issue in the imageop module for Python, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Please upgrade to python-2.5.2-2kalgan1.</li> + <li>FSA412 - cups: Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Please upgrade to cups-1.3.6-2kalgan1.</li> + <li>FSA411 - opera: Some vulnerabilities have been reported in Opera, which potentially can be exploited by malicious people to compromise a user's system. Please upgrade to opera-9.27-1kalgan1.</li> + <li>FSA410 - gnupg2: A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system. Please upgrade to gnupg2-2.0.9-1kalgan1.</li> + <li>FSA409 - gnupg: A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system. Please upgrade to gnupg-1.4.9-1kalgan1.</li> +</ul> + +<a name="about"></a> +<h2>About the newsletter</h2> + <h3>Author</h3> + <p>The Frugalware newsletter is written by Russell Dickenson (AKA phayz). Credit for the Frugalware distribution goes to the development team.</p> + <h3>Translations</h3> + <p>The newsletter is currently translated into French and Danish. The <a href="http://frugalware-fr.tuxfamily.org/forums/index.php?board=34.0";>French translation</a> is provided by the French Frugalware community. The <a href="http://frugalware.dk/?cat=5";>Danish translation</a> is provided by the Danish Frugalware community. Thanks to all those involved in providing and hosting these translations.</p> + <h3>Release</h3> + <p>To allow time for review and corrections, each newsletter is written ahead of its release date. Therefore it may not mention events which occured in the few days before its release - e.g. security fixes. To be sure that you've got the very latest information on these topics, go to the appropriate page of the Frugalware web site.</p> + <h3>Feedback</h3> + <p>If you have feedback about the Frugalware newsletter - whether good or bad - please provide it via the forums. Your feedback is valuable because we want the newsletter to meet the needs of Frugalware's users.</p> diff --git a/frugalware/xml/news.xml b/frugalware/xml/news.xml index 03c153f..480f8a4 100644 --- a/frugalware/xml/news.xml +++ b/frugalware/xml/news.xml @@ -19,6 +19,25 @@ Example: Mon, 07 Aug 2006 12:34:56 -0600 --> <news> <post> + <id>96</id> + <title>Frugalware Newsletter Issue 22</title> + <date>Wed, 30 Apr 2008 21:08:56 +1000</date> + <author>phayz</author> + <hidden>0</hidden> + <content><![CDATA[ + The newsletter's aim is to keep you up to date with what's happened recently in the world of Frugalware.<br /> + Features of this issue include: + <ul> + <li>New Frugalware mirrors</li> + <li><b>MANY</b> Security fixes</li> + <li>Frugalware's developers are people too! - Boobaa</li> + <li>Focus On Package(s) - Openbox</li> + </ul> + You can read it <a href="/newsletter/21">here</a>. We hope you like it! + ]]> + </content> + </post> + <post> <id>95</id> <title>Frugalware Newsletter Issue 20</title> <date>Tue, 08 Apr 2008 22:10:18 +1000</date> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
![http://frugalware.org/images/interviews/boobaa.jpg"](http://frugalware.org/images/interviews/boobaa.jpg"){kind=link}