Lector de Feeds

Publication date: 06 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-35368 Description FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. (CVE-2024-35368) References

• https://bugs.mageia.org/show_bug.cgi?id=34066
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZB33CK26BY2QPYGREWH7HHWHPSLGY4DI/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35368

SRPMS 9/core

• ffmpeg-5.1.6-1.4.mga9

9/tainted

• ffmpeg-5.1.6-1.4.mga9.tainted

‎A way forward: Improve clarity, fix typo

← Older revision Revision as of 17:35, 6 March 2025 Line 71: Line 71:  Overview: Overview:    −# Developer builds a package SRPM containing all application source code as well as any unpackaged dependency source code for an application (i.e. vendoring it), including a SBOM+# Developer builds a package SRPM containing all application source code as well as any unpackaged dependency source code needed by the application (i.e. vendoring it), including a SBOM for those dependencies −# The build system adds packaged dependencies to the SBOM+# The build system uses only locally-available source to build (as always) and adds a reference to the main source(s) to the SBOM, for completeness −# For interpreted languages, the build system puts any vendored code into a filesystem location specific to the application+# For interpreted languages, the build system puts any vendored code into a filesystem location specific to the application in the final RPM  # The build system stores the SBOM at the end of the build into a central repository # The build system stores the SBOM at the end of the build into a central repository  # A security scanner periodically scans all SBOMs to look for dependencies that have reported security vulnerabilities # A security scanner periodically scans all SBOMs to look for dependencies that have reported security vulnerabilities Line 81: Line 81:  SBOMs will be stored in the [https://spdx.dev/ SPDX] format. SBOMs will be stored in the [https://spdx.dev/ SPDX] format.    −Security updates are assumed to consist of upgrading to a new upstream release. Those that require patching a dependency complicates this flow, since the same patch must then be applied to each vendored instance of that dependency. If an unpackaged dependency needs a local patch instead of an upgrade, then we could implement a policy that the dependency much be first be packaged before rebuilds are performed, with that new package added as a dependency to any application that needs it before rebuilding. That avoids carrying the identical patch around in many packages.+Security updates are assumed to consist of upgrading to a new upstream release. Those that require patching a dependency complicates this flow, since the same patch must then be applied to each vendored instance of that dependency. If an unpackaged dependency needs a local patch instead of an upgrade, then we could implement a policy that the dependency must be first be packaged before rebuilds are performed, with that new package added as a dependency to any application that needs it before rebuilding. That avoids carrying the identical patch around in many packages.     A script will be created to take care of the bulk of step 1 for the developer. It would scan the application source code to find out what dependencies are needed, then exclude any dependencies already supplied by packages in ''BuildRequires:'' leaving a list of outstanding ones. These would be downloaded using the language's normal package download mechanism and installed into a private temporary location. All these would then be archived into a compressed tarball along with an SBOM containing all the packaged dependency names and versions and stored in the ''SOURCES/'' directory under a standard name (maybe ''dependencies.tar.xz'').  This file would then be added to ''sha1.lst'' and uploaded to ''binrepo''. This could all be integrated into a ''mgarepo'' subcommand. ''TODO: who is responsible for ensuring that the licenses of all the dependencies are allowed, compatible and that the License: line in the .spec file matches?'' A script will be created to take care of the bulk of step 1 for the developer. It would scan the application source code to find out what dependencies are needed, then exclude any dependencies already supplied by packages in ''BuildRequires:'' leaving a list of outstanding ones. These would be downloaded using the language's normal package download mechanism and installed into a private temporary location. All these would then be archived into a compressed tarball along with an SBOM containing all the packaged dependency names and versions and stored in the ''SOURCES/'' directory under a standard name (maybe ''dependencies.tar.xz'').  This file would then be added to ''sha1.lst'' and uploaded to ''binrepo''. This could all be integrated into a ''mgarepo'' subcommand. ''TODO: who is responsible for ensuring that the licenses of all the dependencies are allowed, compatible and that the License: line in the .spec file matches?'' Danf

zekemx

← Older revision Revision as of 14:39, 5 March 2025 Line 227: Line 227:  | joselp || papoteur,mokraemer || {{yes|Done}} ||  || {{yes|Done}} ||  ||  ||  ||  ||  || photomontage ||   | joselp || papoteur,mokraemer || {{yes|Done}} ||  || {{yes|Done}} ||  ||  ||  ||  ||  || photomontage ||    |- |- −| zekemx || kekepower || {{yes|Done}} ||  || ||  ||  || 1. conky ||  ||  || displaylink ||+| zekemx || kekepower || {{yes|Done}} ||  || ||  ||  || 1. conky ||  ||  || displaylink<br>new-lg4ff<br>oversteer ||  |} |}    Papoteur

Nocomprendo

← Older revision Revision as of 08:45, 5 March 2025 Line 344: Line 344:     Knotes has been replaced by Marknote. This one include a path for [https://blogs.kde.org/2024/06/28/marknote-1.3/#switching-to-marknote importing the notes]. Knotes has been replaced by Marknote. This one include a path for [https://blogs.kde.org/2024/06/28/marknote-1.3/#switching-to-marknote importing the notes].  +  +NoComprendo is a tools for voice recognition, including control of the desktop and dictation. It now uses Vosk libraries and models.     === Internet apps === === Internet apps === Papoteur

‎Games: Link to list needs to get fixed!

← Older revision Revision as of 12:45, 4 March 2025 (One intermediate revision by the same user not shown)Line 287: Line 287:  ==== LXDE ==== ==== LXDE ====    −The very lightweight GTK+3-based desktop environment is still available and continues to receive improvements from upstream and our Mageia maintainer, even though its community has partly refocused on LXQt.  Starting with Mageia 10, LXDE migrated from GTK+2 to GTK+3.  LXDE cannot use PipeWire as sound server, only PulseAudio. Now Srain is the IRC client installed instead of Hexchat.+This very lightweight GTK+3-based desktop environment is still available and continues to receive improvements from upstream and our Mageia maintainer, even though its community has partly refocused on LXQt.  Starting with Mageia 10, LXDE migrated from GTK+2 to GTK+3.  LXDE cannot use PipeWire as sound server, only PulseAudio. Now Srain is the IRC client installed instead of Hexchat.     LXDE can be installed from the Classical DVD ISO (traditional installer). LXDE can be installed from the Classical DVD ISO (traditional installer). Line 365: Line 365:  === Games === === Games ===    −In the Mageia community, our love for free software extends to open source games. A huge effort has been made during the Mageia 10 release cycle to package many new games, making Mageia 10 a very good platform for intensive and casual gamers alike. You can check the Mageia App DB to see a list of [https://madb.mageia.org/package/comparison/release/9/withrelease/10/group/78%2C20%2C64%2C10%2C30%2C46%2C109%2C138%2C74%2C1 all the new and updated games in Mageia 10]. <!--The following section will only give some cherry-picked examples for each game category.--> Also see [[Ways_to_install_programs#Game_environments_.28and_some_apps_too.29|Game environments]].+In the Mageia community, our love for free software extends to open source games. A huge effort has been made during the Mageia 10 release cycle to package many new games, making Mageia 10 a very good platform for intensive and casual gamers alike. You can check the Mageia App DB to see a list of [https://madb.mageia.org/package/comparison/release/9/withrelease/10/group/78%2C20%2C64%2C10%2C30%2C46%2C109%2C138%2C74%2C1 '''(FIXME!)''' all the new and updated games in Mageia 10]. <!--The following section will only give some cherry-picked examples for each game category.--> Also see [[Ways_to_install_programs#Game_environments_.28and_some_apps_too.29|Game environments]].     === Education === === Education === Morgano

‎LXDE

← Older revision Revision as of 10:24, 4 March 2025 Line 287: Line 287:  ==== LXDE ==== ==== LXDE ====    −The very lightweight GTK+3-based desktop environment is still available and continues to receive improvements from upstream and our Mageia maintainer, even though its community has partly refocused on LXQt.  Starting with Mageia 10, LXDE migrated from GTK+2 to GTK+3.  LXDE cannot use PipeWire as sound server, only PulseAudio.+The very lightweight GTK+3-based desktop environment is still available and continues to receive improvements from upstream and our Mageia maintainer, even though its community has partly refocused on LXQt.  Starting with Mageia 10, LXDE migrated from GTK+2 to GTK+3.  LXDE cannot use PipeWire as sound server, only PulseAudio. Now Srain is the IRC client installed instead of Hexchat.     LXDE can be installed from the Classical DVD ISO (traditional installer). LXDE can be installed from the Classical DVD ISO (traditional installer). Papoteur

Publication date: 03 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-26594 , CVE-2025-26595 , CVE-2025-26596 , CVE-2025-26597 , CVE-2025-26598 , CVE-2025-26599 , CVE-2025-26600 , CVE-2025-26601 Description Use-after-free of the root cursor. (CVE-2025-26594) Buffer overflow in XkbVModMaskText(). (CVE-2025-26595) Heap overflow in XkbWriteKeySyms(). (CVE-2025-26596) Buffer overflow in XkbChangeTypesOfKey(). (CVE-2025-26597) Out-of-bounds write in CreatePointerBarrierClient(). (CVE-2025-26598) Use of uninitialized pointer in compRedirectWindow(). (CVE-2025-26599) Use-after-free in PlayReleasedEvents(). (CVE-2025-26600) Use-after-free in SyncInitTrigger(). (CVE-2025-26601) References

• https://bugs.mageia.org/show_bug.cgi?id=34052
• https://www.openwall.com/lists/oss-security/2025/02/25/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26594
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26595
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26596
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26597
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26598
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26599
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26600
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26601

SRPMS 9/core

• x11-server-21.1.8-7.7.mga9
• x11-server-xwayland-22.1.9-1.7.mga9
• tigervnc-1.13.1-2.7.mga9

added english to multilanguage banner

← Older revision Revision as of 14:40, 3 March 2025 Line 1: Line 1: −{{Multi language banner-pt-BR| [[Distrobox-pt-BR|português brasileiro]] ;}}+{{Multi language banner-pt-BR| [[Distrobox|English]] ; [[Distrobox-pt-BR|português brasileiro]] ;}}     '''O que é Distrobox?'''<br> '''O que é Distrobox?'''<br> Sturmvogel

correct use of command template to include | sign

← Older revision Revision as of 14:39, 3 March 2025 Line 12: Line 12:     To install, simply type the following command in the terminal: To install, simply type the following command in the terminal: −{{code|curl -s https://raw.githubusercontent.com/89luca89/distrobox/main/install | sudo sh}}+   +{{code|curl -s https://raw.githubusercontent.com/89luca89/distrobox/main/install {{!}} sudo sh}}     or if you haven't set up your user to allow sudo or if you haven't set up your user to allow sudo     {{code|su -<br/> {{code|su -<br/> −curl -s https://raw.githubusercontent.com/89luca89/distrobox/main/install | sh }}+curl -s https://raw.githubusercontent.com/89luca89/distrobox/main/install {{!}} sh }}     You must have a container environment installed in order for Distrobox to work, so either docker or podman (both available from MCC) You must have a container environment installed in order for Distrobox to work, so either docker or podman (both available from MCC) Sturmvogel

Adding headers + Adjusting header level per Mageia standard (top is two "=") + minor adjustments

← Older revision Revision as of 13:54, 3 March 2025 Line 1: Line 1: −= Distrobox =+[[Category:Documentation]]  +[[Category:Howtos]]  +[[Category:Installing]]    −== What is Distrobox? ==+{{multi_language_banner|[[Distrobox|English]] ; [[Distrobox-pt-BR|Português (Brasil)]] }} −Distrobox is a powerful tool for Linux users who want to use or try out different distributions without having to reboot the system or create virtual machines. It allows you to create containers from different Linux distributions and integrate them into your host system, offering an almost native experience.+   +{{introduction|Distrobox is a powerful tool for Linux users who want to use or try out different distributions without having to reboot the system or create virtual machines. It allows you to create containers from different Linux distributions and integrate them into your host system, offering an almost native experience.}}  +   +== How to install ==    −== How to install it? ==   At present, Distrobox is not available as a Mageia package. However, it is straightforward to install. At present, Distrobox is not available as a Mageia package. However, it is straightforward to install.    Line 18: Line 22:     == How does it work? == == How does it work? ==  +  Distrobox uses containerization technologies such as Podman or Docker to create isolated environments. However, it goes further, sharing resources from the host system with these containers, such as: Distrobox uses containerization technologies such as Podman or Docker to create isolated environments. However, it goes further, sharing resources from the host system with these containers, such as:    Line 51: Line 56:  * distrobox-host-exec: Executes commands on the host from within a container. * distrobox-host-exec: Executes commands on the host from within a container.    −= Basic example (Distro testing) =+== Basic example (Distro testing) ==  +   To create a container with the Arch Linux distribution and enter it: To create a container with the Arch Linux distribution and enter it:    Line 57: Line 63:  distrobox-enter archlinux }} distrobox-enter archlinux }}    −= Non-native package example (Amazon Workspaces client) =+== Non-native package example (Amazon Workspaces client) ==  +   {{code|distrobox create --image ubuntu:22.04 --name ubuntu <br/> {{code|distrobox create --image ubuntu:22.04 --name ubuntu <br/>  distrobox enter ubuntu <br/> distrobox enter ubuntu <br/> Line 63: Line 70:  wget https://d3nt0h4h6pmmc4.cloudfront.net/new_workspacesclient_jammy_amd64.deb <br/> wget https://d3nt0h4h6pmmc4.cloudfront.net/new_workspacesclient_jammy_amd64.deb <br/>  sudo apt install ./new_workspacesclient_jammy_amd64.deb -y <br/> sudo apt install ./new_workspacesclient_jammy_amd64.deb -y <br/> −distrobox-export --app workspacesclient <br/> }}+distrobox-export --app workspacesclient }}     +== Further reading ==    −For more information, see the official documentation: [https://distrobox.it/#distrobox]+Official documentation: [https://distrobox.it/#distrobox]    −This Wiki page is based off [[Distrobox-pt-BR|Brazilian Portugese version]]+This Wiki page is based on [[Distrobox-pt-BR|Brazilian Portugese version]] Morgano

← Older revision Revision as of 13:40, 3 March 2025 Line 7: Line 7:  [[User:Morgano|morgano]] ([[User talk:Morgano|talk]]) 20:34, 2 March 2025 (UTC) [[User:Morgano|morgano]] ([[User talk:Morgano|talk]]) 20:34, 2 March 2025 (UTC)     +--     It seems that the editor did not even check the wiki before creating this stub. All possibilities are already mentioned in [[Ways_to_install_programs]] Distrobox can be linked. So this stub needs to be deleted… It seems that the editor did not even check the wiki before creating this stub. All possibilities are already mentioned in [[Ways_to_install_programs]] Distrobox can be linked. So this stub needs to be deleted…  [[User:Sturmvogel|sturmvogel]] ([[User talk:Sturmvogel|talk]]) [[User:Sturmvogel|sturmvogel]] ([[User talk:Sturmvogel|talk]])  +  +--  +  +Short intro of Distrobox now at https://wiki.mageia.org/en/Ways_to_install_programs#Distrobox, linking to [[Distrobox]].  +  +Thank you for that page, Mailedfist, presenting yet another way to use "foreign" programs in Mageia.  :-)  +  +[[User:Morgano|morgano]] ([[User talk:Morgano|talk]]) 13:40, 3 March 2025 (UTC) Morgano

‎Containers: + Distrobox, link to our wiki page on it.

← Older revision Revision as of 13:36, 3 March 2025 Line 355: Line 355:     Docker use a client-server architecture, while Podman use a daemonless architecture. Docker use a client-server architecture, while Podman use a daemonless architecture.  +  +=== Distrobox ===  +  +Using [[Distrobox]] you create containers from different Linux distributions and integrate them into your host system, offering an almost native experience. This way you can use software intended for any Linux distro.     == Virtualised hardware == == Virtualised hardware == Morgano

Sturmvogel moved page Talk:Software with no package for Mageia to Talk:Archive:Software with no package for Mageia Obsolete and slready included in other wiki article

New page

Hi

I think this page could be integrated into [[Ways_to_install_programs]]

Best Regards /Morgan

[[User:Morgano|morgano]] ([[User talk:Morgano|talk]]) 20:34, 2 March 2025 (UTC)


It seems that the editor did not even check the wiki before creating this stub. All possibilities are already mentioned in [[Ways_to_install_programs]] Distrobox can be linked. So this stub needs to be deleted…
[[User:Sturmvogel|sturmvogel]] ([[User talk:Sturmvogel|talk]]) Sturmvogel

Sturmvogel moved page Software with no package for Mageia to Archive:Software with no package for Mageia Obsolete and slready included in other wiki article

New page

= Software with no package for Mageia =

Sometimes we will want to use software for which there is at present no package for Mageia.

If the software in question is available in an rpm package, <some name>.rpm, for AlamaLinux, CentOS Stream, Fedora, Rocky, etc then it '''may''' be possible to install using the Mageia Software Installer or command line tools. However, often it is the case that needed dependencies are not available in Mageia. If the software we want is only available as a .deb package, <some name>.deb, then we cannot install it directly.

So, what can we do?

We have a number of options:

*[[Distrobox]] (not yet packaged but follow Wiki link) allows use of software intended for any Linux distro
*Alien (available from MCC) allows installation of Debian and Slackware packages
*Virtual Machine - QEMU (available from MCC) or VirtualBox (available from MCC) can be used to create a Virtual Machine for any operating system on which the software you want to use can be executed.
*WINE (available from MCC) - allows some Microsoft Windows&trade; programs to run in a Linux environment. This Wiki author has had limited success with WINE and has typically had to use a Virtal Machine (with Windows&trade; licence) Sturmvogel