Lector de Feeds

‎deb to rpm

← Older revision Revision as of 03:44, 14 May 2025 (One intermediate revision by the same user not shown)Line 93: Line 93:  {{code|mkdir -p BUILDROOT/schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.x86_64}} {{code|mkdir -p BUILDROOT/schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.x86_64}}    −Move the folder that not belong to rpm build '''(BUILD,BUILDROOT,SRPMS)''' to {{folder|BUILDROOT/schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.x86_64}}+Move the folder(s) that not belong to rpm build '''(BUILD,BUILDROOT,SRPMS)''' to {{folder|BUILDROOT/schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.x86_64}}     In this case, {{folder|opt}} and {{folder|usr}}. In this case, {{folder|opt}} and {{folder|usr}}.    −Return if needed to {{folder ~/tmp/schildichat-desktop-alpha-1.11.97~sc.0.test.0}}+Return if needed to {{folder|~/tmp/schildichat-desktop-alpha-1.11.97~sc.0.test.0}}     Run again Run again Katnatek

Created page with "{{introduction|{{prog|alien}} is a program that converts between Red Hat rpm, Debian deb, Stampede slp, Slackware tgz, and Solaris pkg file formats. If you want to use..."

New page

{{introduction|{{prog|alien}} is a program that converts between Red Hat rpm, Debian deb, Stampede slp, Slackware tgz, and Solaris pkg file
formats. If you want to use a package from another linux distribution than the one you have installed on your system, you
can use alien to convert it to your preferred package format and install it. It also supports LSB packages.}}

This page will cover how to troubleshoot conversions that not ends successful.

== Considerations ==
I will work from {{folder|~/tmp}} folder, in this place I store the .rpm and .deb files used in the examples.
You can work from other folder.

{{prog|fakeroot}} command before alien allows to use alien without root permissions.

== '''rpm to deb''' ==
This was not working out of the box since mageia 8 times {{bug|28607}}, but now in mageia 9 and beyond with the updated packages we can at less provide a procedure that allows to perform the operation.

This conversion can fail like this

{{output|fakeroot alien --to-deb mc-4.8.29-1.mga9.x86_64.rpm}}
{{withbr|<nowiki>Package build failed. Here's the log:
dh binary
dh_update_autotools_config
dh_autoreconf
create-stamp debian/debhelper-build-stamp
dh_testroot
dh_prep
debian/rules override_dh_auto_install
make[1]: Entering directory '/home/katnatek/tmp/mc-4.8.29'
mkdir -p debian/mc
# Copy the packages's files.
find . -maxdepth 1 -mindepth 1 -not -name debian -print0 | \
sed -e s#'./'##g | \
xargs -0 -r -i cp -a ./{} debian/mc/{}
make[1]: Leaving directory '/home/katnatek/tmp/mc-4.8.29'
dh_installdocs
dh_installchangelogs
dh_installman
dh_installman: error: mv debian/mc/usr/share/man/es/man1/mc.1.xz.dh-new debian/mc/usr/share/man/es/man1/mc.1.xz: No such file or directory
dh_installman: error: Aborting due to earlier error
make: *** [debian/rules:7: binary] Error 25</nowiki>}}{{Stop}}

'''Solution:''' <br />
{{output|fakeroot alien --to-deb mc-4.8.29-1.mga9.x86_64.rpm -s}}
{{withbr|<nowiki>Directory mc-4.8.29 prepared.</nowiki>}}{{Stop}}

Edit the file {{file|mc-4.8.29/debian/rules}}

Add this after the line 26: {{code|override_dh_installman:}} ,and save the change.

{{code|cd mc-4.8.29}}

{{code|fakeroot dh binary}}

At the end of the process, you will see something like this:
{{pre|<nowiki>dpkg-gencontrol: warning: Depends field of package mc: substitution variable ${shlibs:Depends} used, but is not defined
dpkg-gencontrol: warning: package mc: substitution variable ${perl:Depends} unused, but is defined
dh_md5sums
dh_builddeb
dpkg-deb: building package 'mc' in '../mc_4.8.29-2_amd64.deb'.</nowiki>}}

== '''deb to rpm''' ==

This procedure usually works out of the box like with this deb from debian:

{{code|fakeroot alien --to-rpm bash_5.2.15-2+b7_amd64.deb}}

But some deb files can fail.

{{output|fakeroot alien --to-rpm schildichat-desktop-alpha_1.11.97-sc.0.test.0_amd64.deb}}
{{withbr|<nowiki>Warning: Skipping conversion of scripts in package schildichat-desktop-alpha: postinst postrm
Warning: Use the --scripts parameter to include the scripts.
Package build failed. Here's the log of the command (cd schildichat-desktop-alpha-1.11.97~sc.0.test.0; rpmbuild --buildroot='/home/katnatek/tmp/schildichat-desktop-alpha-1.11.97~sc.0.test.0' -bb --target x86_64 'schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.spec'):
error: line 5: Empty tag: Summary:
Building target platforms: x86_64
Building for target x86_64</nowiki>}}{{Stop}}

'''Solution:''' <br />

{{output|fakeroot alien --to-rpm schildichat-desktop-alpha_1.11.97-sc.0.test.0_amd64.deb -s}}
{{withbr|<nowiki>Warning: Skipping conversion of scripts in package schildichat-desktop-alpha: postinst postrm
Warning: Use the --scripts parameter to include the scripts.
Directory schildichat-desktop-alpha-1.11.97~sc.0.test.0 prepared.</nowiki>}}{{Stop}}

{{code|cd schildichat-desktop-alpha-1.11.97~sc.0.test.0}}

Edit the spec file, put some information in summary, save the change.

{{code|<nowiki>rpmbuild -bb schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.spec --define "_topdir $(pwd)"</nowiki>}}

This will produce lot of errors like:

{{pre|File not found: /home/user/tmp/schildichat-desktop-alpha-1.11.97~sc.0.test.0/BUILDROOT/schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.x86_64/opt/SchildiChatAlpha/v8_context_snapshot.bin}}

{{code|mkdir -p BUILDROOT/schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.x86_64}}

Move the folder that not belong to rpm build '''(BUILD,BUILDROOT,SRPMS)''' to {{folder|BUILDROOT/schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.x86_64}}

In this case, {{folder|opt}} and {{folder|usr}}.

Return if needed to {{folder ~/tmp/schildichat-desktop-alpha-1.11.97~sc.0.test.0}}

Run again

{{code|<nowiki>rpmbuild -bb schildichat-desktop-alpha-1.11.97~sc.0.test.0-2.spec --define "_topdir $(pwd)"</nowiki>}}

{{note|The deb to rpm case as you see is the complex to fix by hand as we have to learn and adapt the steps for each conversion.
The key is the folder BUILDROOT and the string between the first next "/" and the second "/".}} Katnatek

Publication date: 13 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-21587 , CVE-2025-30691 , CVE-2025-30698 Description Better TLS connection support. (CVE-2025-21587) Improve compiler transformations. (CVE-2025-30691) Enhance Buffered Image handling. (CVE-2025-30698) The updated timezone data are needed by the new Java packages. References

• https://bugs.mageia.org/show_bug.cgi?id=34206
• https://access.redhat.com/errata/RHSA-2025:3845
• https://access.redhat.com/errata/RHSA-2025:3850
• https://access.redhat.com/errata/RHSA-2025:3853
• https://access.redhat.com/errata/RHSA-2025:3856
• https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixJAVA
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21587
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30691
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30698

SRPMS 9/core

• timezone-2025a-1.mga9
• java-1.8.0-openjdk-1.8.0.452.b09-1.mga9
• java-11-openjdk-11.0.27.0.6-1.mga9
• java-17-openjdk-17.0.15.0.6-1.mga9
• java-latest-openjdk-24.0.1.0.9-1.rolling.1.mga9

Publication date: 13 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4207 Description PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation. (CVE-2025-4207) References

• https://bugs.mageia.org/show_bug.cgi?id=34265
• https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4207

SRPMS 9/core

• postgresql15-15.13-1.mga9
• postgresql13-13.21-1.mga9

Publication date: 12 May 2025
Type: bugfix
Affected Mageia releases : 9
Description Some translated man pages are badly rendered, like the nmap one in Russian. This changes the file 20less.sh to avoid defining the env variable LESSCHARSET. References

• https://bugs.mageia.org/show_bug.cgi?id=34251

SRPMS 9/core

• less-678-1.1.mga9

Publication date: 11 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2866 Description PDF signature forgery with adbe.pkcs7.sha1 SubFilter. (CVE-2025-2866) References

• https://bugs.mageia.org/show_bug.cgi?id=34234
• https://lists.debian.org/debian-security-announce/2025/msg00070.html
• https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2866

SRPMS 9/core

• libreoffice-24.2.7.2-1.3.mga9

Publication date: 11 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-32873 Description An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). (CVE-2025-32873) References

• https://bugs.mageia.org/show_bug.cgi?id=34259
• https://ubuntu.com/security/notices/USN-7501-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32873

SRPMS 9/core

• python-django-4.1.13-1.4.mga9

Publication date: 11 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-31162 , CVE-2025-31163 , CVE-2025-31164 Description Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function. (CVE-2025-31162) Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function. (CVE-2025-31163) Heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline. (CVE-2025-31164) References

• https://bugs.mageia.org/show_bug.cgi?id=34260
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MJCOBXBMU3EIKTUVVEJUQTIAIJY6GWXG/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31162
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31163
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31164

SRPMS 9/core

• transfig-3.2.9a-1.mga9

Publication date: 09 May 2025
Type: bugfix
Affected Mageia releases : 9
Description WWE 2k23 small “artifacts” Variable Rate Shading (VRS) produces very aliased results on RADV with an AMD gpu Vulkan issues after sleeping on 9070 XT ring gfx_0.0.0 timeout after waking from sleep - RX 9070 radeonsi: CL conformance test `vector_swizzle` fails since 177427877bb50ad7ba24abfa13e55a2684d804df Random mesa crashes in kwin_wayland on a 6600XT Patch to fix clinfo on rusticl radv/aco: Ghost of Tsushima hangs and causes gpu resets on RDNA 3 GPU mesa-vulkan-driver-git.x86_64 causes strange colored rectangle artifacts in Final Fantasy XIV References

• https://bugs.mageia.org/show_bug.cgi?id=34248
• https://docs.mesa3d.org/relnotes/25.0.5.html

SRPMS 9/core

• mesa-25.0.5-1.mga9
• vulkan-tools-1.3.231.1-1.1.mga9

9/tainted

• mesa-25.0.5-1.mga9.tainted

‎How to enforce version freeze: Fix path

← Older revision Revision as of 08:11, 9 May 2025 Line 2: Line 2:     * take a checkout of puppet configuration * take a checkout of puppet configuration −* go to ''modules/buildsystem/templates''+* edit ''deployment/mga_buildsystem/manifests/config.pp'' −* edit ''submit-todo.conf''     −in ''checks/version/cauldron'' ( yaml hierarchy )+in the ''$cauldron_version_check'' object     * change mode from   * change mode from   −  mode: normal+  'mode' => 'normal'  to   to   −  mode: version_freeze+  'mode' => 'version_freeze'     * commit and push * commit and push Line 18: Line 17:  A Release Freeze is done similarly, but with A Release Freeze is done similarly, but with    −  mode: freeze+  'mode' => 'freeze'     == How to add someone to the list of users able to upload == == How to add someone to the list of users able to upload == Danf

Publication date: 08 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093 Description Process isolation bypass using "javascript:" URI links in cross-origin frames. (CVE-2025-4083) Unsafe attribute access during XPath parsing. (CVE-2025-4087) Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. (CVE-2025-4091) Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10. (CVE-2025-4093) References

• https://bugs.mageia.org/show_bug.cgi?id=34233
• https://www.thunderbird.net/en-US/thunderbird/128.10.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093

SRPMS 9/core

• thunderbird-128.10.0-1.mga9
• thunderbird-l10n-128.10.0-1.mga9

Publication date: 08 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4083 , CVE-2025-4087 , CVE-2025-4091 , CVE-2025-4093 Description A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape, CVE-2025-4083. A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption, CVE-2025-4087. Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code, CVE-2025-4091. Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code, CVE-2025-4093. References

• https://bugs.mageia.org/show_bug.cgi?id=34232
• https://www.mozilla.org/en-US/firefox/128.10.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4083
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4087
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4091
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4093

SRPMS 9/core

• firefox-128.10.0-1.mga9
• firefox-l10n-128.10.0-1.mga9

Publication date: 08 May 2025
Type: bugfix
Affected Mageia releases : 9
Description Changes in Youtube's API make applications that use yt-dlp fail or even crash. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=34241

SRPMS 9/core

• yt-dlp-2025.04.30-1.mga9

‎See Also: Add Trustify

← Older revision Revision as of 09:12, 7 May 2025 Line 125: Line 125:  * [https://vuln.go.dev/ Go Vulnerability Database] * [https://vuln.go.dev/ Go Vulnerability Database]  * [https://guac.sh/ GUAC] SBOM management tool * [https://guac.sh/ GUAC] SBOM management tool  +* [https://github.com/trustification/trustify Trustify] SBOM management tool  * [https://github.com/anchore/grype grype], tool that can look up security issues from a SPDX SBOM * [https://github.com/anchore/grype grype], tool that can look up security issues from a SPDX SBOM  * [https://trivy.dev/ Trivy], tool that can look up security issues from a SPDX SBOM * [https://trivy.dev/ Trivy], tool that can look up security issues from a SPDX SBOM     [[Category:Packaging]] [[Category:Packaging]] Danf