Lector de Feeds

Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1244 Description A command injection flaw was found which could allow a remote, unauthenticated attacker to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. References

• https://bugs.mageia.org/show_bug.cgi?id=34045
• https://lwn.net/Articles/1011611/
• https://nvd.nist.gov/vuln/detail/CVE-2025-1244
• https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=820f0793f0b46448928905552726c1f1b999062f
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1244

SRPMS 9/core

• emacs-29.4-1.3.mga9

Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-26603 Description A heap use-after-free was found in str_to_reg() in Vim < 9.1.1115. (CVE-2025-26603) References

• https://bugs.mageia.org/show_bug.cgi?id=34035
• https://openwall.com/lists/oss-security/2025/02/16/1
• https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26603

SRPMS 9/core

• vim-9.1.1122-1.mga9

Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-56171 , CVE-2025-24928 , CVE-2025-27113 Description The updated packages fix security vulnerabilities: Use-after-free in xmlSchemaIDCFillNodeTables. (CVE-2024-56171) Stack-buffer-overflow in xmlSnprintfElements. (CVE-2025-24928) Null-deref in xmlPatMatch. (CVE-2025-27113) References

• https://bugs.mageia.org/show_bug.cgi?id=34037
• https://openwall.com/lists/oss-security/2025/02/18/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113

SRPMS 9/core

• libxml2-2.10.4-1.6.mga9

Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-24528 Description Overflow when calculating ulog block size. (CVE-2025-24528) References

• https://bugs.mageia.org/show_bug.cgi?id=34040
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLIGTCER7WVUGDD5KJI3RHPHU5VI7UCF/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528

SRPMS 9/core

• krb5-1.20.1-1.4.mga9

Publication date: 25 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-12243 Description Gnutls impacted by inefficient DER decoding in libtasn1 leading to remote DoS. (CVE-2024-12243) References

• https://bugs.mageia.org/show_bug.cgi?id=34041
• https://ubuntu.com/security/notices/USN-7281-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12243

SRPMS 9/core

• gnutls-3.8.4-1.1.mga9

Publication date: 25 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description The updated packages fix a bug in GTK3 tooltips. References

• https://bugs.mageia.org/show_bug.cgi?id=30574

SRPMS 9/core

• gtk+3.0-3.24.38-1.2.mga9
• lxpanel-0.11.0-0.git20250215.1.mga9

‎Various software: gnome-calculator - more explanation.

← Older revision Revision as of 09:03, 25 February 2025 Line 361: Line 361:  {{Bug|33697}} - '''Nextcloud client''' - We fail to keep it updated.  Instead, upstream AppImage can be used, see [[Nextcloud-client]]. {{Bug|33697}} - '''Nextcloud client''' - We fail to keep it updated.  Instead, upstream AppImage can be used, see [[Nextcloud-client]].    −{{Bug|34028}} - '''gnome-calculator''' hang on start. '''WORKAROUND:''' Issue {{cmd|gsettings set org.gnome.calculator refresh-interval 0}} before starting it. Or use one of the alternatives available in our repositories: {{prog|galculator}}, {{prog|mate-calc}}, {{prog|kcalc}} or the less good looking {{prog|xcalc}}, or more text based like {{prog|qalculate-gtk}} / {{prog|qalculate-qt}} or {{prog|speedcrunch}}.+{{Bug|34028}} - '''gnome-calculator''' hang when trying to update currency rates, which it do by default on start. '''WORKAROUND:''' Set it to not update currency rates: issue {{cmd|gsettings set org.gnome.calculator refresh-interval 0}} before starting it. Currency rate is broken:Selecting Advanced mode, and in the dropdown "Currency", that section goes blank. To be able to select something else, set another mode temporarily.  Some other calculators available in our repositories: {{prog|galculator}}, {{prog|mate-calc}}, {{prog|kcalc}} or the less good looking {{prog|xcalc}}, or more text based like {{prog|qalculate-gtk}} / {{prog|qalculate-qt}} or {{prog|speedcrunch}}.     {{Bug|34029}} - '''grisbi''' We update grisbi to offer compatibility to users comming from other distributions that have the 3.0.4 version, but the 1st time wizard can't select custom folder for backups, please select it later in Edit -> Preferences {{Bug|34029}} - '''grisbi''' We update grisbi to offer compatibility to users comming from other distributions that have the 3.0.4 version, but the 1st time wizard can't select custom folder for backups, please select it later in Edit -> Preferences Morgano

← Older revision Revision as of 22:44, 24 February 2025 Line 278: Line 278:     {{Bug|33697}} - '''Nextcloud Client''' - Wir schaffen es nicht dieses aktuell zu halten. Verwenden Sie stattdessen das AppImage über den Upstream - siehe [[Nextcloud-client]]. {{Bug|33697}} - '''Nextcloud Client''' - Wir schaffen es nicht dieses aktuell zu halten. Verwenden Sie stattdessen das AppImage über den Upstream - siehe [[Nextcloud-client]].  +  +{{Bug|34028}} - '''gnome-calculator''' bleibt beim Start hängen. '''WORKAROUND:''' Führe {{cmd|gsettings set org.gnome.calculator refresh-interval 0}} aus, bevor Sie die Anwendung starten. Ansonsten können Sie eine alternative Anwendung aus unserem Repository verwenden: {{prog|galculator}}, {{prog|mate-calc}}, {{prog|kcalc}} oder das nicht so gut ausschauende {{prog|xcalc}}, oder das textbasierte {{prog|qalculate-gtk}} / {{prog|qalculate-qt}} oder {{prog|speedcrunch}}.  +  +{{Bug|34029}} - '''grisbi''' Wir aktualisieren grisbi, um Nutzern, welche von anderen Distributionen kommen, welche die Version 3.0.4 einsetzen, eine Kompatibilität anzubieten. Allerdings kann der 1st time wizard kein benutzerdefiniertes Verzeichnis für Sicherungen auswählen. Bitte wählen Sie dieses später unter Bearbeiten -> Einstellungen aus.     === Externe Software === === Externe Software === Line 306: Line 310:  * '''BEHOBEN durch  [https://advisories.mageia.org/MGAA-2023-0095.html eine Aktualisierung]''' von mgaonline in {{Bug|32382}}: {{bug|32354}} - In einigen Fällen, die noch nicht eingegrenzt werden konnten, hat die Variable PATH, welche mit /usr/sbin gesetzt wird, eine höhere Priorität als /usr/bin. Als Konsequenz startet mgaapplet urpmi.update ohne nach einer Berechtigung zur Ausführung zu fragen, wodurch die Ausführung fehlschlägt. Hierdurch wird keine Benachrichtigung zu vorhandenen Aktualisierungen angezeigt. Ein Workaround ist im Bugreport beschrieben. * '''BEHOBEN durch  [https://advisories.mageia.org/MGAA-2023-0095.html eine Aktualisierung]''' von mgaonline in {{Bug|32382}}: {{bug|32354}} - In einigen Fällen, die noch nicht eingegrenzt werden konnten, hat die Variable PATH, welche mit /usr/sbin gesetzt wird, eine höhere Priorität als /usr/bin. Als Konsequenz startet mgaapplet urpmi.update ohne nach einer Berechtigung zur Ausführung zu fragen, wodurch die Ausführung fehlschlägt. Hierdurch wird keine Benachrichtigung zu vorhandenen Aktualisierungen angezeigt. Ein Workaround ist im Bugreport beschrieben.    −* Unter GNOME muss die [[#Applet Sichtbarkeit|Applet Sichtbarkeit]] aktiviert werden.+* Unter GNOME muss die [[#GNOME|Applet Sichtbarkeit]] aktiviert werden.     == Sicherheit == == Sicherheit == Psyca

Publication date: 24 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description The updated packages fix a regression introduced by the fix for CVE-2025-1094 and a memory leak in pg_createsubscriber. References

• https://bugs.mageia.org/show_bug.cgi?id=34039
• https://www.postgresql.org/about/news/postgresql-174-168-1512-1417-and-1320-released-3018/

SRPMS 9/core

• postgresql15-15.12-1.mga9
• postgresql13-13.20-1.mga9

Publication date: 24 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description - Crash when trying to create a tab for a Magnatune panel or a Jamendo panel - bug: playback was skipping after 20 or 30 minutes running - Remove the nonfunctional Jamendo feature (the Jamendo site has modified its access and is no longer reachable for any Music Player) References

• https://bugs.mageia.org/show_bug.cgi?id=34034

SRPMS 9/core

• guayadeque-0.7.0-1.mga9

‎Various software: grisbi again

← Older revision Revision as of 20:04, 24 February 2025 (One intermediate revision by the same user not shown)Line 362: Line 362:     {{Bug|34028}} - '''gnome-calculator''' hang on start. '''WORKAROUND:''' Issue {{cmd|gsettings set org.gnome.calculator refresh-interval 0}} before starting it. Or use one of the alternatives available in our repositories: {{prog|galculator}}, {{prog|mate-calc}}, {{prog|kcalc}} or the less good looking {{prog|xcalc}}, or more text based like {{prog|qalculate-gtk}} / {{prog|qalculate-qt}} or {{prog|speedcrunch}}. {{Bug|34028}} - '''gnome-calculator''' hang on start. '''WORKAROUND:''' Issue {{cmd|gsettings set org.gnome.calculator refresh-interval 0}} before starting it. Or use one of the alternatives available in our repositories: {{prog|galculator}}, {{prog|mate-calc}}, {{prog|kcalc}} or the less good looking {{prog|xcalc}}, or more text based like {{prog|qalculate-gtk}} / {{prog|qalculate-qt}} or {{prog|speedcrunch}}.  +  +{{Bug|34029}} - '''grisbi''' We update grisbi to offer compatibility to users comming from other distributions that have the 3.0.4 version, but the 1st time wizard can't select custom folder for backups, please select it later in Edit -> Preferences     <br> <br> Katnatek

Publication date: 24 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-49393 , CVE-2024-49394 Description The To and Cc email header fields are not protected by cryptographic signing. (CVE-2024-49393) The In-reply-to email header field is not protected by cryptographic signing. (CVE-2024-49394) References

• https://bugs.mageia.org/show_bug.cgi?id=33814
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZYFPGXOX4Q4I4UNPEGXP2N372IN2YSAS/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49393
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49394

SRPMS 9/core

• neomutt-20241002-1.mga9

Publication date: 24 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version can't handle files from newer versions. This update fixes the issue. Note the 1st time wizard can't select custom folder for backups, please select it later in Edit -> Preferences References

• https://bugs.mageia.org/show_bug.cgi?id=34029

SRPMS 9/core

• grisbi-3.0.4-1.mga9

‎Various software: gnome-calculator Workaround up-front

← Older revision Revision as of 18:54, 22 February 2025 Line 361: Line 361:  {{Bug|33697}} - '''Nextcloud client''' - We fail to keep it updated.  Instead, upstream AppImage can be used, see [[Nextcloud-client]]. {{Bug|33697}} - '''Nextcloud client''' - We fail to keep it updated.  Instead, upstream AppImage can be used, see [[Nextcloud-client]].    −{{Bug|34028}} - '''gnome-calculator''' crash, [https://gitlab.gnome.org/GNOME/gnome-calculator/-/issues/359 fix the issue could require new version] and is not sure could be fixed in mageia 9, try one of the alternatives available in our repositories: {{prog|galculator}}, {{prog|mate-calc}}, {{prog|kcalc}}, {{prog|qalculate-gtk}}, {{prog|qalculate-qt}}, also the less good looking {{prog|xcalc}}+{{Bug|34028}} - '''gnome-calculator''' hang on start. '''WORKAROUND:''' Issue {{cmd|gsettings set org.gnome.calculator refresh-interval 0}} before starting it. Or use one of the alternatives available in our repositories: {{prog|galculator}}, {{prog|mate-calc}}, {{prog|kcalc}} or the less good looking {{prog|xcalc}}, or more text based like {{prog|qalculate-gtk}} / {{prog|qalculate-qt}} or {{prog|speedcrunch}}.     <br> <br> Morgano

To do a good job, we need good tools. Some of our servers are old, no longer powerful enough and have limited disk resources to meet the needs of developers. RPM manufacturing takes a long time and this is detrimental to the efficiency of maintaining and evolving the distribution. In short, the machines are well depreciated.

This is why our infrastructure is first getting a makeover. Better adapted to new technologies, it will allow our developers to work faster and more efficiently.

So where is this new infrastructure?

 We received 5 new servers:

– 2 new nodes for building packages: HPE ProLiant DL 360 Gen10 – 2xXeon 6126 (12C/2.6GHz) –

256GB RAM – 2xSSD 3.8TB HW Raid 1 – 2x10Gb/s NICs

– 2 servers to replace sucuk and duvel: HPE ProLiant DL 380 Gen10 – 2 Xeon 6126 (12C/2.6GHz) –

256GB RAM – 2xSSD 3.8TB HW Raid 1 – 10xHDD 12TB HW Raid 5 – 2x10Gb/s NICs

– 1 server for deployment and backup: HPE ProLiant DL80 Gen9 – 2xXeon  E5-2603v4

(6C/1.7GHz) – 256GB RAM – 6xHDD 6TB (donated, with some renewed parts)

– 1 Arista 7120T switch 20xRJ-45 10Gb/s 4xSFP+ 10Gb/s for interconnecting the machines

One of the ideas is to use the latest server to deploy quickly and as automatically as possible the construction nodes and other machines. The method is ready for x86_64 nodes and is being finalized for ARM nodes. The preparation of the servers takes time because the teams anticipate the future and future developments.

Once the preparation part of our servers is finished, the integration part into the Data Center will remain.

We are therefore taking our time to do things well in order to perpetuate the future and future versions of Mageia.

In the meantime, the future version 10 of Mageia continues to bubble in its cauldron! But we are not ready yet to plan a release date for the moment.

Feel free to come and strengthen our teams.

Para hacer un buen trabajo, necesitamos buenas herramientas. Algunos de nuestros servidores son viejos, ya no son lo bastante potentes y tienen recursos de disco limitados para satisfacer las necesidades de los desarrolladores. Se tarda mucho en producir los RPM, lo que va en detrimento de la eficacia del mantenimiento y la actualización de la distribución. En resumen, las máquinas están bien amortizadas.

Es por eso que nuestra infraestructura está recibiendo un lavado de cara. Más adaptada a las nuevas tecnologías, permitirá a nuestros desarrolladores trabajar de forma más rápida y eficaz. ¿Cuál es el estado de esta nueva infraestructura? Hemos recibido 5 nuevos servidores:

· 2 nuevos nodos de construcción de paquetes: HPE ProLiant DL 360 Gen10 – 2xXeon 6126 (12C/2.6GHz) – 256GB RAM – 2xSSD 3.8TB HW Raid 1 – 2x10Gb/s NICs.

· 2 servidores para reemplazar sucuk y duvel: HPE ProLiant DL 380 Gen10 – 2 Xeon 6126 (12C/2.6GHz) – 256GB RAM – 2xSSD 3.8TB HW Raid 1 – 10xHDD 12TB HW Raid 5 – 2x10Gb/s NICs.

· 1 servidor de despliegue y copia de seguridad: HPE ProLiant DL80 Gen9 – 2xXeon E5-2603v4 (6C/1.7GHz) – 256GB RAM – 6xHDD 6TB (una donación, con algunas partes renovadas)

· 1 switch Arista 7120T 20xRJ-45 10Gb/s 4xSFP+ 10Gb/s para interconectar las máquinas.

El plan es utilizar el último servidor para desplegar los nodos de construcción y el resto de máquinas de forma rápida y lo más automática posible. El método está listo para los nodos x86_64 y se está ultimando para los nodos ARM (servidores remotos). La preparación de los servidores lleva su tiempo, ya que nuestros equipos se anticipan al futuro y a los futuros desarrollos.

Una vez finalizada la preparación de nuestros servidores, el siguiente paso será integrarlos en el Centro de Datos. Por lo tanto, nos estamos tomando nuestro tiempo para hacer las cosas bien y poder asegurar el futuro y las futuras versiones de Mageia. Por el momento, no publicamos una fecha de lanzamiento provisional para Mageia 10.

Mientras tanto, ¡la futura versión 10 de Mageia sigue burbujeando en su caldero!

No dudes en unirte a nuestros equipos.

In Mageia/9/x86_64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/aarch64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/armv7hl: Mesa is an OpenGL 4.6 compatible 3D graphics library.