Lector de Feeds

Publication date: 03 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2022-49043 Description xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. (CVE-2022-49043) References

• https://bugs.mageia.org/show_bug.cgi?id=33975
• https://lists.suse.com/pipermail/sle-security-updates/2025-January/020243.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043

SRPMS 9/core

• libxml2-2.10.4-1.5.mga9

Publication date: 03 Feb 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-46981 , CVE-2024-51741 Description Redis' Lua library commands may lead to remote code execution. (CVE-2024-46981) Redis allows denial-of-service due to malformed ACL selectors. (CVE-2024-51741) References

• https://bugs.mageia.org/show_bug.cgi?id=33924
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HQU52SRIF5TB4GL3LJOHKX2MUHXNHH6/
• https://lists.debian.org/debian-security-announce/2025/msg00018.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46981
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51741

SRPMS 9/core

• redis-7.0.14-1.2.mga9

Publication date: 03 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description These plugins got some improvements and corrections and are now based on the last opencpn libs. These plugins need to be up to date for sailors' security. References

• https://bugs.mageia.org/show_bug.cgi?id=33976

SRPMS 9/core

• opencpn-ais-radar-plugin-1.4.19.0-1.mga9
• opencpn-celestial-navigation-plugin-2.4.43.0-1.mga9
• opencpn-climatology-plugin-1.6.33.0-1.mga9
• opencpn-polar-plugin-1.2.36.0-1.mga9
• opencpn-squiddio-plugin-1.3.93.0-1.mga9
• opencpn-statusbar-plugin-1.1.14.0-1.mga9
• opencpn-watchdog-plugin-2.4.112.0-1.mga9
• opencpn-weather-routing-plugin-1.15.21.0-1.mga9
• opencpn-weatherfax-plugin-1.10.12.0-1.mga9

Publication date: 03 Feb 2025
Type: bugfix
Affected Mageia releases : 9
Description The current version no longer works. This update fixes the issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33939

SRPMS 9/core

• yt-dlp-2025.01.26-1.mga9
• python-websockets-14.1-1.mga9

Como_criar_uma_página_wiki-pt-BR

← Older revision Revision as of 14:44, 3 February 2025 Line 57: Line 57:  *[[Como pedir ajuda-pt-BR|Como pedir ajuda]] *[[Como pedir ajuda-pt-BR|Como pedir ajuda]]  *[[Como_usar_o_IRC-pt-BR|Como usar o IRC]] *[[Como_usar_o_IRC-pt-BR|Como usar o IRC]] −*[[How to write a wiki page|Como escrever uma página wiki]]+*[[Como_criar_uma_página_wiki-pt-BR|Como escrever uma página wiki]]  *[[IRC bots|Bots do IRC]] *[[IRC bots|Bots do IRC]]  *[[Mageia IRC Channels Liberachat|Canais de IRC do Mageia na Liberachat]] *[[Mageia IRC Channels Liberachat|Canais de IRC do Mageia na Liberachat]] Xgrind

‎Team members

← Older revision Revision as of 17:27, 2 February 2025 (One intermediate revision by the same user not shown)Line 60: Line 60:    | Frank Sturm || sturmvogel || sturm-fr [at web [dot] de  || ||   | Frank Sturm || sturmvogel || sturm-fr [at web [dot] de  || ||    |-   |- −  | José Alberto Valle Cid || kanatek || j.alberto.vc@gmail.com  || ||+  | José Alberto Valle Cid || kanatek || j.alberto.vc@gmail.com  ||  + |-  + | Roelof Wobben || RoelofW || r.wobben@home.nl  ||  + ||       Rwobben

Add a procedure

New page

= Password reset =

Normally, a user can go to https://identity.mageia.org/forgot_password and request a password reset on his/her own. This feature is disabled for some accounts, in which case the user must contact sysadmin to perform a reset.

== Request Verification ==

It's vital to verify the request first to avoid an account takeover by a malicious actor. Use one of the procedures at [[SOP Change user e-mail#Request_Verification]] if possible, although all of those assume the user can still log in by some means.

If those aren't possible, e-mail the user with a random word and have him/her reply to sysadmin AT group DOT mageia DOT org. That validates that the user has access to e-mail sent to that address. Check the headers of the received e-mail to see if there is a valid DKIM header (verify it, don't just assume it's OK), which provides a degree of proof the e-mail was actually sent by the authorized user. Mageia servers don't add a header verifying SPF as of this writing, so that can't be checked on that e-mail to sysadmin. If the user e-mails you directly and your mail server checks SPF and adds a header with the result of the check, it's a much weaker validation but still something.

== Reset password ==

The password reset flow at https://identity.mageia.org/forgot_password isn't appropriate for cases where sysadmin action is necessary. ''TODO: but maybe there's a simpler way than the temporary password method below.''

== Update password ==

Choose a new random, temporary password for the user and hash it with the command:
<pre>
$ slappasswd -h '{SSHA}'
</pre>
You will be asked to type it in twice. The result is a string like '''{SSHA}xyzzyxyzzy''' which is the salted password to be stored in LDAP. Run this command on duvel, replacing '''USERUID''' with the user's uid and '''xyzzyxyzzy''' with the actual hashed password ('''$USER''' is entered literally and will automatically be replaced by your own current user login):
<pre>
$ ldapmodify -H ldaps://ldap.mageia.org -D "uid=$USER,ou=People,dc=mageia,dc=org" -W <<EOF
dn: uid=USERUID,ou=People,dc=mageia,dc=org
changetype: modify
replace: userPassword
userPassword: {SSHA}xyzzyxyzzy
EOF
</pre>
E-mail the user (using an account with SMTP over TLS is enabled) with the temporary password and instructions to go to https://identity.mageia.org/ and change it immediately. Check that the user has done so by running:
<pre>
$ ldapsearch -H ldaps://ldap.mageia.org -b ou=People,dc=mageia,dc=org -D uid=$USER,ou=People,dc=mageia,dc=org -W '(uid=USERID)'
</pre>
The ''userPassword::'' field is base64-encoded, so decode it with:
<pre>
$ base64 -d <<< XXXXX
</pre>
where XXX is the string after ''userPassword::''. Ensure that what is displayed is different from what you sent it to, or else the password has not yet been changed. Danf

‎Access/Identity: Reset password

← Older revision Revision as of 03:06, 2 February 2025 Line 20: Line 20:  * [[SOP Change SSH key]] * [[SOP Change SSH key]]  * [[SOP Delete user]] on request * [[SOP Delete user]] on request  +* [[SOP Reset password]]  * [[SOP Sysadmin access revocation]] * [[SOP Sysadmin access revocation]]  * [[SOP Adding groups]] * [[SOP Adding groups]] Danf

‎Request Verification: Fix typo & simplify

← Older revision Revision as of 18:23, 1 February 2025 Line 11: Line 11:  ldapsearch -H ldaps://ldap.mageia.org -b ou=People,dc=mageia,dc=org -D uid=$USER,ou=People,dc=mageia,dc=org -W '(mail=REQUESTER@E-MAIL)' ldapsearch -H ldaps://ldap.mageia.org -b ou=People,dc=mageia,dc=org -D uid=$USER,ou=People,dc=mageia,dc=org -W '(mail=REQUESTER@E-MAIL)'  </pre> </pre> −Replace $USER with your Mageia user ID (if necessarY0 and REQUESTER@E-MAIL with the e-mail address from Bugzilla. Use your Mageia password when it asks for a password. The user's Mageia account info will be shown including the uid of the account owner. If it matches the request, you're go to go.+Replace REQUESTER@E-MAIL with the e-mail address from Bugzilla. Use your Mageia password when it asks for a password. The user's Mageia account info will be shown including the uid of the account owner. If it matches the request, you're go to go.     * If the user isn't able to log in to Bugzilla but has an SSH key on file, you can use that to authenticate him/her. If the account holder is a packager, he/she can prove identity by making a specific requested change to an svn or git file. * If the user isn't able to log in to Bugzilla but has an SSH key on file, you can use that to authenticate him/her. If the account holder is a packager, he/she can prove identity by making a specific requested change to an svn or git file. Danf

In Mageia/9/x86_64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/aarch64: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/armv7hl: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/9/i586: Mesa is an OpenGL 4.6 compatible 3D graphics library.

In Mageia/cauldron/x86_64: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.

In Mageia/cauldron/i586: Rachota is a portable application for timetracking different projects. It runs everywhere. It displays time data in diagram form, creates customized reports and invoices or analyses measured data and suggests hints to improve user's time usage. The totally portable yet personal timetracker.