Lector de Feeds

‎32 (i586) ou 64 bits (x86_64)

← Older revision Revision as of 10:25, 10 February 2026 Line 116: Line 116:  Installez un autre environnement de bureau par la suite (si vous le souhaitez) comme Gnome ou Plasma ou un autre environnement que nous proposons, après avoir mis à jour le système. Installez un autre environnement de bureau par la suite (si vous le souhaitez) comme Gnome ou Plasma ou un autre environnement que nous proposons, après avoir mis à jour le système.    −==== 32 (i586) ou 64 bits (x86_64) ====+==== 32 (i586, i686) ou 64 bits (x86_64) ====    −Le 64 bits fonctionne un peu plus vite, à utiliser si vous n’avez jamais besoin de faire fonctionner un ordinateur 32 bits avec ce support.+Le 64 bits fonctionne un peu plus vite, et a une couverture fonctionnelle complète.    −La version 32 bits est la plus adaptée aux ordinateurs. C’est légèrement plus petit, ce qui permet d’économiser un tout petit peu d’espace de stockage, de mémoire vive et de temps de chargement.+La version 32 bits est à réserver aux processeurs qui ne supportent pas le 64 bits. C’est légèrement plus petit, ce qui permet d’économiser un tout petit peu d’espace de stockage, de mémoire vive et de temps de chargement. Par contre, certaines applications ne sont plus fournies en 32bits, et les fonctionnalités de coprocesseur ne sont pas utilisées. Depuis Mageia 10, la fonctionnalité ''sse2'' des processeurs est activée, d'où le changement d'appellation ''i686''.     == Créer une persistance en utilisant seulement le système autonome == == Créer une persistance en utilisant seulement le système autonome == Papoteur

Publication date: 09 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-15269 , CVE-2025-15270 , CVE-2025-15275 , CVE-2025-15279 Description FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. (CVE-2025-15269) FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. (CVE-2025-15270) FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-15275) FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. (CVE-2025-15279) References

• https://bugs.mageia.org/show_bug.cgi?id=35091
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NFM3OPUTYR55GA65K3XOPK3FXAH7EWEJ/
• https://github.com/advisories/GHSA-hp8x-4h95-9799
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15269
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15270
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15275
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15279

SRPMS 9/core

• fontforge-20220308-2.2.mga9

Publication date: 09 Feb 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-1642 Description MitM injection. (CVE-2026-1642) References

• https://bugs.mageia.org/show_bug.cgi?id=35104
• https://www.openwall.com/lists/oss-security/2026/02/05/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642

SRPMS 9/core

• nginx-1.26.3-1.2.mga9

← Older revision Revision as of 18:35, 9 February 2026 Line 9: Line 9:  | style="width:46%; font-size:102%; background-color: #fefefe; border-radius:12px; border: 4px solid darkgray; box-shadow: 4px 6px 4px rgba(0,0,0,0.3);"| | style="width:46%; font-size:102%; background-color: #fefefe; border-radius:12px; border: 4px solid darkgray; box-shadow: 4px 6px 4px rgba(0,0,0,0.3);"|  [[File:Wiki_main_box_one_v005.png|150px|right|link=]] [[File:Wiki_main_box_one_v005.png|150px|right|link=]] −'''Versión Actual'''<br>+'''Versión Actual'''<br>Mageia_10_Desarrollo  <small>''Tiempo de Soporte: hasta 3 meses después de la salida de la siguiente versión''</small> <small>''Tiempo de Soporte: hasta 3 meses después de la salida de la siguiente versión''</small>  * [[Notas sobre Mageia 9-es|Notas sobre Mageia 9]] * [[Notas sobre Mageia 9-es|Notas sobre Mageia 9]] Line 20: Line 20:  '''Desarrollo de la distribución'''<br> '''Desarrollo de la distribución'''<br>  <small>''Nuevas versiones de Mageia''</small> <small>''Nuevas versiones de Mageia''</small> −* [[Mageia_10_Development|Calendario de desarrollo]]+* [[Mageia_10_Desarrollo|Calendario de desarrollo]]  * [[Política de características|Política para proponer características]]   * [[Política de características|Política para proponer características]]    * [[:Category:ProposedFeatureMageia10|Información técnica de las características propuestas]] * [[:Category:ProposedFeatureMageia10|Información técnica de las características propuestas]] Joselp

← Older revision Revision as of 18:32, 9 February 2026 (One intermediate revision by the same user not shown)Line 45: Line 45:  |    |     |-   |-   −| '''[[Mageia_9_Release_Notes|Versión final]]'''+| '''[[Notas_sobre_Mageia_10|Versión final]]'''  | Candidato de lanzamiento 1 + 4 semanas | Candidato de lanzamiento 1 + 4 semanas  | alguien | alguien Joselp

Joselp moved page Notas sobre Mageia 10-es to Notas sobre Mageia 10 Language in Tittle

← Older revision Revision as of 18:29, 9 February 2026 (2 intermediate revisions by the same user not shown)Line 5: Line 5:  <!-- disable this so it's not in release note of isos medias--> <!-- disable this so it's not in release note of isos medias-->    −{{multi language banner-es|[[Mageia 10 Veröffentlichungshinweise-de|Deutsch]] ; [[Mageia 10 Release Notes|English]] ;[[Notas sobre Mageia 10-es|Español]]}}+{{multi language banner|[[Mageia 10 Veröffentlichungshinweise-de|Deutsch]] ; [[Mageia 10 Release Notes|English]] ;[[Notas sobre Mageia 10|Español]]}}     {{draft-es}} {{draft-es}} Joselp

← Older revision Revision as of 18:23, 9 February 2026 (4 intermediate revisions by the same user not shown)Line 21: Line 21:  |-   |-    | '''Alfa 1''' | '''Alfa 1''' −| 2024-09-23+| 2025-12-05  | desarrolladores, empaquetadores | desarrolladores, empaquetadores −|  +| 2025-12-09 para QA, 2026-01-10 al público  |- |-  | Congelación de versiones | Congelación de versiones −| 2024-10-07+| 2026-01-18  | desarrolladores, empaquetadores | desarrolladores, empaquetadores −| +| 2026-01-20  |- |- −| '''Beta 1'''+| '''Beta''' −| 2024-10-07+| 2026-02-08 −| desarrolladores, empaquetadores  −|    −|-   −| '''Beta 2'''  −| 2024-10-21   | desarrolladores, empaquetadores | desarrolladores, empaquetadores  |    |     |-   |-    | Congelación de lanzamiento | Congelación de lanzamiento −| Por determinar+| 2026-03-01  | Control de calidad, empaquetadores, creador de ISO | Control de calidad, empaquetadores, creador de ISO  |    |    Joselp

‎2. On each Puppet Agent

← Older revision Revision as of 14:33, 9 February 2026 (5 intermediate revisions by the same user not shown)Line 24: Line 24:       # Backup the existing PKI:        # Backup the existing PKI:         mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)        mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)   −    +      −    # Remove the old PKI:   −    mkdir /var/lib/puppet/ssl  −    chown puippet:puppet /var/lib/puppet/ssl/  −    chmod 775 /var/lib/puppet/ssl/  −            # Generate a new CA and master certificate:        # Generate a new CA and master certificate:         puppet cert generate $(hostname -f) --ca      puppet cert generate $(hostname -f) --ca Line 39: Line 34:     Remove the local SSL certificates: Remove the local SSL certificates: − + −     # Stop puppet agent+     # Rename old ssl −    systemctl stop puppet  −      −    # Remove old ssl        mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)        mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)   −    mkdir /var/lib/puppet/ssl  −    chown puippet:puppet /var/lib/puppet/ssl/  −    chmod 775 /var/lib/puppet/ssl/                 −     # Start puppet agent+     # Start puppet once to generate a SSL cert request −     systemctl start puppet+     puppet agent --server puppet.mageia.org --no-daemonize --verbose --waitforcert 60     === 3. Back on Puppet Master === === 3. Back on Puppet Master === Line 60: Line 49:       puppet cert sign <agent_hostname>      puppet cert sign <agent_hostname>    −=== 4. On each Puppet Agent ===+=== 4. Verification === −   −    # Re-run Puppet on the agent:  −    systemctl restart puppet  −   −=== 5. Verification ===      On the master: On the master: Wally

Add Puppet link

← Older revision Revision as of 23:05, 8 February 2026 Line 29: Line 29:       # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/openldap/ldap.mageia.org.pem -out /etc/ssl/openldap/ldap.mageia.org.pem -subj '/CN=ldap.mageia.org'      # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/openldap/ldap.mageia.org.pem -out /etc/ssl/openldap/ldap.mageia.org.pem -subj '/CN=ldap.mageia.org'     += Puppet certificates =  +  +See [[Puppet_re-newing_CA_&_Certs]].     = Wild card certificate = = Wild card certificate = Danf

Describe {media}{bootloader_entries}{message} key (coming in v1.23)

← Older revision Revision as of 21:17, 8 February 2026 (One intermediate revision by the same user not shown)Line 550: Line 550:     <div style="padding-left: 3em;"> <div style="padding-left: 3em;">  +  +{{cmd|message}} (optional)  +  +:({{prog|draklive2}} v1.23 or later)  +  +:An arbitrary string specifying the message that will be briefly displayed after the menu entry is selected. This is displayed using the GRUB2 {{cmd|echo}} command just before executing the following GRUB2 command.  +  +:If not specified, no message will be displayed.     {{cmd|command}} (optional) {{cmd|command}} (optional) Line 584: Line 592:     :If not specified, {{prog|draklive2}} will use {{prog|grub2-mkimage}} to build the El Torito boot loader image. :If not specified, {{prog|draklive2}} will use {{prog|grub2-mkimage}} to build the El Torito boot loader image.  +  +===== {{cmd|iso_level}} (optional) =====  +  +:({{prog|draklive2}} v1.22 or later)  +  +:A number specifying the ISO 9660 conformance level for the iso9660 filesystem. This should be an integer number between 1 and 3. Level 3 allows the {{file|/loopbacks.distrib.sqfs}} file size to exceed 4GB.  +  +:If not specified, a level 3 iso9660 filesystem will be created.     ===== {{cmd|iso_part_start}} (optional) ===== ===== {{cmd|iso_part_start}} (optional) ===== Martinw

Maat moved page Puppet REeewing Certs to Puppet re-newing CA & Certs Just renaming

New page

'''Nota : Last update 8 feb 2026 -> Next renewal before feb 2031'''

= Puppet 2/3 PKI Management =

== Context ==

Puppet v2/v3 does not support automatic CA renewal.

The Puppet CA certificate has a limited lifespan (typically ~5 years by default).

Before or after expiration, the procedure is the same: regenerate the full PKI (master + agents).

Operational difference:
Before expiration → planned maintenance, minimal disruption.
After expiration → agents stop communicating, urgent manual intervention required.

== CA / PKI Rotation Procedure ==

=== 1. On the Puppet Master ===

# Stop the Puppet service:
service puppetmaster stop

# Backup the existing PKI:
mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)

# Remove the old PKI:
mkdir /var/lib/puppet/ssl
chown puippet:puppet /var/lib/puppet/ssl/
chmod 775 /var/lib/puppet/ssl/

# Generate a new CA and master certificate:
puppet cert generate $(hostname -f) --ca

# Restart the Puppet service:
service puppetmaster start

=== 2. On each Puppet Agent ===

Remove the local SSL certificates:

# Stop puppet agent
systemctl stop puppet

# Remove old ssl
mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)
mkdir /var/lib/puppet/ssl
chown puippet:puppet /var/lib/puppet/ssl/
chmod 775 /var/lib/puppet/ssl/

# Start puppet agent
systemctl start puppet

=== 3. Back on Puppet Master ===

# On the master, list unsigned agent certificates
puppet cert list

# Sign agent certificates:
puppet cert sign <agent_hostname>

=== 4. On each Puppet Agent ===

# Re-run Puppet on the agent:
systemctl restart puppet

=== 5. Verification ===

On the master:

openssl x509 -in /var/lib/puppet/ssl/ca/ca_crt.pem -noout -dates

On each agent:

puppet agent -t --verbose

Expected outcome: Puppet applies the catalog without SSL errors.

== Best Practices ==

Monitor CA expiration with:

openssl x509 -in /var/lib/puppet/ssl/ca/ca_crt.pem -noout -enddate

Schedule rotation before expiration (e.g., 90 days prior).

Backup the entire /var/lib/puppet/ssl directory before any changes.

Ensure master hostname (FQDN) and system time are correct.

[[Category:Sysadmin]] Maat

Puppet CA & Certs renewal every 5 year

New page

'''Nota : Last update 8 feb 2026 -> Next renewal before feb 2031'''

= Puppet 2/3 PKI Management =

== Context ==

Puppet v2/v3 does not support automatic CA renewal.

The Puppet CA certificate has a limited lifespan (typically ~5 years by default).

Before or after expiration, the procedure is the same: regenerate the full PKI (master + agents).

Operational difference:
Before expiration → planned maintenance, minimal disruption.
After expiration → agents stop communicating, urgent manual intervention required.

== CA / PKI Rotation Procedure ==

=== 1. On the Puppet Master ===

# Stop the Puppet service:
service puppetmaster stop

# Backup the existing PKI:
mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)

# Remove the old PKI:
mkdir /var/lib/puppet/ssl
chown puippet:puppet /var/lib/puppet/ssl/
chmod 775 /var/lib/puppet/ssl/

# Generate a new CA and master certificate:
puppet cert generate $(hostname -f) --ca

# Restart the Puppet service:
service puppetmaster start

=== 2. On each Puppet Agent ===

Remove the local SSL certificates:

# Stop puppet agent
systemctl stop puppet

# Remove old ssl
mv /var/lib/puppet/ssl /var/lib/puppet/ssl.old.$(date +%F)
mkdir /var/lib/puppet/ssl
chown puippet:puppet /var/lib/puppet/ssl/
chmod 775 /var/lib/puppet/ssl/

# Start puppet agent
systemctl start puppet

=== 3. Back on Puppet Master ===

# On the master, list unsigned agent certificates
puppet cert list

# Sign agent certificates:
puppet cert sign <agent_hostname>

=== 4. On each Puppet Agent ===

# Re-run Puppet on the agent:
systemctl restart puppet

=== 5. Verification ===

On the master:

openssl x509 -in /var/lib/puppet/ssl/ca/ca_crt.pem -noout -dates

On each agent:

puppet agent -t --verbose

Expected outcome: Puppet applies the catalog without SSL errors.

== Best Practices ==

Monitor CA expiration with:

openssl x509 -in /var/lib/puppet/ssl/ca/ca_crt.pem -noout -enddate

Schedule rotation before expiration (e.g., 90 days prior).

Backup the entire /var/lib/puppet/ssl directory before any changes.

Ensure master hostname (FQDN) and system time are correct.

[[Category:Sysadmin]] Maat