Lector de Feeds

Publication date: 27 Oct 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-36474 , CVE-2024-42415 Description An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2024-36474) An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2024-42415) References

• https://bugs.mageia.org/show_bug.cgi?id=33620
• https://lwn.net/Articles/993121/
• https://ubuntu.com/security/notices/USN-7062-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36474
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42415

SRPMS 9/core

• libgsf-1.14.50-1.1.mga9

Publication date: 27 Oct 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9680 Description The updated packages provide Thunderbird 128 for all mandatory arches of Mageia (x86_64, i586 and aarch64) and fix several bugs, including a security vulnerability: References

• https://bugs.mageia.org/show_bug.cgi?id=33633
• https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-52/
• https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes/
• https://bugs.mageia.org/show_bug.cgi?id=33608
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9680

SRPMS 9/core

• thunderbird-128.3.2-1.mga9
• thunderbird-l10n-128.3.2-1.mga9

Publication date: 27 Oct 2024
Type: bugfix
Affected Mageia releases : 9
Description This release includes the fixes up to pipewire-1.0.9, that fix a few bugs and some leaks for stability. For the changelog (referring to 1.0.9) see the references. References

• https://bugs.mageia.org/show_bug.cgi?id=33673
• https://gitlab.freedesktop.org/pipewire/pipewire/-/releases

SRPMS 9/core

• pipewire-0.3.85-6.mga9

Add vendored as a keyword, sort packages

← Older revision Revision as of 02:05, 27 October 2024 (One intermediate revision by the same user not shown)Line 1: Line 1:  [[Category:Packaging]] [[Category:Packaging]] −This page is trying to list all packages, which carry bundled (standalone) copies of system libraries. Generally using bundled copies rather then the system libraries results in many disadvantages, like difficult and time-consuming fixes for security issues in many packages, instead of only fixing it in the system library.+This page is trying to list all packages, which carry bundled (standalone or vendored) copies of system libraries. Generally using bundled copies rather then the system libraries results in many disadvantages, like difficult and time-consuming fixes for security issues in many packages, instead of only fixing it in the system library.     Please extend this page, as this helps keep an overview when doing security or bug fixes. It should also be used to list any exceptions where we still do static linking. Please extend this page, as this helps keep an overview when doing security or bug fixes. It should also be used to list any exceptions where we still do static linking.     The structure should be: a new headline for each library, and below it a listing of the packages which carry a bundled copy or which are linked statically, maybe some version information (to ease checking for security vulnerabilities) and maybe some reasons. The structure should be: a new headline for each library, and below it a listing of the packages which carry a bundled copy or which are linked statically, maybe some version information (to ease checking for security vulnerabilities) and maybe some reasons.  +  +== expat ==  +  +* mozjs78 - carries an embedded expat (presumably other mozjs versions as well)     == ffmpeg == == ffmpeg == Danf

Created page with "First time i followed this guide, wifi connection dropped when closing net_applet, so I had to connect cable to execute urpmi. Now second time, I executed the urpmi commands..."

New page

First time i followed this guide, wifi connection dropped when closing net_applet, so I had to connect cable to execute urpmi.

Now second time, I executed the urpmi commands first, and that worked. (Plasma)

So maybe the guide should be changed that way, or could there be a problem with that order, to start with installing packages before executing the rest (maybe I was lucky?)

/Morgan Morgano

refer to Mirror List

← Older revision Revision as of 19:27, 26 October 2024 (One intermediate revision by the same user not shown)Line 1: Line 1:  +As explained in [[Mirror List]], it may be needed to contact the maintainer of a mirror.  +  Please add any contact that you know of. Please add any contact that you know of.     We should probably create a table for this. We should probably create a table for this.    −Ibiblio: Don Sizemore - dls [AT] ibiblio [DOT] org+Ibiblio: Don Sizemore - dls [AT] ibiblio [DOT] org <br>  Princeton: Benjamin Rose - benrose [AT] math [DOT] princeton [DOT] edu Princeton: Benjamin Rose - benrose [AT] math [DOT] princeton [DOT] edu Marja

Start page

New page

Please add any contact that you know of.

We should probably create a table for this.

Ibiblio: Don Sizemore - dls [AT] ibiblio [DOT] org
Princeton: Benjamin Rose - benrose [AT] math [DOT] princeton [DOT] edu Marja

Add lines about contacting "red" mirrors

← Older revision Revision as of 19:20, 26 October 2024 Line 6: Line 6:     [https://mirrors.mageia.org/ mirrors.mageia.org] [https://mirrors.mageia.org/ mirrors.mageia.org]  +  +There you can also see from which other mirror each mirror syncs.     The status of each of the mirrors can be seen on this page: The status of each of the mirrors can be seen on this page:     [https://mirrors.mageia.org/status mirrors.mageia.org/status] [https://mirrors.mageia.org/status mirrors.mageia.org/status]  +  +If all mirrors are red, then Mageia has a problem.  +If your preferred mirror is red, while other mirrors are green, then you preferred mirror has a problem. There are two possibilities:  +* The mirror it syncs from is red  +** If this doesn't get solved within reasonable time, then contact your preferred mirror and suggest they sync from a different mirror.  +* The mirror it syncs from is green  +** Then the problem originated in your preferred mirror, please contact the maintainers to make sure they are aware  +  +We are starting to gather contact data in [[Mirror Contacts]] Marja

added ircs channel mageia-next

← Older revision Revision as of 09:58, 26 October 2024 Line 28: Line 28:  * [ircs://irc.libera.chat:6697/#mageia-meeting #mageia-vergadering] * [ircs://irc.libera.chat:6697/#mageia-meeting #mageia-vergadering]     +* [ircs://irc.libera.chat:6697/#mageia-next #mageia-next] Praat over alles dat Mageia helpt aan een schitterende toekomst)  * Het #mageia-social channel (sociale kanaal) dat we hadden op Freenode, voor algemene gesprekken en voor Mageia gemeenschapsvorming, heet nu op Liberachat [ircs://irc.libera.chat:6697/#mageia-chat #mageia-chat]. * Het #mageia-social channel (sociale kanaal) dat we hadden op Freenode, voor algemene gesprekken en voor Mageia gemeenschapsvorming, heet nu op Liberachat [ircs://irc.libera.chat:6697/#mageia-chat #mageia-chat].    Hugomarc

‎To be merged, off-list reply to the association discussion: remove off-list

← Older revision Revision as of 08:51, 26 October 2024 (2 intermediate revisions by the same user not shown)Line 9: Line 9:  Every idea may be added. When brainstorming, there are no wrong or stupid ideas. That said, ideas that don't comply with our [https://www.mageia.org/en/about/code-of-conduct/ code of conduct], will be removed. Every idea may be added. When brainstorming, there are no wrong or stupid ideas. That said, ideas that don't comply with our [https://www.mageia.org/en/about/code-of-conduct/ code of conduct], will be removed.    −The intention is to sort the ideas by general topic (like whom to reach out to, or proposed changes to Mageia, or how to reach potential contributors) on this page, to make later reviewing them easier. Topics can be added when needed.}}+The intention is to sort the ideas by general topic (like whom to reach out to, or proposed changes to Mageia, or how to reach potential contributors) on this page, to make later reviewing them easier. Topics can be added when needed.  +   +You can also help brainstorming on '''[[Mageia IRC Channels Liberachat |IRC:]]''' [ircs://irc.libera.chat:6697/#mageia-next #mageia-next]}}     =Whom to reach out to= =Whom to reach out to= Line 200: Line 202:  The association should support these programs, including financially, meaning we need to have a campaign to get more funds for that. The renewal of HW would also benefit from that. The association should support these programs, including financially, meaning we need to have a campaign to get more funds for that. The renewal of HW would also benefit from that.    −=To be merged, off-list reply to the association discussion=+=To be merged, reply to the association discussion=  I remove all history, because I don't have the time to read everything, sorry. I remove all history, because I don't have the time to read everything, sorry.  I just want to add my point of view: I just want to add my point of view: Marja

‎Project-wide channels:: Add #mageia-next

← Older revision Revision as of 08:07, 26 October 2024 Line 25: Line 25:  * [ircs://irc.libera.chat:6697/#mageia-council #mageia-council] * [ircs://irc.libera.chat:6697/#mageia-council #mageia-council]  * [ircs://irc.libera.chat:6697/#mageia-meeting #mageia-meeting] * [ircs://irc.libera.chat:6697/#mageia-meeting #mageia-meeting]  +* [ircs://irc.libera.chat:6697/#mageia-next #mageia-next] (Chat about anything that helps Mageia's bright future)     * The #mageia-social channel we had on Freenode, for General chat and Mageia community building, has become [ircs://irc.libera.chat:6697/#mageia-chat #mageia-chat] on Liberachat. * The #mageia-social channel we had on Freenode, for General chat and Mageia community building, has become [ircs://irc.libera.chat:6697/#mageia-chat #mageia-chat] on Liberachat. −  −      == Team specific: == == Team specific: == Marja

Update DaVinci Resolve to version 19.0.3

← Older revision Revision as of 19:38, 25 October 2024 Line 1: Line 1: −= How to install and use DaVinci Resolve 19.0.1 on Mageia Linux 9 =+= How to install and use DaVinci Resolve 19.0.3 on Mageia Linux 9 =     I've spent the past few years using kdenlive to edit my videos and decided it was time to up my game. In comes [https://www.blackmagicdesign.com/products/davinciresolve/ DaVinci Resolve]. I've spent the past few years using kdenlive to edit my videos and decided it was time to up my game. In comes [https://www.blackmagicdesign.com/products/davinciresolve/ DaVinci Resolve]. Line 11: Line 11:  # [https://www.blackmagicdesign.com/products/davinciresolve/ Download DaVinci Resolve] # [https://www.blackmagicdesign.com/products/davinciresolve/ Download DaVinci Resolve]  # Unzip the file # Unzip the file −## <code>unzip DaVinci_Resolve_19.0.1_Linux.zip</code>+## <code>unzip DaVinci_Resolve_19.0.3_Linux.zip</code> −# This gives us the binary installation file - '''DaVinci_Resolve_19.0.1_Linux.run'''+# This gives us the binary installation file - '''DaVinci_Resolve_19.0.3_Linux.run'''  ## Make it executable ## Make it executable −## <code>chmod 755 DaVinci_Resolve_19.0.1_Linux.run</code><br />+## <code>chmod 755 DaVinci_Resolve_19.0.3_Linux.run</code><br />  # To install this file, we have to skip some checks. # To install this file, we have to skip some checks. −## <code>sudo SKIP_PACKAGE_CHECK=1 ./DaVinci_Resolve_19.0.1_Linux.run</code>+## <code>sudo SKIP_PACKAGE_CHECK=1 ./DaVinci_Resolve_19.0.3_Linux.run</code>  # Follow the installation guide and click '''Finish''' when it appears. # Follow the installation guide and click '''Finish''' when it appears.  # Before launching DaVinci Resolve, do the following. This way, Resolve uses the system libraries instead.<br /> # Before launching DaVinci Resolve, do the following. This way, Resolve uses the system libraries instead.<br /> Kekepower

‎Communication: Add off-list association reply

← Older revision Revision as of 16:00, 25 October 2024 Line 199: Line 199:  We should ask existing users to recruit at least 1 new user during the year. Meaning we could double our community, and thus generating more possibilities to have more contributors. We should ask existing users to recruit at least 1 new user during the year. Meaning we could double our community, and thus generating more possibilities to have more contributors.  The association should support these programs, including financially, meaning we need to have a campaign to get more funds for that. The renewal of HW would also benefit from that. The association should support these programs, including financially, meaning we need to have a campaign to get more funds for that. The renewal of HW would also benefit from that.  +  +=To be merged, off-list reply to the association discussion=  +I remove all history, because I don't have the time to read everything, sorry.  +I just want to add my point of view:  +  +we left the field. We are not organized (meetings, elections) except great QA  +team which is rigoureous. I'm impressed.  +We are not publishing our presences in all event (many thanks to DTux who  +subscrib us everywhere in France for years).  +We were rejected from FOSDEM once or twice, but we did not retried.  +From the french forum, I only know 2 peoples (thank you Guygoye and Spank) who  +regularly participate on local install-party regularly.  +  +Don't questionnize too much, at work, with many IT developers, no one know  +Mageia. We are not on radars, people don't know us.  +  +What I would do:  +- split atelier in two. Atelier keep producing artwork, and respond to any  +design query. Having a dedicated Communication team, that subscibe M.Org to  +events, ask Atelier to produce XYZ goody and with their dedicated budget, buy  +and spread goodies.  +If I know someone from my city willing to spend one evening a week, I will ask  +a local to  do install party.  +  +Good night everyone, work is calling me,     =Also to be merged, possible extra replies in the forums= =Also to be merged, possible extra replies in the forums= Marja

Publication date: 25 Oct 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47191 Description pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. (CVE-2024-47191) References

• https://bugs.mageia.org/show_bug.cgi?id=33619
• https://lists.archlinux.org/archives/list/arch-security@lists.archlinux.org/message/IDKMOOVTHHDXCEEZ2S4VVYLM3N5QBPJA/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47191

SRPMS 9/core

• oath-toolkit-2.6.7-1.1.mga9