Bug 29031

Summary: minetest 5.4.1 fixes security issues
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Rémi Verschelde <rverschelde>
Status: RESOLVED WONTFIX QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: ouaurelien
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: minetest-5.0.1-1.mga7.src.rpm CVE:
Status comment:
Bug Depends on: 28785    
Bug Blocks:    

Description David Walser 2021-05-29 23:30:19 CEST 
+++ This bug was initially created as a clone of Bug #28785 +++

Minetest 5.4.1 several security fixes:
https://dev.minetest.net/Changelog#5.3.0_.E2.86.92_5.4.0
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZSUO7C4BGOGBGTFBKCR3U5AVNXJ77Q3D/

We didn't backport them to Mageia 7 when we updated Mageia 8.
Comment 1 Rémi Verschelde 2021-05-30 13:37:59 CEST 
Isn't Mageia 7 EOL tomorrow?
Comment 2 David Walser 2021-05-31 02:00:24 CEST 
Nope.
Comment 3 Rémi Verschelde 2021-05-31 07:55:06 CEST 
That's what our website says: https://www.mageia.org/en/support/

31 May 2021 "plus 3 months after Mageia 8 release". Both are passed as of today.
Comment 4 Aurelien Oudelet 2021-05-31 09:44:19 CEST 
Yes but a recent Council decision is to postpone to one more month the EOLing of Mageia 7.

The first and main motivation is the late activation of Mageia Online Update (mgaapplet) and let users to migrate.

CC: (none) => ouaurelien

Comment 5 Thomas Backlund 2021-05-31 11:12:20 CEST 
What council decision? Where ?
Comment 7 Thomas Backlund 2021-05-31 12:00:13 CEST 
Heh,

that thread only confirms it has already been eol for a few months, and now we should keep pretending that it's supported for another month...
Comment 8 Rémi Verschelde 2021-05-31 14:59:43 CEST 
IMO at this stage if we want to keep giving some support for users until they migrate to Mageia 8, it should be limited to the most critical components.

glibc, kernel, firefox, etc.

The issues in minetest are definitely not critical, they're all related to security *within the game*, i.e. users being able to cheat. I would advise users who play games on Mageia to upgrade to Mageia 8 to benefit from the latest GPU drivers and feature releases of their games.
Comment 9 Rémi Verschelde 2021-05-31 15:02:25 CEST 
More on topic though, upgrading Mageia 7 users from minetest 5.0.1 to 5.4.1 would require some QA to ensure that their local saved games don't regress. Manually backporting the fixes to the old branch may not be trivial (if they're applicable in the first place). So this would be a WONTFIX for me.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX