Fedora has issued advisories on May 31: http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082001.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html Those advisories are for Fedora 17, and affect the same versions of flightgear and simgear that we have in Mageia 2 and Cauldron. This issue also affects Mageia 1, and the advisories for Fedora 15 have the same versions as we have in Mageia 1: http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082016.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082017.html
Whiteboard: (none) => MGA1TOO
CC: (none) => lists.jjorge
CC: (none) => fundawang
Assignee: bugsquad => lists.jjorge
For Mageia 2 : simgear-2.6.0-1.1.mga2 and flightgear-2.6.0-2.1.mga2 submitted, please test.
Status: NEW => ASSIGNEDAssignee: lists.jjorge => qa-bugs
For Mageia 1 : simgear-2.0.0-3.1.mga1 and flightgear-2.0.0-4.2.mga1 submitted, please test. The patches were also applied to Cauldron.
The flightgear build for Cauldron failed.
Version: 2 => CauldronWhiteboard: MGA1TOO => MGA2TOO, MGA1TOO
(In reply to comment #3) > The flightgear build for Cauldron failed. CMake Error at /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:97 (MESSAGE): Could NOT find GLUT (missing: GLUT_glut_LIBRARY GLUT_INCLUDE_DIR) Call Stack (most recent call first): /usr/share/cmake/Modules/FindPackageHandleStandardArgs.cmake:288 (_FPHSA_FAILURE_MESSAGE) /usr/share/cmake/Modules/FindGLUT.cmake:68 (FIND_PACKAGE_HANDLE_STANDARD_ARGS) utils/fgpanel/CMakeLists.txt:4 (find_package) Early in the "cmake" process, it looks like it can't find GLUT. Missing BuildRequires?
Packages uploaded to updates_testing: flightgear-2.0.0-4.2.mga1 libsimgear2.0.0-2.0.0-3.1.mga1 libsimgear-devel-2.0.0-3.1.mga1 flightgear-2.6.0-2.1.mga2 simgear-devel-2.6.0-1.1.mga2.i586.rpm from SRPMS: flightgear-2.0.0-4.2.mga1 simgear-2.0.0-3.1.mga1 flightgear-2.6.0-2.1.mga2 simgear-2.6.0-1.1.mga2 Seems strange that simgear isn't libified in mga2...
Assigning back to José until flightear in Cauldron is fixed.
CC: (none) => qa-bugsAssignee: qa-bugs => lists.jjorge
Cauldron is fixed, please test 1 and 2 updates.
Assignee: lists.jjorge => qa-bugs
José could you please supply an advisory. https://wiki.mageia.org/en/Example_update_advisory_announcement Thankyou.
Hardware: i586 => AllVersion: Cauldron => 2Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO
Thanks José. I had signed it back to you since we can't leave Cauldron hanging. Advisory: ======================== Updated flightgear and simgear packages fix security vulnerability: Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx (CVE-2012-2091). Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx (CVE-2012-2090). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2091 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082001.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082002.html ======================== Updated packages in core/updates_testing: ======================== flightgear-2.0.0-4.2.mga1 libsimgear2.0.0-2.0.0-3.1.mga1 libsimgear-devel-2.0.0-3.1.mga1 flightgear-2.6.0-2.1.mga2 simgear-devel-2.6.0-1.1.mga2.i586.rpm from SRPMS: flightgear-2.0.0-4.2.mga1.src.rpm simgear-2.0.0-3.1.mga1.src.rpm flightgear-2.6.0-2.1.mga2.src.rpm simgear-2.6.0-1.1.mga2.src.rpm
Source RPM: flightgear-2.6.0-2.mga2.src.rpm, simgear-2.6.0-1.mga2.src.rpm, flightgear-2.0.0-4.1.mga1.src.rpm, simgear-2.0.0-3.mga1.src.rpm => flightgear-2.0.0-4.1.mga1.src.rpm, simgear-2.0.0-3.mga1.src.rpm
Testing on Mageia 2 64-bits and it seems to work fine. I do not know how to "play" so I do not have test a long time but the software runs correctly and I can do something with the different menus.
CC: (none) => olivier.delaune
CC: (none) => stormiWhiteboard: MGA1TOO => MGA1TOO MGA2-64-OK
Testing Mageia 1 64 bits ok.
Whiteboard: MGA1TOO MGA2-64-OK => MGA1TOO MGA2-64-OK MGA1-64-OK
No regression found in Mageia 1 32 bits, but each version of flightgear I tested (release, updates and updates_testing), after playing a bit, displays lots of errors in console, has problems with the plane's position, or simply crashes (try to select another airport for example, or to set a specific position, often causes it to crash). Independently from this very bug report, for which I see no problem for validation (no regression found), wouldn't there be less bugged versions out there that we could provide instead of that 2.0.0 which, if that's not due to packaging errors, seems buggy?
Whiteboard: MGA1TOO MGA2-64-OK MGA1-64-OK => MGA1TOO MGA2-64-OK MGA1-64-OK MGA1-32-OK
Still needs testing Mageia 2 32 bits, and in parallel I'm still interested in an answer to comment #12 :) Testing procedure: - after installing simgear and flightgear from updates testing, just start the game from the menu. Try to play with it a bit if you like, but having it start should be enough for this update candidate.
Whiteboard: MGA1TOO MGA2-64-OK MGA1-64-OK MGA1-32-OK => MGA1TOO has_procedure MGA2-64-OK MGA1-64-OK MGA1-32-OK
Testing mga2 32 I'll only be able to start it (hopefully), that computer won't run the game.
It might be my old computer is the problem, it has needed to use vesa driver since it was upgraded to mga2 and is not running well but the release version doesn't start for me, after about 5 mins of trying.. Before ------ $ fgfs KI266 dme indicator #0 initialized loading scenario 'nimitz_demo' Cannot connect to server socket err = No such file or directory Cannot connect to server socket jack server is not running or cannot be started PNG lib warning : Malformed iTXt chunk creating 3D noise texture... DONE PNG lib warning : Interlace handling should be turned on when using png_read_image PNG lib warning : Interlace handling should be turned on when using png_read_image weather util initialized ... Initializing Nasal Electrical System power up Segmentation fault After ----- $ fgfs KI266 dme indicator #0 initialized loading scenario 'nimitz_demo' Cannot connect to server socket err = No such file or directory Cannot connect to server socket jack server is not running or cannot be started PNG lib warning : Malformed iTXt chunk creating 3D noise texture... DONE PNG lib warning : Interlace handling should be turned on when using png_read_image PNG lib warning : Interlace handling should be turned on when using png_read_image weather util initialized ... Initializing Nasal Electrical System power up No regressions noticed but no real testing done either, it is unbearably slow. It might be better if somebody else was able to test i586 Mageia 2
Testing complete Mageia 2 32. Just started the game and pushed a few buttons. Update validated. No linking required. Thanks! See comment #9 for advisory and packages. José, I let you see in the comments if our findings deserve a bug report and/or a new update to address them (after we push this one)
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO has_procedure MGA2-64-OK MGA1-64-OK MGA1-32-OK => MGA1TOO has_procedure MGA2-64-OK MGA1-64-OK MGA1-32-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0191
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED