Final Call for RMLL, the Wiki and a Roundup

Ha! It looked like another 2-week gap, but we’re not quite that late, thankfully.

Final Call for RMLL volunteers RMLL/LSM

Mageia will be present with a stand in at RMLL in Strasbourg, but we have very few volunteers who have put their names down for the stand: https://framadate.org/dbLxWJPnci6o6aqb If you’re going to be there, please go to that signup page and let us know – RMLL starts this coming Saturday, so we need you urgently!

New look for the Wiki

The new Wiki front page is up – feast your eyes on this: 

Thanks once again to Zalappy for the design, and apb for all the work to make it happen.

Behind the Scenes

While all that was happening, devs and QA have been quietly working away as always – 388 packages into Cauldron! Here’s the list of updates since the last Roundup:

Security

  • libgcrypt – Mga5
  • ansible – Mga5, 6
  • taglib – Mga5, 6
  • firefox, firefox-l10n – Mga6
  • phpmyadmin – Mga6
  • webkit2 – Mga6
  • libgcrypt – Mga6
  • ncurses – Mga6
  • java-1.8.0-openjdk, copy-jdk-configs – Mga6

Bugfix (Mga 6 only)

  • rust
  • perl-URPM, task-obsolete
  • imagemagick

Don’t forget, you can check Mageia Advisories, the Mageia AppDB, and PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Thanks also for all the nice comments on the last post!

Weekly Roundup and News – weeks 24 & 25

The Mageia Wiki  

For the longest time our wiki main page has been very plain and simple; our own Zalappy has designed a new look, and the modifications are almost ready! Keep watching, because it’s looking really good! Thanks to Zalappy for his artistic flair, and to apb for his hard work making it happen.

What else is happening?

Around 700 packages landed in Cauldron – it’s certainly bubbling! Our appreciative thanks go to our tireless devs and QA folk, without whom we wouldn’t have a grand distro like Mageia. We had lots of updates over the last two weeks – here’s the list:

Security:

  • librsvg Mga5
  • file Mga5, 6
  • libvorbis Mga5, 6
  • gnupg, gnupg2, python-gnupg Mga5, 6
  • poppler Mga5, 6
  • perl-DBD-mysql Mga5, 6
  • jasper Mga5, 6
  • patch Mga5, 6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools Mga6
  • glibc Mga6
  • librsvg Mga6
  • xdg-utils Mga6
  • roundcubemail Mga6
  • freedink-dfarc Mga6
  • flash-player-plugin Mga6
  • imagemagick Mga6
  • qt3 Mga6
  • firefox, firefox-l10n Mga6
  • gifsicle Mga6
  • leptonica Mga6
  • scummvm Mga6

Bugfixes:

  • minitube
  • speech-dispatcher
  • powertop
  • baloo-widgets
  • task-obsolete, perl-URPM
  • drakx-net, meta-task
  • rapid-photo-downloader
  • mageia-prime
  • minetest
  • ocrfeeder
  • grsync
  • brasero

If you need to check what’s happening between roundups, you can check Mageia Advisories, the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

A Word about Trolls

Mageia has a persistent troll targeting people associated with Mageia.

Currently going by the name Andrew, a troll hiding behind tor anonymizing servers has been targeting Mageia for some time.

The From: address will typically look like
‘From: “Andrew (Mageia Community Leadership Committee)”<BM-2cTUvERX7xLR1c1Pb5its4T4b1SSaFcPCj@bitmessage.ch>’
although they change the From: address at times – a technique known as nymshifting.

There is no Mageia Community Leadership Committee. The troll has also claimed to be the Mageia Council Leader, and various other titles.

Due to their creating many identities and spamming various Mageia mailing lists, all email addresses using anonymizing services we are aware of have been blocked from use when signing up at identity.mageia.org, and have been blocked from sending messages to the mailing lists.

They have also sent some email messages with the from address forged to make it look like it was coming from someone who is on the Mageia Council.

Here are the actual lists of Mageia people:

There are no Mageia conferences planned, let alone ones with fully paid trips for council or board members.

They have contacted various people trying to convince Mageia to hide bitcoin mining software they’d provide in every browser we package, with the money going to them, and a small percentage for us, of course. The suggestion is abhorrent to the Mageia community and would never be allowed. All package changes committed by Mageia packagers are publicly available for viewing.

We can’t prevent them from sending messages like this to anyone whose email address they have found.

All we can do is remind people that the internet has trolls. From: addresses in email message can be set to whatever the sender wants. Whether this troll is just a psychopath who enjoys getting an emotional response from people, or is someone trying to help destroy the usefulness of anonymizing services by getting more people to block them is open to speculation.

With any messages on the internet, people have to trust but verify the messages are from the person who normally uses that name. If the message looks strange, compare the sending IP address of that message to the sending IP address from normal messages from the user. While many ISPs do try to stop their users from sending messages with from addresses that are not for that ISP, most don’t, and for those that do there are always ways around their blocks.

Either add the various anonymizing email servers to your spam filters, or just ignore messages from trolls. Responding to them in any way just encourages more abusive messages.

Many thanks to the Mageians who have been working to inform people and shut this troll down.

Mageia at RMLL – and a roundup

Please join us at RMLL! RMLL/LSM

RMLL  (also known as LSM, Libre Software Meeting) is one of Mageia’s important annual events and 2018 is no different. It’s the premier world meeting for Libre Software, upon the principles of which our distro and our community is based.

This year RMLL is to be held in in Strasbourg, and we have a booth! We’re calling for people to come and spend a little time on the stand, or a lot of time if you have a lot – we need Mageians to come talk to people about our distro, and encourage them to try us out, join the community and contribute in any way they want. It’s also a great opportunity to meet a wide variety of people in the Libre Software community, both developers and users, and catch up on what’s happening in our world.

Our own jybz will be there, and dtux/LibrePC; there’s a Framadate for people to sign up to attend the booth – note that the first volunteers will need to set the stand up.

RMLL runs from July 7th through 12th; jybz has set up a Framapad  with information about organising things ahead of time.

So, if you’ll be around Strasbourg while RMLL is on, please jump in!

…and the Roundup, Week 23

Aside from more than 400 packages into Cauldron this week, we had bugfixes for Mageia 6 and security updates for both Mageia 5 and Mageia 6:

Security:

  • SDL_image – Mga5, 6
  • python3 – Mga5, 6
  • corosync – Mga6
  • qtpass – Mga6
  • gimp – Mga6
  • glpi – Mga6
  • libreoffice – Mga6
  • mariadb – Mga6
  • chromium-browser-stable – Mga6

Bugfixes:

  • gnucash
  • xorriso
  • perl-Finance-Quote
  • luajit
  • drakxtools

You can always catch up with progress at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening. And don’t forget the wiki!

Weekly Roundup 2018 – Week 22

Just a quick and simple roundup, and then back to work:

It’s been a busy week, as usual! 378 packages came into Cauldron, 15 into Mga6 testing. Work is still going on to get the Mga5 -> Mga6 upgrade happening and then the Mga6.1 ISOs ready. There are some bugs, and here (already fixed), and here connected with the tray update in the pipeline,  if you’re interested…

Heaps of updates are coming in to the wiki, and there will soon be a look-and-feel update. Keep your eyes on the wiki, it will be worth it!

Security updates:

  • mariadb   Mga5
  • python   Mga5, Mga6
  • git   Mga6
  • wireshark   Mga6
  • kernel-linus   Mga6
  • kernel-tmb   Mga6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools   Mga6
  • libvirt   Mga6
  • thunderbird, thunderbird-l10n   Mga6
  • microcode   Mga6
  • webkit2   Mga6
  • virtualbox, kmod-virtualbox, kmod-vboxadditions   Mga6

Bugfix updates:

  • qtwebkit5   Mga6
  • pidgin   Mga6
  • libwacom   Mga6
  • ntfs-3g, testdisk, partclone   Mga6
  • kernel-firmware-nonfree, radeon-firmware   Mga6
  • monitor-edid   Mga6

You can always catch up with progress at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening. And don’t forget the wiki!

Weekly Roundup 2018 – Weeks 20 & 21:

Now that we’re starting to recover from the Grand Update, the mad flow of security and bugfix updates is resuming (see below), and tmb warns of more Spectre-related updates coming:

Spectre… “the gift that keeps giving…”

https://www.phoronix.com/scan.php?page=news_item&px=Spectre-V3-V4-Vulnerabilities

Upstream kernel 4.14 branch has the fixes/mitigation backports for variant 4 currently going through stable queue review process and should be released tonight / tomorrow after which I will release it to cauldron and mga6 testing.

Spectre v3A will get microcode fixes in the coming weeks so we’ll get to that part later…

Kernel 4.14 is indeed in testing for both Cauldron and Mga6, so should appear in your update queues soon. Meanwhile, a list of the updates since the last roundup:

Security fixes:

  • perl     Mga5, 6
  • gnupg2      Mga5, 6
  • graphite2      Mga5, 6
  • librelp      Mga5, 6
  • libtiff      Mga5, 6
  • wget      Mga5, 6
  • quassel      Mga5, 6
  • libsndfile      Mga5, 6
  • pdns      Mga6
  • bctoolbox, hiawatha, mbedtls, shadowsocks-libev, dolphin-emu Mga6
  • pdns-recursor      Mga6
  • miniupnpc      Mga6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools      Mga6
  • firefox, firefox-l10n, nss, rootcerts      Mga6
  • 389-ds-base      Mga6
  • libraw      Mga6
  • exempi      Mga6
  • golang      Mga6
  • util-linux      Mga6
  • spring-ldap      Mga6
  • libpam4j      Mga6

Bugfixes (all Mga6):

  • kdenlive
  • kbookmarks, kcmutils, kcompletion, kdnssd, kitemviews, kjobwidgets, knewstuff, knotifyconfig, kpty, ktextwidgets, kunitconversion, kxmlrpcclient
  • lxterminal
  • nvidia-current, ldetect-lst
  • kodi
  • java-1.8.0-openjfx
  • 0ad, 0ad-data, sodium
  • psi
  • qgis
  • qelectrotech
  • mc
  • tellico
  • darktable
  • sddm
  • twinkle
  • broadcom-wl
  • lm_sensors
  • ldetect-lst, nvidia-current
  • wesnoth
  • youtube-dl
  • ntp
  • mesa, libdrm
  • kbookmarks, kcmutils, kcompletion, kdnssd, kitemviews, kjobwidgets, knewstuff, knotifyconfig, kpty, ktextwidgets, kunitconversion, kxmlrpcclient

…and around 650 updates went into Cauldron.

You can catch up with progress any time at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Issues with the Grand Update?

Most of us will have updated our systems by now, and most of the updates have been as smooth as silk. But! So far there have been two reports of problems with the Grand Update, both caused by having 32-bit libraries installed on a 64-bit system:

https://bugs.mageia.org/show_bug.cgi?id=23016
and
http://blog.mageia.org/de/2018/05/12/das-grosse-update-machen-sie-sich-bereit/comment-page-1/#comment-1787

The workaround for both is to uninstall the 32-bit library to allow the update to proceed – in these particular cases, libkf5jobwidgets5 and libkf5completion5.

This should not be needed, as 32-bit libraries should be able to co-exist on a 64 bit install, as they may be needed for third party applications.

Bug 23016 has been reopened to study this a bit more. For now, we’re watching for reports, and giving you the workaround of uninstalling the 32 bit library.

It’s not that 32-bit isn’t able to mix with 64-bit in all cases, just in some, where there are files in the lib package that should be in a different (non-arch specific) package. In these two cases, it’s the /usr/share/locale/ files are in both the 32 and 64 bit packages, with identical names and paths.

The rpm package manager allows a file to be owned by more than one package, provided the attributes are identical, but it blocks updating with a new version, since it’s trying to update one of the packages, but until the other version is updated too, there is a conflict. We’re keeping a watch-out for these packaging errors.

It’s possible that if you’ve used DNF to do the update, rather than urpmi, you won’t have this problem; as we gather more information, we’ll add it to roundups in the coming weeks.

While all this Grand stuff has been happening, we’ve also been doing plenty of the usual things, including over 300 packages into Cauldron.

Security fixes

For both Mageia 5 and 6:

  • qpdf
  • afflib

For Mageia 6 only:

  • converseen, cuneiform-linux, dvdauthor, emacs, imagemagick, inkscape, k3d, kxstitch, libopenshot, ocaml-glmlite, perl-Image-SubImageFind, pfstools, php-imagick, php-magickwand, psiconv, pythonmagick, ruby-rmagick, synfig, vdr-plugin-skinelchi, vdr-plugin-skinenigmang
  • qt3d5, qtbase5, qtcanvas3d5, qtcharts5, qtconnectivity5, qtdatavis3d5, qtdeclarative5, qtdoc5, qtgamepad5, qtgraphicaleffects5, qtimageformats5, qtlocation5, qtmultimedia5, qtnetworkauth5, qtpurchasing5, qtquickcontrols25, qtquickcontrols5, qtremoteobjects5, qtscript5, qtscxml5, qtsensors5, qtserialbus5, qtserialport5, qtspeech5, qtsvg5, qttools5, qttranslations5, qtvirtualkeyboard5, qtwayland5, qtwebchannel5, qtwebengine5, qtwebsockets5, qtwebview5, qtx11extras5, qtxmlpatterns5
  • graphicsmagick
  • nextcloud

Catch up with it all at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

The Grand Update – brace yourselves!

In the remaining hours before the hdlists are regenerated, and we can all update our Mageia 6 systems with more than 400 packages (update – that’s 405 SRPMs, meaning 1362 rpms per arch), here’s some info – very important info – about the update process.

It’s vitally important that the update completes without interruption! Here’s what you need to do:

Plasma Screen locker – turn it off

Disable the Plasma screen locker. You can do this in System Settings, Workspace, Desktop Behaviour, Screen Locker:
Plasma System Settings screenshot showing Screen Locking

Reliable connection

Make sure you’re on a reliable internet connection and have reliable power.

If the connection drops out during the update, your system could be left in an unusable state. Don’t even begin to update unless you’re sure you can continue until it’s complete. The same applies if the power supply disappears.

Power, hibernation and sleep settings

If you’re updating a laptop, make sure it’s on AC power, and make sure that it won’t hibernate or sleep before the update is complete. Check the power management settings in your system settings – you might need to change them for the duration.

Screenshot showing System Settings, Energy Saving

The hdlists will start to be available from Friday, 19.00 UTC; by then, all mirrors should have been fully updated. If there’s any delay, we’ll let you know!

Now, just to get an idea of what’s coming in the update, some links to the package lists in Bugzilla:

Qt5 stack update

KF5 Stack Update

Plasma5 Stack Update

Kde Application Stack Update

LXQt Stack Update

Enjoy!

The Enormous Mageia 6 Update

Watch this space, we said – well, your patience is soon to be rewarded!

Releasing the Mageia 6 updates for QT5, KF5, Plasma, KDE and LXQt has just been approved. There will be well over 500 packages in total!

To help reduce the chance of users trying to install the updates from a mirror that hasn’t been fully updated, the hdlist generation will be held for 24 hours after the updates are pushed from updates testing to the updates repository. This should help ensure that the mirrors are fully synced before the hdlist generation is turned back on, and the updates are actually made available for users to install from the normal updates repository.

The hdlist is the list of packages, and their version, that the update system uses to know if updates are available – it is much smaller than the updates themselves, so delaying it will not impact the mirror synchronisation.

The next step will be to retest upgrading from Mageia 5 KDE to Mageia 6 Plasma, so we can turn the flag back on to allow upgrading using mgaapplet. Once that’s done, the limited provision of security updates for Mageia 5 that we’ve been doing will cease.

Then we can start producing and testing the Mageia 6.1 iso images to allow installing on systems with newer CPUs.

After Mageia 6.1 is released, Mageia 7 will become the primary focus, although Mageia 7 has already been in development for some time.

Also, we just learned yesterday about the new Spectre NG bugs. Once the mitigations for those are available, Mageia 6 installed systems will get those updates, but we’ll have to decide whether to build Mageia 6.2 iso images, or leave those updates for Mageia 7, for live iso users.

Roundup

And, of course, there have still been many other updates since the last Roundup – here’s what happened in Weeks 17 and 18:

Security fixes:

  • php   Mga5, 6
  • gsoap    Mga6
  • boost    Mga6
  • ghostscript    Mga5, 6
  • java-1.8.0-openjdk, copy-jdk-configs    Mga5, 6
  • links    Mga 5, 6
  • anki    Mga6
  • xdg-user-dirs    Mga6
  • libofx    Mga6
  • webkit2    Mga6
  • ming    Mga6
  • sox    Mga5, 6

Bugfix:

  • freerdp Mga6

… and almost a thousand updated packages into Cauldron for Mageia 7! A great big vote of thanks to our devs and QA people, without whom we would all be lost.

Remember to keep watching the usual resources: the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Enjoy!

Weekly Roundup 2018 – Week 16

Team leader elections are almost complete. Here’s the list, also viewable any time at https://wiki.mageia.org/en/Org_Council#2018:

  • Atelier: Donald Stewart (Schultz), Filip Komar (filip)
  • Bug Squad: Marja van Waes (marja), Samuel Verschelde (stormi)
  • Documentation: Yves Brungard (papoteur), A.M. Desmottes (lebarhon)
  • Forums team: Florian Hubold (doktor5000), isadora (isadora), Pascal Vilarem (Maât)
  • I18n: Yuri Chornoivan (yurchor),
  • Packagers: Neal Gompa (ngompa), Nicolas Lécureuil (neoclust)
  • QA: David Hodgins (DavidWHodgins), Bill Kenney (wilcal), Thomas J Andrews (TJ)
  • Security Team: David Walser (luigiwalser)
  • Sysadmins: Pascal Vilarem (Maât)

The first meeting of the new Council will be on IRC this week; for meeting logs see http://meetbot.mageia.org/. Meeting logs are open to all!

Work on the LXQt packages is still ongoing; watch this space for Great Plasma Update news. Updates and advisories this past week are coming along just fine – around 400 updates into Cauldron, and the following security advisories:

  • libtiff        Mga 5, 6
  • thunderbird, thunderbird-l10n        Mga 5, 6
  • zsh        Mga 6
  • flash-player-plugin        Mga 6
  • python-paramiko        Mga 6
  • firefox, firefox-l10n, nspr        Mga 6

As always, you can check for yourself on Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Weekly Roundup 2018 – Weeks 14 & 15

Many thanks for your patience! This is turning into a bi-weekly roundup lately, but we’ll try to get it back on track very soon.

Team leader elections are happening: Donald and Filip continue to lead Atelier, Papoteur leads Docteam, Yuri leads i18n and the process is underway for all teams. We’ll know the make-up of the Council in the coming days – thanks to Marja for the updates. After that, we’ll be finding out the new composition of the Board. All should be in place by early May.

The Great Plasma Update is almost there: it includes updates of the KF5, Plasma, KDE applications, LXQT and the underlying QT stacks. It’s currently waiting for the LXQT stack to be fixed. It’s a massive number of packages. We’re hoping it will be moved into updates within the week. Once that’s done, Mageia 6.1 will happen soon after.

Lots of update advisories came through in the last 2 weeks. If you’d like to check these between roundups, don’t forget you can go to Mageia Advisories. As usual, they have mostly been Mageia 6 security updates and only Mageia 6 bugfixes:

Security

  • samba Mga5, 6
  • libvncserver Mga5, 6
  • php Mga5, 6

All the others are Mga6

  • nx
  • cfitsio
  • nmap
  • ntp
  • aubio
  • 389-ds-base
  • acpica-tools
  • puppet
  • openssl

Bugfixes (Mga6 only):

  • pngcheck
  • cargo, rust
  • openconnect, networkmanager-openconnect
  • rpm

… and at least 866 package notifications came through the cauldron updates list in the last two weeks. Madb (Cauldron updates) has all this information between roundups.

Remember also the other resources: the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.