Weekly roundup 2018, Week 11 and CLT!

Very small Roundup this week, so there will be space for the CLT report and pics – thanks Marc for writing this up!

Loads of updates through; as always, you can check for yourself on Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Review of Chemnitzer Linux Days 2018

As mentioned in a previous posting, we have been to CLT – now we’re back from Chemnitz and looking back on an amazing event.

We were there with four attendees at the booth, and we welcomed a lot of nice and friendly people, and had some interesting discussions. We brought back some insights from users from outside our channels: some of them reported rock stable updates and also installation of old hardware without any issues. This deserves a big thank-you to our packagers and QA, which are testing updates and isos also on very old hardware, which is honoured by the users.

However there is also some not-so-good news: we are not as well known in Germany as we would like to be. There are still a lot of people who know Ubuntu, RedHat, Fedora etc, some of them still know Mandriva from previous times, but the young people even did not know our ancestors. So what we can do to increase our degree of popularity?

Nevertheless we would like to thank the CLT team  for this perfectly organised event (the exhibitors call it “Chemnitzer Catering Days (with Linux talks)”), the interesting talks and the opportunity to show our great distribution. See you next year…

Weekly Roundup 2018: Weeks 9 & 10

Finally, another Roundup!


706 packages came into updates/testing in the last two weeks! If ever you thought of helping out the QA team, now would be a really good time. Here are the updates that have come through since the previous Roundup:

Security (only one for Mga5):

libraw, mbedtls, shadowsocks-libev, bctoolbox, hiawatha, dolphin-emu, 389-ds-base, tor, dovecot, glibc, xerces-c, xv, phpmyadmin, krb5, leptonica, libvirt, python-libvirt, TiMidity++ (also for Mga5), wireshark, tomcat-native, tomcat, ioquake3

Bugfix (Mga6 only):

x11-driver-video-ati, perl-Youri-Package, rpmlint-mageia-policy, mhonarc, kmod-vboxadditions, kmod-virtualbox, virtualbox, mesa, libdrm, networkmanager-applet, kmymoney, kernel-firmware-nonfree, libdvdcss

As always, you can check for yourself on Mageia Advisories, the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Mageia AppDB – granular searches

When you first open MageiaAppDB and click on Updates in the left-hand menu, you see the default settings: But you can get lots more granular information using the set of drop-down menus across the top of the packages list:First click More at the far right, and then you can apply a lot more filters to your search. For instance, to see what updates our kernel magician tmb has updated in Cauldron kernels recently:

As you add more filters, you should see changes in your browser address bar, so you can also bookmark particular searches.


Chemnitz Linux Days 2018 – And Mageia is part of it.

We are happy to announce, that, as in previous years, we will present our amazing distribution at the Chemnitz Linux Days 2018 (Chemnitzer Linux Tage, CLT) on the 10th and 11th of March. This is one of the biggest OpenSource exhibitions in Germany. This year also a very special year, as it’s the 20th anniversary. We are happy to celebrate this anniversary together, as we have been part of Chemnitzer Linux Days  many times before.

This year’s slogan is “Everyone starts once” (original: “Jeder fängt mal an”) and we love this slogan, because it fits us in many ways:

  1. One of the Mageia’s goals is to be easy  for beginners  to start into the Linux world, yet provide many things experts will want.
  2. Also becoming part of our community, and starting to contribute to this magical community is very easy
  3. We also like to think back to those days when we started our community and distribution seven years ago. We started with a lot of passion but also faced some difficulties. We can look back and be proud of what we have achieved in all those years, especially  without any company supporting us…

But back to the CLT: as always there are plenty of interesting talks, and a lot of amazing projects are showing their work and contribution to the open source community . Also for the kids there is a lot to discover. If you become interested in Linux and Mageia in particular, or if you are already an old hand in the area of open source, you are very welcome to come around and take a look at the diverse program.

Mageia Infrastructure planned outage

In case you missed the announcement on all the mailing lists, Mageia infrastructure will be shut down for scheduled maintenance beginning on:

Tuesday February 27th, from  around 10.00 UTC

That means Forums, Wiki, Bugzilla, Mailing lists, website (www.mageia.org) and the buildsystem will be unavailable until the maintenance is done.

The services are expected to be back later on the same day, but we don’t have an exact ETA for the restoration; you can check the Blog, Facebook or Twitter for status updates and an announcement when services are back.

UPDATE 16:30 UTC: BuildSystem is back online.

UPDATE 18:30 UTC: Website, Bugzilla, Forums, Wiki are back online

UPDATE Feb 28 01:15 UTC: Mailing lists are back online (web interface still WIP)


Weekly roundup 2018 – Weeks 7 & 8

Before we get in to the roundup, here’s a huge thank-you to the Mageians who helped with all the password resets after our security problem reported last week. Everything is mostly sorted now, but please contact the forum or the discuss mailing list if you still need help.

On to the Roundup:

Over the last two weeks, 1282 packages came into updates/testing – the dev team has not been idle! And as you’ll see below, some security updates are still coming through for Mageia 5, but make sure you’re ready for the EOL if you haven’t yet upgraded to Mageia 6.

Security updates:

  • ghostscript – Mga 5, Mga6
  • advancecomp – Mga6
  • freetype2 – Mga6
  • mariadb – Mga5
  • jackson-databind – Mga6
  • postgresql9.4, postgresql9.6 – Mga5, Mga6
  • apache-commons-email – Mga6
  • glpi, php-zetacomponents-base – Mga6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons – Mga6
  • kernel-linus – Mga6
  • kernel-tmb – Mga6
  • quagga – Mga6
  • irssi – Mga6
  • qpdf, cups-filters – Mga6
  • mpv – Mga6
  • nasm – Mga6

Bugfix updates:

  • openbox – Mga6
  • hplip – Mga6
  • qarte – Mga6
  • pure-ftpd – Mga6
  • networkmanager – Mga6

As always, you can check for yourself on Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Mageia Identity Security Breach

A user was able to gain access to our LDAP database and has published the email addresses and names, as well as apparent password hashes, of anyone who has signed up to identity.mageia.org. However, the published hashes do not match those on record, and all capitalisation has been removed, so it is not clear that the actual passwords have been compromised. All of the passwords have since been reset as a security precaution. New rules have been added to prevent access to the LDAP server. The sysadmins are investigating how the fields were read, as the configuration should have specifically prevented this.

The passwords stored by the Mageia LDAP server are hashed and salted, meaning that the full decryption of the password, if they have actually been leaked, into a human-usable format would require significant computing power for safe and complex passwords. Despite the leaked data only appearing to be names and email addresses of identity.mageia.org users, we strongly urge users to be cautious if the password used for their Mageia account is used elsewhere, and we recommend changing passwords wherever else it is used.

To regain access to your Mageia account, the reset password link should be sufficient for all users without git access.The reset password link can be obtained by asking for a password reset on https://identity.mageia.org/forgot_password after which you’ll receive a mail with the link.

For privileged users, a sysadmin should be contacted to regain access.

We sincerely apologise for any problems and inconvenience that this might cause.

Spectre-Meltdown mitigation update

This update comes to us courtesy of tmb, our kernel magician:

Since we released 4.14.18 yesterday, we now are in pretty good shape with the mitigations, especially on x86_64. We now have bits in place for Spectre v1, v2 and Meltdown.

Of course over the coming weeks/months there will be more follow-up fixes upstream to cover corner cases, missed fixes and improvements for all of this…

And we still need Intel and AMD to release microcodes so hardware vendors can release updated BIOS/EFI firmwares and to the public so we can provide microcode updates in case of vendors not providing new BIOS/EFI firmwares.

Oh, and for those that like to check 🙂 The official way of checking the kernel status is:

grep . /sys/devices/system/cpu/vulnerabilities/*

We still lack meltdown support for 32bit in mga6, but we have now (Feb 9th) merged the upstream suggested patches for it in Cauldron, so a kernel with those patches will land in testing later today along with an update to 4.14.19

It still lacks some performance related bits, but we are getting there.

Many thanks to tmb for taking the time to bring us this update!


Edit: we corrected the grep command due to the helpful comments.

Fosdem 2018 – and a very little roundup

Before we get to FOSDEM, an important update came through in the last few hours – this follows tmb’s explanation from the last roundup:

MGASA-2018-0125 – Updated kernel packages fix security vulnerabilities

Publication date: 11 Feb 2018
URL: https://advisories.mageia.org/MGASA-2018-0125.html
Type: security
CVE: CVE-2017-5715, CVE-2017-5753

This kernel update is based on the upstream 4.14.18 and and adds some support for mitigating  Spectre, variant 1 (CVE-2017-5753) and as it is built with the retpoline-aware gcc-5.5.0-1.mga6, it now provides full retpoline mitigation for Spectre, variant 2 (CVE-2017-5715). WireGuard has been updated to 0.0.20180202. This update also fixes the rtl8812au driver that got broken/missing in the upgrade to 4.14 series kernels (mga#22524). For other fixes in this update, read the referenced changelogs.

Many thanks to tmb and the other devs for all their work on this!

We’ll be back with a more complete roundup next week; now to FOSDEM, from one who has been there every year…

Mageia at FOSDEM 2018

Since Mageia was born, FOSDEM has been a very important event for us. Six times we had a booth and our General Assembly during the event, we’ve always had a Mageia dinner and there were always more ways to enjoy meeting one another.

This blog post was almost not written, though, because until less than a week before FOSDEM, it was only sure of one council member, akien, that he’d be there. However, he’d mainly be there for another really nice project, the Godot Engine. Apart from that, our application for a stand was turned down (again).

Six days before FOSDEM, names started to get added to our FOSDEM 2018 Wiki page. One day later, it became certain that ennael would be at FOSDEM and on Wednesday, the number of council members who’d go increased from 2 to 4. It was only after that, that we tried to find volunteers to help organise various ways to meet one another in Brussels.

We do regret that – we’re aware that likely more Mageians would have been there, had things been organised better and earlier!

Informal Non-GA meeting

In the end, there were at least 14 Mageia community members at FOSDEM. We didn’t all manage to meet one another, but most of us were at an informal non-GA meeting (the General Assembly is expected to be done on-line with Mumble later on, so that more council/board/association members can participate).

Most of the things said during the informal meeting will be repeated during the GA, apart from karine stepping forward as new contributor (she’ll be an existing contributor when we have the GA 😉 ) and from a remark that tmb made after ennael told us about the large number of contributors with health problems that we have. He said something like “Mageia, the distribution for people with health issues”. We all laughed, but there’s a lot of truth in that remark: contributors with health issues have always been just as welcome in Mageia as contributors in perfect health.

Mageia wouldn’t exist if it had been created by healthy people only (nor when it had been created by ill people only, of course 😉 ). Anyway, if you’d like to contribute but worry whether you’re healthy enough to be accepted: stop worrying, your contribution is just as welcome as anyone else’s. There’s no minimum amount of work a contributor should do, so find a team or a task and just contribute when you feel up to it 🙂

Mageia dinner on Saturday

Without having made a reservation, and after a good walk along many restaurants, looking for one with enough room for us, eight of us had a nice dinner in a halal restaurant, a “first time” for most or all of us. It has become a tradition to go to another place after the restaurant, to enjoy a waffle . It might not be the best tradition, though, given how much some bellies are growing.

Mageia beer event (lunch) on Sunday

During the non-GA meeting, akien proposed what might become a new tradition: meet around lunch time next day for a beer together. For some it was more lunch than beer, but in any case it was nice to have another opportunity to get together, because without a Mageia stand, there is no natural place to meet.

FOSDEM itself

It seems every year FOSDEM gets more crowded, and more and more often talks attract a lot more interested visitors than fit in the room. I didn’t manage to see ovitters, who was on the GNOME stand – it was so busy I couldn’t get near.

One of the Mageians attending found FOSDEM very difficult:  “Because of the huge amount of people I missed important speaks I wanted to attend as you had to crash and disturb the previous talk to have any chance what so ever to attend until the room was “closed”. While in a room the audio quality in the PA system was so bad I couldn’t hear anything. Because of these issues I will never go there again. I’m very disappointed and frustrated I wasted time on this. This was aimed at FOSDEM so they get criticism, the fact I enjoyed meeting you and other folks is irrelevant.”

Many talks are available as videos here: https://video.fosdem.org/2018/ and here https://www.youtube.com/user/fosdemtalks/videos.

Future Mageia meetings

Because FOSDEM is so crowded, meaning we couldn’t get access to a room or have a stand, it was kind of difficult for Mageians to get together. Maybe we need to consider some other venue to meet – at a less crowded and better-organised conference, or even outside a conference? Your input is very important here – please comment below, or raise your voice in the Forums or on the mailing lists.

Thanks to Marja for writing this up! W’d hoped to include some pics, but the Mageians who took them have gone all shy – maybe next week…

Weekly Roundup 2018 – Week 5

The flood of updates has slowed a little this week:

sox (Mga 5, 6); java-1.8.0-openjdk (Mga 5,6); rsyncMga 5,6; gdk-pixbuf2.0 (Mga5) – as always, check Mageia Advisories for details. Along with the 409 updates that have gone into Cauldron, there’s been plenty happening!

Behind the scenes, work is still happening on the panel applet update mechanism, on further Meltdown/Spectra mitigation, and on the possible Mageia 6.1 release, so the devs and QA folks we all rely on are still very busy indeed. As always, you can check for yourself on Mageia Advisories, the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening. 

And almost daily, new and updated translations go up; hearty thanks to our translation team, who make Mageia so friendly to users around the world!

Interim info on Meltdown/Spectra mitigation

From tmb, our extremely busy kernel guru for whom we give thanks daily:

If you’re using

grep cpu_insecure /proc/cpuinfo && echo "patched" || echo "unpatched"

and you get


don’t worry – this is an invalid check. Official Linux source does not have any “cpu_insecure” flag.

If you are using   

   cat /proc/cpuinfo | grep bugs

and you get 

bugs            : cpu_meltdown
bugs            : cpu_meltdown
bugs            : cpu_meltdown
bugs            : cpu_meltdown

This tells you that you have a CPU that is affected by meltdown and needs to be protected by KPTI. The only way you can get rid of that flag is to buy new hardware. That means according to Intel their new silicon that should become a new CPU by the end of 2018; for AMD and Spectre issues, it means buying a Zen2 based CPU, that is supposed to be out sometime in 2018.

If you have used https://github.com/speed47/spectre-meltdown-checker and the result is “not OK”:

That’s expected. Because:

1. Spectre variant 1 is hard to fix and also more difficult to abuse – it really needs microcode updates, and Intel botched that. According to Lenovo there should be a fix out around February 9th. AMD officially will only ship their microcode update to hardware vendors so it depends on when they will release updated bioses  or we can get the microcode through some other means. There is some code to mitigate here too, but afaik its not upstream yet.

2. Spectre variant 2 also really needs new microcode, and the IBRR/IBPB/… Kernel code mitigations have only started landing in upstream last week, and still need to be backported to the 4.14 longterm branch. And we have the alternative mitigation with minimal retpoline queued in https://bugs.mageia.org/show_bug.cgi?id=22454 (I plan to push this one later today as soon as I have written the advisories). For full retpoline we need compiler support, something I got patches for during Fosdem, and it’s now patched in gcc 5.5.0 in testing, so the next kernel will have full retpoline.

3. Meltdown has been mitigated since 4.14.13 was released in http://advisories.mageia.org/MGASA-2018-0076.html

NOTE. the Kernel Page Table Isolation mitigation is so far only for x86_64, but some suggested patches have been posted as RFC for i586, and should hopefully land soon-ish upstream and get backported. But then again, meltdown is not as easy on 32bit as it already has the 3G/1G memory split causing other complications.

Now I know some/many distros have “panic patched” stuff with earlier revisions of the fixes, but for example Redhat has afaik backed out of some of the spectre mitigations as it caused more problems than it fixed, so I have chosen to rely on somewhat tested code actually getting accepted and landing upstream.

That’s is where we are at the moment. If upstream keeps current pace we should hopefully have all the bits in place within ~1 week…

Thank you tmb!

In other news:

 The LQ Members Choice Awards polls are on right now. You may want to register and vote for Mageia being your distro of choice to add a little marketing “buzz” to our favourite distro. You can find the polls here: 


If you are not a member of the LinuxQuestions.org group, you just have to register and then post one reply on their site. This then allows you to vote on various Linux poll items. Pass the word along to other Mageia supporters and make your voice count!

Weekly Roundup 2018 – Weeks 3 & 4

Apologies are due for the missing Roundup for Week 3; while the northern hemisphere has been freezing, down here in the south we have been boiling. Alas, all that heat doesn’t help with concentration! So, this is an aggregated Roundup.


February is FOSDEM month – will you be in Brussels? Even when, as this year, we don’t have a stand, Mageians love to get together at FOSDEM. Check out the Wiki Page for this event, and let people know you’re coming so meetings and the Mageia Dinner can be arranged.

Some news

We were informed that mirror.math.princeton.edu will be down and physically relocated beginning 09:00 on Thursday, February 1. It is expected to be back online by noon that day. Note that their time zone is UTC -5, US Eastern Standard Time.

Updates – Mageia 5 and 6

We’re still, like Zeno and his tortoise, not quite ready to completely finish adding updates to Mageia 5 – there are still a few of the Meltdown and Spectra-related security fixes in the pipeline. We’ll add a separate blog post for the event to keep you informed. Recent security updates to Mageia 5 include nspr, rootcerts, nss, firefox, firefox-l10n, glibc, bind, squid and gdk-pixbuf2.0. Check Mageia Advisories for more details, and note that there are no bugfix updates for Mga5.

An update to the tray applet to upgrade from Mageia 5 to Mageia 6 is in QA testing; watch out for updates to this important utility. We hope it will smooth the path from 5 to 6 for those of you who want to do the version upgrade rather than a clean install.

For Mageia 6, the security update list is even longer – webkit2, kmod-vboxadditions, kmod-virtualbox, virtualbox, graphicsmagick, nspr, rootcerts, nss, firefox, firefox-l10n, glibc, locales, systemd, bind, unbound, golang, mariadb, gdk-pixbuf2.0, gifsicle and squid. Bufix updates include joe , mpv, radeon-firmware, ldetect-lst, libdrm, mesa, wayland-protocols, x11-driver-video-amdgpu, x11-driver-video-ati, x11-driver-video-intel, subtitlecomposer, nvidia340, smtube, smplayer, cargo and rust.


In the two weeks since the last Roundup, a staggering 939 package updates have come through into Cauldron! Maybe the devs are working so hard to keep warm? Thanks to them all, and to the QA/testing and translation folks for their amazing work.

As always, you can check for yourself on Mageia Advisories, the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Wiki updates

There’s also been lots of work happening on the Wiki, with updates and additions; check out the Recent Changes page, where you can also subscribe to the Atom feed to receive email alerts when changes are made.