Mageia 6 RC, we are nearly there

Everyone at Mageia is exceptionally happy and proud to announce the availability of the release candidate of Mageia 6. It has been a long road, but we are at the last step and Mageia 6 is just around the corner.

The extra time that this release has taken has had one huge benefit: the number of new and exciting additions to Mageia is staggering. They include the now far more mature Plasma to replace KDE4, the DNF and COPR stacks to supplement urpmi, big updates to the major desktops and the other large stacks and components, and lots of package updates.

Since Mageia 6 sta 2, a lot of work has been done on the installer, especially regarding the support of proprietary drivers and VirtualBox support. More than 30 blocker bugs have been resolved over the 2½ months that the RC took to prepare. A big thank you to all the testers and developers involved in this process!

The QA team and the packagers spend a lot of time ironing out the upgrade process by reporting and fixing many package conflicts. Thanks to your feedback on those RC ISOs, we should hopefully be able to fix the last corner cases. Note: when upgrading with the classical installer ISOs, make sure to enable additional repositories to ensure that all your Mageia 5 packages can be upgraded.

We have also changed the ISO lineup. While the new Xfce ISOs were available with sta2, the positive feedback and their popularity has meant that we can confidently add them on a permanent basis. The available ISOs are as follows:

  • 32-bit Classical Installer DVD
  • 64-bit Classical Installer DVD
  • GNOME 64-bit Live DVD
  • Plasma 64-bit Live DVD
  • Xfce 32-bit Live DVD
  • Xfce 64-bit Live DVD

All of these ISOs can be used on USB sticks if required. If bootable CD media is needed, we offer the boot.iso that can use one of many different sources for retrieving packages, including a network mirror, a locally mirrored set of packages, or the Classical Installer DVD. Instructions for using the boot.iso are available here.

Package Versions

The release candidate, and very likely Mageia 6 by extension will ship with the following major packages:

  • Linux Kernel 4.9.28 (current LTS)
  • X.Org 1.19.3
  • Plasma 5.8.6 (current LTS)
  • Gnome 3.24.3
  • MATE 1.18.2
  • Cinnamon 3.2.8
  • Xfce 4.12.1
  • LibreOffice 5.3.3.2
  • Firefox 52 ESR
  • Thunderbird 52
  • Chromium 57

The full list of all shipped software can be seen on the .idx file for its respective ISO.

If you would like to test out the release candidate, the ISOs can be downloaded from here. Alternatively, you can use BitTorrent, which is available here.
While we would greatly appreciate the wider testing and feedback and any issues that you report to the Mageia Bugzilla, please bear in mind that this is not the final release.
To that end, the release notes are available here and the errata here.

As you may have noticed, the Mageia forums (at least those hosted on mageia.org) are still unavailable (however, the French forum is still available), as their migration to Mageia 5 gives our sysadmins some headaches. If there is anything that you would like to discuss, we encourage you to use the mailing lists or IRC channels in the meantime. Of course, fixing the forums is still the highest priority for our sysadmins, so they should hopefully be restored soon.

Image credit: xkcd

LaKademy 2017

LaKademy 2017 group photo

Some weeks ago we had the fifth edition of the KDE Latin-America summit, LaKademy. Since the first edition, KDE community in Latin-America has grown up and now we has several developers, translators, artists, promoters, and more people from here involved in KDE activities.

This time LaKademy was held in Belo Horizonte, a nice city known for the amazing cachaça, cheese, home made beers, cheese, hills, and of course, cheese. The city is very cosmopolitan, with several options of activities and gastronomy, while the people is gentle. I would like to back to Belo Horizonte, maybe in my next vacation.

LaKademy activites were held in CEFET, an educational technological institute. During the days of LaKademy there were political demonstrations and a general strike in the country, consequence of the current political crisis here in Brazil. Despite I support the demonstrations, I was in Belo Horizonte for event. So I focused in the tasks while in my mind I was side-by-side with the workers on the streets.

Like in past editions I worked a lot with Cantor, the mathematical software I am the maintainer. This time the main tasks performed were an extensive set of reviews: revisions in pending patches, in the bug management system in order to close very old (and invalid) reports, and in the task management workboard, specially to ping developers with old tasks without any comment in the last year.

There were some work to implement new features as well. I finished a backends refactoring in order to provide a recommended version of the programming language for each backend in Cantor. How each programming language has its own planning and scheduling, it is common some programming language version not be correctly supported in a Cantor backend (Sage, I am thinking you). This feature presents a “recommended” version of the programming language supported for the Cantor backend, meaning that version was tested and it will work correctly with Cantor. It is more like a workaround in order to maintain the sanity of the developer while he try to support 11 different programming languages.

Other feature I worked but it is not finished is a option to select different LaTeX processors in Cantor. Currently there are several LaTeX processors available (like pdflatex, pdftex, luatex, xetex, …), some of them with several additional features. This option will increased the versatility of Cantor and will allow the use of moderns processors and their features in the software.

I addition to these tasks I fixed some bugs and helped Fernando Telles, my past SoK student, with some tasks in Cantor.

(Like in past editions)², in LaKademy 2017 I also worked in other set of tasks related to the management and promotion of KDE Brazil. I investigated how to bring back our unified feed with Brazilian blogs posts as in the old Planet KDE Português, utilized to send updates about KDE in Brazil to our social networks. Fred implemented the solution. So I updated this feed in social networks, updated our e-mail contact utilized in this networks, and started a bootstrap version of LaKademy website (but the team is migrating to WordPress, I think it will not be used). I also did a large revision in the tasks of KDE Brazil workboard, migrated past year from the TODO website. Besides all this we had the promo meeting to discuss our actions in Latin-America – all the tasks were documented in the workboard.

Of course, just as we worked intensely in those days, we also had a lot of fun between a push and other. LaKademy is also a opportunity to find old friends and make new ones. It is amazing see again the KDE fellows, and I invite the newcomers to stay with us and go to next LaKademy editions!

This year we had a problem that we must to address in next edition – all the participants were Brazilians. We need to think about how to integrate people from other Latin-America countries in LaKademy. It would be bad if the event become only an Akademy-BR.

Filipe and Chicão

So, I give my greetings to the community and put myself in the mission to continue to work in order to grown the Latin-America as an important player to the development and future of KDE.

Weekly roundup 2017 – week 20

Cauldron

We have just had a new build of the Live ISOs, while the Classical ISO build is underway to fix a glib bug that was causing LibreOffice to use 100% CPU, so getting that fixed was very good. The ISOs are looking very good now.

Updates wise, there has been good activity in Cauldron, here is a selection of what has been updated since last week:

  • lyx 2.2.3
  • libreoffice 5.3.3.2
  • postgresql9.4 9.4.12
  • postgresql9.6 9.6.3
  • ffmpeg 3.3.1

There were also updates to Mate, with some of its packages being upgraded to 1.18.2 and the nodejs, jboss and maven stacks saw upgrades too, there are so many packages in these stacks that listing them all didn’t make much sense.

Mageia 5

There has been a number of updates released for Mageia 5 this week, you can see the full list of recent updates here, here is a list of new updates this week:

  • mhonarc 2.6.19 – CVE fix
  • radicale 1.1.1 – CVE fix
  • asterisk 11.23.1 – bugfix

Community

A quick note from the Council meeting this week, we were discussing the upcoming RMLL event and what we wanted to bring to it and the stock levels of the goodies that we do have. We decided that we would need to reorder lots of items, as the pens and wood USB sticks seemed to go down well, they and any other ideas put forward will be available at events. We wanted to try and use as sustainable products as possible, so, with that in mind, if anyone has any designs, ideas or suppliers, let the atelier mailing list know and we’ll see what we can do.

A short roundup this week, due to lots of time being put into getting the RC released, we will try and get you a bigger one for next week.

Weekly roundup 2017 – week 19

Cauldron

While I don’t want to spoil anything or give the surprise up, if you follow the Mageia mailing lists you will likely have seen the words “RC” and “ready” appear regularly recently. Without giving more away, we are very close now which is really great news! Updates wise, there has been a fair few this week, here is a selection of the larger ones:

  • gimp 2.8.22
  • gtk+3.0 3.22.15
  • gnome-shell 3.24.2
  • docker 17.03
  • zoneminder 1.30.3
  • kernel 4.9.27
  • dnf 2.4.0

Plus many other bugfix and small upgrades. A quick note on these changes as we are very close to release now and you may be wondering how we can be changing major things like the kernel or gtk+ this close to a release – these are all minor version releases from upstream, or maybe a small patch to fix or add something specific. Take the kernel as an example, the update from last week was from 4.9.26 to 4.9.27 so the changes introduced are very small making these much much safer.

Mageia 5

There has been a number of updates released for Mageia 5 this week, you can see the full list here, here is a selection of the more common packages:

  • audiofile 0.3.6-4.3 – multiple CVE fixes
  • ntp 4.2.6p5-24.8 – multiple CVE fixes
  • kernel 4.4.65 & related packages – multiple CVE & bugfixes
  • thunderbird 52.1 – multiple CVE fixes

Infrastructure Update

Lastly, we want to reassure everyone that we are still working to get the forum and wiki fixed and that they should both be fully operational very soon. The holdup with the forum is that the old database isn’t importing into the new forum, we obviously want to have all of the old messages available as they are a key part of the community and support available for Mageia.

Weekly roundup 2017 – week 18

Can I argue that this is coming from Honolulu time, so it’s still Friday 🙂 Either way, sorry for the delay.

Community

A little news from the Council meeting this week, most of it was about the upcoming RC ISOs and getting the last blockers fixed. The two non-release topics were whether we should be removing, or at least reducing the visibility of HTTP and FTP in favour of rsync and https when Mageia connects to a mirror, either for updates or installation. As we don’t control the mirrors, we can only recommend using different protocols, but it will need further discussion before anything happens on that. The second, was elections, all the teams have elected their leadership apart from Dev and Sysadmin, emails about that will be going out on the appropriate mailing lists shortly.

Cauldron

As always, an update on the RC, the main focus now is on getting upgrades from Mageia 5 to work, and sorting out the packaging conflicts. The big issue here is getting the transition from KDE4 to Plasma5 working without issue. As for the ISOs, the big remaining issue is with some printers, but it, and 2 other blocking issues should be fixed in the next build which is expected very soon. We expect that the RC will be ready for wider testing in the coming days.

There has been plenty of updates recently for Cauldron, and also some changes as the MP3 patents have expired, so encumbered packages can be moved from tainted. Here are some of the updates:

  • mesa 17.0.5
  • virtualbox 5.1.22
  • ffmpeg 3.3
  • hplip 3.17.4
  • vala 0.36.3
  • obs-studio 18.0.2
  • kernel 4.9.26
  • ldetect-lst 0.3.6 – adds some missing polaris12 ID’s

The ffmpeg update has meant that most of the media stack has been rebuilt – so there should be plenty of updates coming from that.

The final touches have been made to include the Mageia 6 artwork everywhere. If you still see some bits of Mageia 5 artwork when testing the upcoming RC ISOs, please file a bug report.

Mageia 5

A good number of updates are coming for Mageia 5, both security and bugfix, here is a list:

  • minicom 2.7.1 – fixes CVE 2017-7467
  • texlive 20130530-21.1 – fixes CVE 2016-10243
  • libfm 1.2.3-4.6 – fixes extracting archives using compression other than gzip
  • python-lshell 0.9.18-2 – CVE fixes
  • libxslt 1.1.29-1.2 – fixes CVE 2017-5029
  • freetype2 2.5.4-2.3 – CVE fixes
  • 389-ds-base 1.3.4.14-1.2 – fixes CVE 2017-2668
  • openjpeg 1.5.2-5.2 – multiple CVE fixes
  • squirrelmail 1.4.22-12.2 – fixes CVE 2017-7692
  • java-1.8.0-openjdk 1.8.0.131-1.b12.1 and copy-jdk-configs 2.2-1 – multiple CVE fixes
  • xstream 1.4.9-1.1 – vulnerability fix

Weekly roundup 2017 – week 17

Cauldron

A quick update on the ISO progress – the Classical ISOs are looking good, although there was a bug with the Mate Menu which has been fixed, but another rebuild will be needed to get the fix onto the ISOs. The latest build of the Live ISOs fixed bugs with the installer crashing on systems with low memory and added boot entries to enable nonfree drivers.

Updates wise, there has been good activity. Here is a small selection:

  • kernel 4.9.25
  • flatpak 0.9.3
  • nautilus 3.24.1
  • phoronix-test-suite 7.0.1
  • mesa 17.0.4
  • thunderbird 52.0.1
  • virtualbox 5.1.20

And many many more!

Mageia 5

As the web facing nature of browsers and flash, the updates announced for chromium and flash player last week should now be on the mirrors and available, so if you haven’t updated yet, it’s advised to do so. Other updates this week include:

With more already added to the validation queue keeping the QA team busy.

Weekly roundup 2017 – week 16

Cauldron

Not too much to report on the RC ISO testing this week, but that’s a good thing – the classical ISOs are nearly ready and the remaining trivial issues in the Live ISOs should be fixed in the next rebuild. The Mageia 6 release is starting to look very good.

Cauldron has had lots of updates as well, here are some highlights:

  • dovecot 2.2.29.1
  • dnfdragora 1.0.1
  • koji 1.12.0
  • tomcat 8.0.43 – Fixes CVE-2017-5647 and CVE-2017-5648
  • caja 1.18.2
  • kernel 4.9.23
  • plasma 5.8.6
  • vlc 3.0.0 – git nightly 20170405, fixes persistent performance on AMD with OpenGL driver, among others

Note that the plasma update was not a new version, but a sync with the 5.8 branch.

Mageia 5

  • wireshark 2.0.12 – CVE fixes, the full list is available here
  • flash-player-plugin 25.0.0.148 – numerous CVE fixes, the full list is here
  • chromium-browser 57.0.2987.133 – numerous CVE fixes, full list available here
  • gimp 2.8.14 – bug and CVE fixes (mga20663 and mga18804)

These will arrive as soon as they have been validated by the QA team. While this has been a quiet week for Mageia 5 updates, it’s a slight calm before the storm as there are a new kernel and firefox coming that will keep the QA team busy.

Infrastructure

The infrastructure updates are nearly complete, the mailing list administration and forums are still down, while this is far from ideal, the sysadmins are working hard to bring the forums up as quickly as possible.

Weekly roundup 2017 – week 15

Infrastructure

The sysadmins have done some amazing work to get the remaining servers upgraded to Mageia 5, and some of the major packages we use upgraded as well. The remaining large issue is with the encoding of the upgraded PostgreSQL database that is used by all of our services, however, this was hopefully fixed today. That allowed  Bugzilla to come back online fully upgraded, which will be a large help in tracking the bugs in the latest Mageia 6 ISOs and QA in general.

Our blog has also had some upgrades to its WordPress. We are now running the latest version, 4.7.3 with https set by default. Sadly we have had to drop some of our inactive blogs as the were not being translated. If that’s something you would be interested in helping with, the translation teams are always more than welcoming towards new people.

Cauldron

As always, some updates on how the ISO testing is going. The wider QA tests on the upcoming RC ISOs have found some problems, but they are trivial and the builds are looking good. Hopefully, the remaining issues can be fixed in the next round of new builds and we can release Mageia 6 RC for everyone to test. The QA team has also started to test upgrades from Mageia 5 to 6, the main focus in ensuring that the switch from KDE4 to Plasma 5 works well and that there are no other issues.

Update wise, there has been a lot of activity, both bugfixes and new versions, here are some highlights:

  • gnome 3.24.1
  • gtk+3.0 3.22.12
  • qtdeclarative5 5.6.2 added a patch to fix kwin crashes
  • dnf 2.3.0
  • packagekit 1.1.5 backported fixes for offline updates
  • mercurial and tortoisehg 4.1.2
  • amarok 2.8.90 more appstream fixes
  • godot 2.1.3 mainly bugfixes
  • mediawiki 1.27.2 lots of CVE fixes, see here for details

Mageia 5

It’s been a relatively quiet week for Mageia 5, MediaWiki was updated to 1.23.16 with lots of CVE fixes, a full announcement is available here. There was also a backport of simgear-2016.4.4, it’s currently in backports_testing if you are interested in trying it.

Weekly roundup 2017 – week 14

Infrastructure

So sadly the big news this week is the outage of two of our servers for needed upgrades. The status of the services that are down can be read here. Our sysadmins have been hard at work, already pushing 30 patches to our infrastructure and working on porting the PostgreSQL database used by most services to a new server.

The first priority is to get the mirrorlist service running again quickly as it has the largest impact on users. Our Bugzilla, which will not only be moved to a machine running Mageia 5 but will also be upgraded to Bugzilla 5, will be the next step. The homepage has already been moved to a server that is fully up to date and had no downtime.

Note that the mirrorlist and Bugzilla were restored shortly after publishing, thanks to the sysadmins for finishing the upgrades so quickly.

While the updates on the two servers we preventively took down were severely needed for security reasons, they have been in planning for a significant time, and require non-trivial development work to port scripts, templates and configurations to the updated Mageia 5 ecosystem.

The outage only affected two of our many servers. All of our other servers, including the build nodes, for i586, x86_64 and arm, which I struggled to count from memory, 6 arm and 3 x86 at last count – I swear the arm nodes are multiplying, ISO builder and the repository server have remained active and fully up to date on Mageia 5, busily building for Cauldron and Mageia 5, you can see the queue here. Nevertheless, it must be noted that the two servers which had to be taken down were the most exposed as they hosted most web-facing services (and since they ran outdated software, also the most vulnerable).

We can only apologise that these upgrades have not happened sooner, even if the impact on the development has been minimal, we will have to continue to make changes in our sysadmin procedures to ensure that upgrades are simpler and timelier in the future.

Once the services migration is complete, we will publish a blog post to give a better overview of what the components of our infrastructure are, what software they run, how the sysadmin team maintains it and the evolution in our sysadmin team that has been happening to for some time now.

Cauldron

ISO building and testing for Mageia 6 RC has been making good progress. The release blockers are being fixed nicely, a new drakxtools included on the latest ISOs fixed a number of partitioning bugs so the ISOs are starting to become satisfactory. The Live ISOs are now ready for wider QA testing, and an EFI issue that was holding up the 64-bit Classical ISOs has hopefully been fixed. 

There were updates to many packages, the highlights of which were:

  • drakconf 13.15 aka Mageia Control Center – fixes 3 bugs, improved message for missing packages (mga#20614), dropped legacy loaders (mga#18572) and improved Gtk+ animations (mga#19827)
  • webkit2 2.16.1 fixes several crashes and rendering issue, numerous CVEs
  • darktable 2.2.4 adds a few new features, more supported cameras and lots of bugfixes
  • mate 1.18.1 fixes multiple memory leaks as well as improving support for status-notifier
  • dnf 2.2.0 
  • enlightenment 0.21.
  • kernel 4.9.20 added firmware for Intel 6030 wifi cards and added more Polaris 12 PCI IDs.

Mageia 5

There were updates to a number of packages for Mageia 5 this week, including:

  • webkit 2 2.16.1 fixes several crashes and rendering issue, numerous CVEs
  • python-django 1.18.16 with numerous CVE fixes
  • nvidia-current 375.39 with CVE fixes and new GPU support
  • phpmyadmin 4.4.15.10 with numerous CVE fixes
  • wget 1.15 fixes various CVEs

These updates are going through validation, so will be pushed to a mirror once that process is completed. The Bugzilla downtime makes the QA team’s work slightly harder, but they are keeping testing via their mailing list, so updates should keep coming as usual 🙂

Web services shut down preventively

Our sysadmins decided to preventively shut down most of our web services which were still running on end-of-life Mageia versions, as their potential vulnerability to remote attacks was publicised in third party communities.

The migration of those services to Mageia 5 servers was planned but delayed due to a lack of sysadmin time to work on it. The unexpected publicity that it received obviously made this topic a high priority one, our infrastructure being exposed as an easy target. The sysadmins therefore decided to shut down the services to be able to work on the migration without further risks.

Please note that our buildsystems for packages and ISO images are running the latest stable release, and therefore Mageia users need (as far as we know at this stage) not be concerned. The potential risks should be confined to web services of the mageia.org domain – we are nevertheless auditing all servers for traces of intrusion which could have been facilitated by the outdated infrastructure.

We are sorry for the disagreement and this security negligence, and will keep you posted with our progress on this issue and the verification of the services.

Current status:

  • Homepage (www): online
  • Blog: online
  • Identity: online
  • Bugzilla (bugs): online
  • Mailing list (ml): online
  • Wiki: online
  • Forums: offline
  • Mirrors index and MIRRORLIST (mirrors): online
  • Git / Svn: online
  • Gitweb / Svnweb: online
  • Buildsystem (pkgsubmit): online
  • Mageia App DB (madb): online

Edit Apr 5, 2017 @ 17:45: Added more details about services being down and the security risks.

Edit Apr 5, 2017 @ 20:45: Instructions to add a specific mirror manually for MIRRORLIST users.

Edit Apr 6, 2017 @ 8:00: Web services had been mistakenly put back online automatically during the night, they are now back offline as necessary.

Edit Apr 8, 2017 @ 1:00: Bugzilla and MIRRORLIST are functional again. Bugzilla was also updated to the latest 5.0.3+ upstream version.

Edit Apr 9, 2017 @ 0:15: Identity is back online.

Edit Apr 20, 2017 @ 15:00: Wiki is back online. Gitweb and Svnweb were also restored in the past week, and the mailing list software will be back soon.