Weekly Roundup 2018: Weeks 9 & 10

Finally, another Roundup!


706 packages came into updates/testing in the last two weeks! If ever you thought of helping out the QA team, now would be a really good time. Here are the updates that have come through since the previous Roundup:

Security (only one for Mga5):

libraw, mbedtls, shadowsocks-libev, bctoolbox, hiawatha, dolphin-emu, 389-ds-base, tor, dovecot, glibc, xerces-c, xv, phpmyadmin, krb5, leptonica, libvirt, python-libvirt, TiMidity++ (also for Mga5), wireshark, tomcat-native, tomcat, ioquake3

Bugfix (Mga6 only):

x11-driver-video-ati, perl-Youri-Package, rpmlint-mageia-policy, mhonarc, kmod-vboxadditions, kmod-virtualbox, virtualbox, mesa, libdrm, networkmanager-applet, kmymoney, kernel-firmware-nonfree, libdvdcss

As always, you can check for yourself on Mageia Advisories, the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Mageia AppDB – granular searches

When you first open MageiaAppDB and click on Updates in the left-hand menu, you see the default settings: But you can get lots more granular information using the set of drop-down menus across the top of the packages list:First click More at the far right, and then you can apply a lot more filters to your search. For instance, to see what updates our kernel magician tmb has updated in Cauldron kernels recently:

As you add more filters, you should see changes in your browser address bar, so you can also bookmark particular searches.


Posted in Weekly roundup | 5 Comments

Chemnitz Linux Days 2018 – And Mageia is part of it.

We are happy to announce, that, as in previous years, we will present our amazing distribution at the Chemnitz Linux Days 2018 (Chemnitzer Linux Tage, CLT) on the 10th and 11th of March. This is one of the biggest OpenSource exhibitions in Germany. This year also a very special year, as it’s the 20th anniversary. We are happy to celebrate this anniversary together, as we have been part of Chemnitzer Linux Days  many times before.

This year’s slogan is “Everyone starts once” (original: “Jeder fängt mal an”) and we love this slogan, because it fits us in many ways:

  1. One of the Mageia’s goals is to be easy  for beginners  to start into the Linux world, yet provide many things experts will want.
  2. Also becoming part of our community, and starting to contribute to this magical community is very easy
  3. We also like to think back to those days when we started our community and distribution seven years ago. We started with a lot of passion but also faced some difficulties. We can look back and be proud of what we have achieved in all those years, especially  without any company supporting us…

But back to the CLT: as always there are plenty of interesting talks, and a lot of amazing projects are showing their work and contribution to the open source community . Also for the kids there is a lot to discover. If you become interested in Linux and Mageia in particular, or if you are already an old hand in the area of open source, you are very welcome to come around and take a look at the diverse program.

Posted in Uncategorized | 4 Comments

Mageia Infrastructure planned outage

In case you missed the announcement on all the mailing lists, Mageia infrastructure will be shut down for scheduled maintenance beginning on:

Tuesday February 27th, from  around 10.00 UTC

That means Forums, Wiki, Bugzilla, Mailing lists, website (www.mageia.org) and the buildsystem will be unavailable until the maintenance is done.

The services are expected to be back later on the same day, but we don’t have an exact ETA for the restoration; you can check the Blog, Facebook or Twitter for status updates and an announcement when services are back.

UPDATE 16:30 UTC: BuildSystem is back online.

UPDATE 18:30 UTC: Website, Bugzilla, Forums, Wiki are back online

UPDATE Feb 28 01:15 UTC: Mailing lists are back online (web interface still WIP)


Posted in sysadmin | 9 Comments

Weekly roundup 2018 – Weeks 7 & 8

Before we get in to the roundup, here’s a huge thank-you to the Mageians who helped with all the password resets after our security problem reported last week. Everything is mostly sorted now, but please contact the forum or the discuss mailing list if you still need help.

On to the Roundup:

Over the last two weeks, 1282 packages came into updates/testing – the dev team has not been idle! And as you’ll see below, some security updates are still coming through for Mageia 5, but make sure you’re ready for the EOL if you haven’t yet upgraded to Mageia 6.

Security updates:

  • ghostscript – Mga 5, Mga6
  • advancecomp – Mga6
  • freetype2 – Mga6
  • mariadb – Mga5
  • jackson-databind – Mga6
  • postgresql9.4, postgresql9.6 – Mga5, Mga6
  • apache-commons-email – Mga6
  • glpi, php-zetacomponents-base – Mga6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons – Mga6
  • kernel-linus – Mga6
  • kernel-tmb – Mga6
  • quagga – Mga6
  • irssi – Mga6
  • qpdf, cups-filters – Mga6
  • mpv – Mga6
  • nasm – Mga6

Bugfix updates:

  • openbox – Mga6
  • hplip – Mga6
  • qarte – Mga6
  • pure-ftpd – Mga6
  • networkmanager – Mga6

As always, you can check for yourself on Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Posted in QA, security, Weekly roundup | 4 Comments

Mageia Identity Security Breach

A user was able to gain access to our LDAP database and has published the email addresses and names, as well as apparent password hashes, of anyone who has signed up to identity.mageia.org. However, the published hashes do not match those on record, and all capitalisation has been removed, so it is not clear that the actual passwords have been compromised. All of the passwords have since been reset as a security precaution. New rules have been added to prevent access to the LDAP server. The sysadmins are investigating how the fields were read, as the configuration should have specifically prevented this.

The passwords stored by the Mageia LDAP server are hashed and salted, meaning that the full decryption of the password, if they have actually been leaked, into a human-usable format would require significant computing power for safe and complex passwords. Despite the leaked data only appearing to be names and email addresses of identity.mageia.org users, we strongly urge users to be cautious if the password used for their Mageia account is used elsewhere, and we recommend changing passwords wherever else it is used.

To regain access to your Mageia account, the reset password link should be sufficient for all users without git access.The reset password link can be obtained by asking for a password reset on https://identity.mageia.org/forgot_password after which you’ll receive a mail with the link.

For privileged users, a sysadmin should be contacted to regain access.

We sincerely apologise for any problems and inconvenience that this might cause.

Posted in Uncategorized | 11 Comments