Weekly Roundup and News – weeks 24 & 25

The Mageia Wiki  

For the longest time our wiki main page has been very plain and simple; our own Zalappy has designed a new look, and the modifications are almost ready! Keep watching, because it’s looking really good! Thanks to Zalappy for his artistic flair, and to apb for his hard work making it happen.

What else is happening?

Around 700 packages landed in Cauldron – it’s certainly bubbling! Our appreciative thanks go to our tireless devs and QA folk, without whom we wouldn’t have a grand distro like Mageia. We had lots of updates over the last two weeks – here’s the list:

Security:

  • librsvg Mga5
  • file Mga5, 6
  • libvorbis Mga5, 6
  • gnupg, gnupg2, python-gnupg Mga5, 6
  • poppler Mga5, 6
  • perl-DBD-mysql Mga5, 6
  • jasper Mga5, 6
  • patch Mga5, 6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools Mga6
  • glibc Mga6
  • librsvg Mga6
  • xdg-utils Mga6
  • roundcubemail Mga6
  • freedink-dfarc Mga6
  • flash-player-plugin Mga6
  • imagemagick Mga6
  • qt3 Mga6
  • firefox, firefox-l10n Mga6
  • gifsicle Mga6
  • leptonica Mga6
  • scummvm Mga6

Bugfixes:

  • minitube
  • speech-dispatcher
  • powertop
  • baloo-widgets
  • task-obsolete, perl-URPM
  • drakx-net, meta-task
  • rapid-photo-downloader
  • mageia-prime
  • minetest
  • ocrfeeder
  • grsync
  • brasero

If you need to check what’s happening between roundups, you can check Mageia Advisories, the Mageia AppDB, PkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

A Word about Trolls

Mageia has a persistent troll targeting people associated with Mageia.

Currently going by the name Andrew, a troll hiding behind tor anonymizing servers has been targeting Mageia for some time.

The From: address will typically look like
‘From: “Andrew (Mageia Community Leadership Committee)”<BM-2cTUvERX7xLR1c1Pb5its4T4b1SSaFcPCj@bitmessage.ch>’
although they change the From: address at times – a technique known as nymshifting.

There is no Mageia Community Leadership Committee. The troll has also claimed to be the Mageia Council Leader, and various other titles.

Due to their creating many identities and spamming various Mageia mailing lists, all email addresses using anonymizing services we are aware of have been blocked from use when signing up at identity.mageia.org, and have been blocked from sending messages to the mailing lists.

They have also sent some email messages with the from address forged to make it look like it was coming from someone who is on the Mageia Council.

Here are the actual lists of Mageia people:

There are no Mageia conferences planned, let alone ones with fully paid trips for council or board members.

They have contacted various people trying to convince Mageia to hide bitcoin mining software they’d provide in every browser we package, with the money going to them, and a small percentage for us, of course. The suggestion is abhorrent to the Mageia community and would never be allowed. All package changes committed by Mageia packagers are publicly available for viewing.

We can’t prevent them from sending messages like this to anyone whose email address they have found.

All we can do is remind people that the internet has trolls. From: addresses in email message can be set to whatever the sender wants. Whether this troll is just a psychopath who enjoys getting an emotional response from people, or is someone trying to help destroy the usefulness of anonymizing services by getting more people to block them is open to speculation.

With any messages on the internet, people have to trust but verify the messages are from the person who normally uses that name. If the message looks strange, compare the sending IP address of that message to the sending IP address from normal messages from the user. While many ISPs do try to stop their users from sending messages with from addresses that are not for that ISP, most don’t, and for those that do there are always ways around their blocks.

Either add the various anonymizing email servers to your spam filters, or just ignore messages from trolls. Responding to them in any way just encourages more abusive messages.

Many thanks to the Mageians who have been working to inform people and shut this troll down.

Posted in Weekly roundup | 8 Comments

Mageia at RMLL – and a roundup

Please join us at RMLL! RMLL/LSM

RMLL  (also known as LSM, Libre Software Meeting) is one of Mageia’s important annual events and 2018 is no different. It’s the premier world meeting for Libre Software, upon the principles of which our distro and our community is based.

This year RMLL is to be held in in Strasbourg, and we have a booth! We’re calling for people to come and spend a little time on the stand, or a lot of time if you have a lot – we need Mageians to come talk to people about our distro, and encourage them to try us out, join the community and contribute in any way they want. It’s also a great opportunity to meet a wide variety of people in the Libre Software community, both developers and users, and catch up on what’s happening in our world.

Our own jybz will be there, and dtux/LibrePC; there’s a Framadate for people to sign up to attend the booth – note that the first volunteers will need to set the stand up.

RMLL runs from July 7th through 12th; jybz has set up a Framapad  with information about organising things ahead of time.

So, if you’ll be around Strasbourg while RMLL is on, please jump in!

…and the Roundup, Week 23

Aside from more than 400 packages into Cauldron this week, we had bugfixes for Mageia 6 and security updates for both Mageia 5 and Mageia 6:

Security:

  • SDL_image – Mga5, 6
  • python3 – Mga5, 6
  • corosync – Mga6
  • qtpass – Mga6
  • gimp – Mga6
  • glpi – Mga6
  • libreoffice – Mga6
  • mariadb – Mga6
  • chromium-browser-stable – Mga6

Bugfixes:

  • gnucash
  • xorriso
  • perl-Finance-Quote
  • luajit
  • drakxtools

You can always catch up with progress at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening. And don’t forget the wiki!

Posted in events, RMLL, Weekly roundup | Tagged , , | 7 Comments

Weekly Roundup 2018 – Week 22

Just a quick and simple roundup, and then back to work:

It’s been a busy week, as usual! 378 packages came into Cauldron, 15 into Mga6 testing. Work is still going on to get the Mga5 -> Mga6 upgrade happening and then the Mga6.1 ISOs ready. There are some bugs, and here (already fixed), and here connected with the tray update in the pipeline,  if you’re interested…

Heaps of updates are coming in to the wiki, and there will soon be a look-and-feel update. Keep your eyes on the wiki, it will be worth it!

Security updates:

  • mariadb   Mga5
  • python   Mga5, Mga6
  • git   Mga6
  • wireshark   Mga6
  • kernel-linus   Mga6
  • kernel-tmb   Mga6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools   Mga6
  • libvirt   Mga6
  • thunderbird, thunderbird-l10n   Mga6
  • microcode   Mga6
  • webkit2   Mga6
  • virtualbox, kmod-virtualbox, kmod-vboxadditions   Mga6

Bugfix updates:

  • qtwebkit5   Mga6
  • pidgin   Mga6
  • libwacom   Mga6
  • ntfs-3g, testdisk, partclone   Mga6
  • kernel-firmware-nonfree, radeon-firmware   Mga6
  • monitor-edid   Mga6

You can always catch up with progress at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening. And don’t forget the wiki!

Posted in Uncategorized | 4 Comments

Weekly Roundup 2018 – Weeks 20 & 21:

Now that we’re starting to recover from the Grand Update, the mad flow of security and bugfix updates is resuming (see below), and tmb warns of more Spectre-related updates coming:

Spectre… “the gift that keeps giving…”

https://www.phoronix.com/scan.php?page=news_item&px=Spectre-V3-V4-Vulnerabilities

Upstream kernel 4.14 branch has the fixes/mitigation backports for variant 4 currently going through stable queue review process and should be released tonight / tomorrow after which I will release it to cauldron and mga6 testing.

Spectre v3A will get microcode fixes in the coming weeks so we’ll get to that part later…

Kernel 4.14 is indeed in testing for both Cauldron and Mga6, so should appear in your update queues soon. Meanwhile, a list of the updates since the last roundup:

Security fixes:

  • perl     Mga5, 6
  • gnupg2      Mga5, 6
  • graphite2      Mga5, 6
  • librelp      Mga5, 6
  • libtiff      Mga5, 6
  • wget      Mga5, 6
  • quassel      Mga5, 6
  • libsndfile      Mga5, 6
  • pdns      Mga6
  • bctoolbox, hiawatha, mbedtls, shadowsocks-libev, dolphin-emu Mga6
  • pdns-recursor      Mga6
  • miniupnpc      Mga6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools      Mga6
  • firefox, firefox-l10n, nss, rootcerts      Mga6
  • 389-ds-base      Mga6
  • libraw      Mga6
  • exempi      Mga6
  • golang      Mga6
  • util-linux      Mga6
  • spring-ldap      Mga6
  • libpam4j      Mga6

Bugfixes (all Mga6):

  • kdenlive
  • kbookmarks, kcmutils, kcompletion, kdnssd, kitemviews, kjobwidgets, knewstuff, knotifyconfig, kpty, ktextwidgets, kunitconversion, kxmlrpcclient
  • lxterminal
  • nvidia-current, ldetect-lst
  • kodi
  • java-1.8.0-openjfx
  • 0ad, 0ad-data, sodium
  • psi
  • qgis
  • qelectrotech
  • mc
  • tellico
  • darktable
  • sddm
  • twinkle
  • broadcom-wl
  • lm_sensors
  • ldetect-lst, nvidia-current
  • wesnoth
  • youtube-dl
  • ntp
  • mesa, libdrm
  • kbookmarks, kcmutils, kcompletion, kdnssd, kitemviews, kjobwidgets, knewstuff, knotifyconfig, kpty, ktextwidgets, kunitconversion, kxmlrpcclient

…and around 650 updates went into Cauldron.

You can catch up with progress any time at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Posted in Weekly roundup | 5 Comments

Issues with the Grand Update?

Most of us will have updated our systems by now, and most of the updates have been as smooth as silk. But! So far there have been two reports of problems with the Grand Update, both caused by having 32-bit libraries installed on a 64-bit system:

https://bugs.mageia.org/show_bug.cgi?id=23016
and
http://blog.mageia.org/de/2018/05/12/das-grosse-update-machen-sie-sich-bereit/comment-page-1/#comment-1787

The workaround for both is to uninstall the 32-bit library to allow the update to proceed – in these particular cases, libkf5jobwidgets5 and libkf5completion5.

This should not be needed, as 32-bit libraries should be able to co-exist on a 64 bit install, as they may be needed for third party applications.

Bug 23016 has been reopened to study this a bit more. For now, we’re watching for reports, and giving you the workaround of uninstalling the 32 bit library.

It’s not that 32-bit isn’t able to mix with 64-bit in all cases, just in some, where there are files in the lib package that should be in a different (non-arch specific) package. In these two cases, it’s the /usr/share/locale/ files are in both the 32 and 64 bit packages, with identical names and paths.

The rpm package manager allows a file to be owned by more than one package, provided the attributes are identical, but it blocks updating with a new version, since it’s trying to update one of the packages, but until the other version is updated too, there is a conflict. We’re keeping a watch-out for these packaging errors.

It’s possible that if you’ve used DNF to do the update, rather than urpmi, you won’t have this problem; as we gather more information, we’ll add it to roundups in the coming weeks.

While all this Grand stuff has been happening, we’ve also been doing plenty of the usual things, including over 300 packages into Cauldron.

Security fixes

For both Mageia 5 and 6:

  • qpdf
  • afflib

For Mageia 6 only:

  • converseen, cuneiform-linux, dvdauthor, emacs, imagemagick, inkscape, k3d, kxstitch, libopenshot, ocaml-glmlite, perl-Image-SubImageFind, pfstools, php-imagick, php-magickwand, psiconv, pythonmagick, ruby-rmagick, synfig, vdr-plugin-skinelchi, vdr-plugin-skinenigmang
  • qt3d5, qtbase5, qtcanvas3d5, qtcharts5, qtconnectivity5, qtdatavis3d5, qtdeclarative5, qtdoc5, qtgamepad5, qtgraphicaleffects5, qtimageformats5, qtlocation5, qtmultimedia5, qtnetworkauth5, qtpurchasing5, qtquickcontrols25, qtquickcontrols5, qtremoteobjects5, qtscript5, qtscxml5, qtsensors5, qtserialbus5, qtserialport5, qtspeech5, qtsvg5, qttools5, qttranslations5, qtvirtualkeyboard5, qtwayland5, qtwebchannel5, qtwebengine5, qtwebsockets5, qtwebview5, qtx11extras5, qtxmlpatterns5
  • graphicsmagick
  • nextcloud

Catch up with it all at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Posted in Updates, Weekly roundup | 13 Comments