Weekly roundup 2017 – week 42


The biggest update this week has been Plasma 5.11.1 and also the addition of the Julia numerical oriented programming language, the full import should be ready soon.

Big changes in Cauldron this week include:

  • lame 3.100
  • ardour 5.12.0
  • cmake 3.10.0 RC3
  • kernel 4.13.8
  • openfoam 5.0
  • virtualbox 5.1.30
  • cups 2.2.5

Mageia 6

Lots of updates to both Mageia 6 and 5 this week, most notably a fix for the wpa_supplicant and hostapd vulnerabilities.

  • kernel 4.9.56-1 & matching headers and modules – multiple CVE fixes
  • db48 4.8.30-21.1 & db53 5.3.28-10.1 – CVE fix
  • php-memchache 3.0.8-10 – fixes mga#21833
  • hostapd 2.6-1.1 & wpa_supplicant 2.6-1.1 – multiple CVE fixes
  • poppler 0.52.0-3.3 – multiple CVE fixes
  • flash-player-plugin – CVE fix
  • webmin 1.860-1 – CVE fix
  • wireshark 2.2.10-1 – multiple CVE fixes
  • libxfont 1.5.2-1.1 & libxfont2 2.0.1-4.1 – CVE fixes
  • ruby 2.2.8-1 & ruby-json 1.8.3-3.1 – multiple CVE fixes
  • openvpn 2.4.4-1 – CVE fix

Mageia 5

  • db48 4.8.30-18.1 & db53 5.3.28-4.1 – CVE fix
  • hostapd 2.6-1 & wpa_supplicant 2.6-1 – multiple CVE fixes
  • poppler 0.26.5-2.5 – multiple CVE fixes
  • flash-player-plugin – CVE fix
  • webmin 1.860-1 – CVE fix
  • wireshark 2.0.16-1 – CVE fix
  • libxfont 1.5.1-1.1 – CVE fixes
  • ruby 2.0.0.p648-1.5 & ruby-json 1.8.1-3.1 – multiple CVE fixes
Posted in Weekly roundup | 4 Comments

2017 week 41 and some extras


The Mageia 7 feature proposals are being discussed more, as some of them are very large and will bring large changes to the distribution and installer, scoping the work and looking at the needed resources and timelines is a big job. The big 2 are moving more towards manatools and integrating dnf into the installer, implementing a shim for the existing urpmi commands and ensuring that there is no loss in functionality if we decide to switch for Mageia 7.

While not strictly a Cauldron piece of news, we will in all likelihood drop arm5tl and start to work towards building aarch64 and well as the current arm7hl.

Big changes in Cauldron this week include:

  • rust 1.21.0
  • kernel 4.13.7 – preliminary support for Coffee Lake (i915 alpha)
  • wine 2.18
  • R-base 3.4.2
  • apache 2.4.28
  • x11-server 1.19.5
  • rpm 4.14.0
  • vlc 3.0.0 (git snapshot with fix for drag and drop)

Mageia 6

There have been plenty of security updates for Mageia 6, here are a few of them:

  • thunderbird-52.4.0-1 – Security fix
  • weechat-1.7.1-1.1 – CVE fix
  • pjproject-2.5.5-4.1 – CVE fixes
  • dnsmasq-2.77-1.2 – multiple CVE fixes
  • x11-server-1.19.4-1 – CVE fixes
  • firefox-52.4.0-1 – multiple CVE fixes
  • ghostscript-9.20-3.1 – multiple CVE fixes
  • mariadb-10.1.28-1 – maintenance and bugfix release

Mageia 5

Similarly for Mageia 5, plenty of new updates:

  • thunderbird-52.4.0-1 – Security fix
  • weechat-0.4.1-7.2 – CVE fix
  • pjproject-2.3-1.1 – CVE fixes
  • dnsmasq-2.77-1.1 – multiple CVE fixes
  • x11-server-1.16.4-2.3 – CVE fixes
  • firefox-52.4.0-1 – multiple CVE fixes
  • ghostscript-9.20-1.1 – multiple CVE fixes
  • gstreamer0.10-plugins-good-0.10.31-9.2 & gstreamer1.0-plugins-good-1.4.3-2.2 – multiple CVE fixes


We have been having ongoing issues with spam and fraudulent accounts on our bugzilla so we introduced a special group which can edit bugs. We already added many relevant contributors to it. We think this is a temporary measure until we can properly test a more complete authentication system. Note that this change won’t effect your ability to post bugs. Just edit ones already posted, if there are issues from this, contacting the relevant mailing list should get it resolved quickly.


Posted in Weekly roundup | 10 Comments

Weekly roundup 2017, week 38

Firstly a short apology for the lack of blogs recently. With summertime and other commitments, Mageia has sadly had less time from some contributors recently.


Since it has been 8 weeks since the last update, there have been massive changes to Cauldron. I won’t discuss a of them here, instead, here are a few of the more recent larger changes:

  • Updated Ruby stack
  • Update Perl stack
  • kernel 4.12.14
  • llvm 4.0.1
  • flatpak 0.9.12
  • vim 8.0.1097
  • mesa 17.2.1

There is also the update to the base toolchain, which is requiring large scale rebuilds and will likely cause some issues until everything has settled.

Feature proposals for Mageia 7 are well underway, so if you have anything you would like to see included. or have thoughts on the ideas put forward, now is the time to shape what Mageia 7 will become.

Mageia 6

Since the last roundup, there have been countless updates for Mageia 6, here are a few of the more critical fixes that have gone through QA:

  • tor- – CVE fix
  • tomcat-8.0.46 – CVE fixes
  • bluez-5.45-2.1 – CVE fix
  • ffmpeg-3.3.4 – security update
  • kernel-4.9.50 – multiple CVE fixes
  • flash-player-plugin- – CVE fixes
  • tcpdump-4.9.2 – multiple CVE fixes

Mageia 5

Like Mageia 6, there have been many updates, again, here is a selection of the more critical fixes:

  • tor- – CVE fix
  • tomcat-7.0.81 – CVE fixes
  • bluez-5.28 – CVE fix
  • kernel-4.4.88 – multiple CVE fixes
  • flash-player-plugin- – CVE fixes
  • tcpdump-4.9.2 – multiple CVE fixes


The recent campaign from the Free Software Foundation Europe, Public Money, Public Code, that is aiming to have code written with public funding for the public sector released under open licensing is something that Mageia is more than happy to get behind. Such goals that share so many of the principles that Mageia was founded on and that aim to help Open Source deserve all of the support that we can offer – more details available in the blog about our support.

There has also been issues with spam from fresh accounts on the wiki, so sadly we have had to restrict write access until a full solution can be found, in the meantime, if you wish to edit, please contact the doc-discuss mailing list.

Posted in Weekly roundup | 6 Comments

Mageia supports the Public Money, Public Code campaign

Open Source software, or more specifically, the ideals behind it go far beyond Mageia or the wider GNU/Linux Community. Being a part of this is something that Mageia has always been very proud of, and when possible, we have given back to, or helped raise awareness of projects that have similar ideals to our own. So with that in mind, we are very happy to give our full support to the Public Money, Public Code campaign launched by the Free Software Foundation Europe.

The campaign aims to require all code written with public funding for the public sector to be under an open source license. Full details and a video detailing the goals and how they hope to achieve them can be seen on the campaign’s website.

In the week since the campaign launched, many Open Source projects have put their names behind the cause, it is very heartening to see Mageia listed with other Distributions such as Debian, Gentoo and OpenSUSE as well as big projects like GNOME, LibreOffice and KDE. There are also numerous other Linux publications and groups in the list of supporting organisations which is great to see.

We hope that this campaign gains the traction that it deserves and brings about the legislative changes needed to ensure that the public money leads to public code and the plethora of benefits that that would bring.


Posted in Collaboration, community | 7 Comments

Weekly roundup 2017 week 28 – 30

So this is the first roundup since the release of Mageia 6, so there are a few more weeks in here than normal.


As expected, Cauldron has been flooded with large updates, and despite their best efforts, everything seems to be working well. Note that big breakage now is very normal, pushing the risky and large scale changes to very low-level things now gives the most room for testing, so things are expected to break. That said, the toolchain and rpm still have some large updates and changes to come, so there is still plenty of opportunity for things to break.

Here are a few of the big updates:

  • Qt 5.9.1
  • Plasma 5.10.4
  • KDE Applications 17.04
  • Kernel 4.9.40
  • Gnome 3.24.3
  • Cinnamon 3.4.4
  • Chromium Browser 59

There have also been updates to the Perl stack, vlc and countless other packages.

Mageia 6

So this is the first time that there has been a Mageia 6 heading here, which is a nice addition, to say the least. It also wouldn’t really be fitting to start this list without there being an entry for flash 🙂 So, here are some of the big updates for Mageia 6:

  • flash-player-plugin- – Multiple CVE fixes
  • wine-2.0.2 – Bugfix update
  • mesa-17.1.5 – Bugfix update including Vulkan fixes
  • mariadb-10.1.25 – Bugfix release
  • wireshark-2.2.8 – Multiple CVE fixes
  • rust-1.19.0 and cargo-0.20.0 – New stable release

Several bugfix updates have also been pushed to fix upgrade issues from Mageia 5.

Note that you can consult all update advisories directly on the dedicated page.

Mageia 5

Even though Mageia 6 is available, Mageia 5 is very far from forgotten, here are some of the important updates it has received since the last roundup:

  • flash-player-plugin- – Multiple CVE fixes
  • openvpn-2.3.17 – Multiple CVE fixes
  • libgcrypt-1.5.4-5.4 – CVE fix
  • nvidia-current -375.66 & ldetect-lst-0.1.346.6 – Added support for latest 10xx card


Posted in Weekly roundup | 4 Comments