Weekly Roundup 2018 – Weeks 20 & 21:

Now that we’re starting to recover from the Grand Update, the mad flow of security and bugfix updates is resuming (see below), and tmb warns of more Spectre-related updates coming:

Spectre… “the gift that keeps giving…”

https://www.phoronix.com/scan.php?page=news_item&px=Spectre-V3-V4-Vulnerabilities

Upstream kernel 4.14 branch has the fixes/mitigation backports for variant 4 currently going through stable queue review process and should be released tonight / tomorrow after which I will release it to cauldron and mga6 testing.

Spectre v3A will get microcode fixes in the coming weeks so we’ll get to that part later…

Kernel 4.14 is indeed in testing for both Cauldron and Mga6, so should appear in your update queues soon. Meanwhile, a list of the updates since the last roundup:

Security fixes:

  • perl     Mga5, 6
  • gnupg2      Mga5, 6
  • graphite2      Mga5, 6
  • librelp      Mga5, 6
  • libtiff      Mga5, 6
  • wget      Mga5, 6
  • quassel      Mga5, 6
  • libsndfile      Mga5, 6
  • pdns      Mga6
  • bctoolbox, hiawatha, mbedtls, shadowsocks-libev, dolphin-emu Mga6
  • pdns-recursor      Mga6
  • miniupnpc      Mga6
  • kernel, kernel-userspace-headers, kmod-vboxadditions, kmod-virtualbox, kmod-xtables-addons, wireguard-tools      Mga6
  • firefox, firefox-l10n, nss, rootcerts      Mga6
  • 389-ds-base      Mga6
  • libraw      Mga6
  • exempi      Mga6
  • golang      Mga6
  • util-linux      Mga6
  • spring-ldap      Mga6
  • libpam4j      Mga6

Bugfixes (all Mga6):

  • kdenlive
  • kbookmarks, kcmutils, kcompletion, kdnssd, kitemviews, kjobwidgets, knewstuff, knotifyconfig, kpty, ktextwidgets, kunitconversion, kxmlrpcclient
  • lxterminal
  • nvidia-current, ldetect-lst
  • kodi
  • java-1.8.0-openjfx
  • 0ad, 0ad-data, sodium
  • psi
  • qgis
  • qelectrotech
  • mc
  • tellico
  • darktable
  • sddm
  • twinkle
  • broadcom-wl
  • lm_sensors
  • ldetect-lst, nvidia-current
  • wesnoth
  • youtube-dl
  • ntp
  • mesa, libdrm
  • kbookmarks, kcmutils, kcompletion, kdnssd, kitemviews, kjobwidgets, knewstuff, knotifyconfig, kpty, ktextwidgets, kunitconversion, kxmlrpcclient

…and around 650 updates went into Cauldron.

You can catch up with progress any time at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Posted in Weekly roundup | 5 Comments

Issues with the Grand Update?

Most of us will have updated our systems by now, and most of the updates have been as smooth as silk. But! So far there have been two reports of problems with the Grand Update, both caused by having 32-bit libraries installed on a 64-bit system:

https://bugs.mageia.org/show_bug.cgi?id=23016
and
http://blog.mageia.org/de/2018/05/12/das-grosse-update-machen-sie-sich-bereit/comment-page-1/#comment-1787

The workaround for both is to uninstall the 32-bit library to allow the update to proceed – in these particular cases, libkf5jobwidgets5 and libkf5completion5.

This should not be needed, as 32-bit libraries should be able to co-exist on a 64 bit install, as they may be needed for third party applications.

Bug 23016 has been reopened to study this a bit more. For now, we’re watching for reports, and giving you the workaround of uninstalling the 32 bit library.

It’s not that 32-bit isn’t able to mix with 64-bit in all cases, just in some, where there are files in the lib package that should be in a different (non-arch specific) package. In these two cases, it’s the /usr/share/locale/ files are in both the 32 and 64 bit packages, with identical names and paths.

The rpm package manager allows a file to be owned by more than one package, provided the attributes are identical, but it blocks updating with a new version, since it’s trying to update one of the packages, but until the other version is updated too, there is a conflict. We’re keeping a watch-out for these packaging errors.

It’s possible that if you’ve used DNF to do the update, rather than urpmi, you won’t have this problem; as we gather more information, we’ll add it to roundups in the coming weeks.

While all this Grand stuff has been happening, we’ve also been doing plenty of the usual things, including over 300 packages into Cauldron.

Security fixes

For both Mageia 5 and 6:

  • qpdf
  • afflib

For Mageia 6 only:

  • converseen, cuneiform-linux, dvdauthor, emacs, imagemagick, inkscape, k3d, kxstitch, libopenshot, ocaml-glmlite, perl-Image-SubImageFind, pfstools, php-imagick, php-magickwand, psiconv, pythonmagick, ruby-rmagick, synfig, vdr-plugin-skinelchi, vdr-plugin-skinenigmang
  • qt3d5, qtbase5, qtcanvas3d5, qtcharts5, qtconnectivity5, qtdatavis3d5, qtdeclarative5, qtdoc5, qtgamepad5, qtgraphicaleffects5, qtimageformats5, qtlocation5, qtmultimedia5, qtnetworkauth5, qtpurchasing5, qtquickcontrols25, qtquickcontrols5, qtremoteobjects5, qtscript5, qtscxml5, qtsensors5, qtserialbus5, qtserialport5, qtspeech5, qtsvg5, qttools5, qttranslations5, qtvirtualkeyboard5, qtwayland5, qtwebchannel5, qtwebengine5, qtwebsockets5, qtwebview5, qtx11extras5, qtxmlpatterns5
  • graphicsmagick
  • nextcloud

Catch up with it all at the usual places: Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Posted in Updates, Weekly roundup | 13 Comments

The Grand Update – brace yourselves!

In the remaining hours before the hdlists are regenerated, and we can all update our Mageia 6 systems with more than 400 packages (update – that’s 405 SRPMs, meaning 1362 rpms per arch), here’s some info – very important info – about the update process.

It’s vitally important that the update completes without interruption! Here’s what you need to do:

Plasma Screen locker – turn it off

Disable the Plasma screen locker. You can do this in System Settings, Workspace, Desktop Behaviour, Screen Locker:
Plasma System Settings screenshot showing Screen Locking

Reliable connection

Make sure you’re on a reliable internet connection and have reliable power.

If the connection drops out during the update, your system could be left in an unusable state. Don’t even begin to update unless you’re sure you can continue until it’s complete. The same applies if the power supply disappears.

Power, hibernation and sleep settings

If you’re updating a laptop, make sure it’s on AC power, and make sure that it won’t hibernate or sleep before the update is complete. Check the power management settings in your system settings – you might need to change them for the duration.

Screenshot showing System Settings, Energy Saving

The hdlists will start to be available from Friday, 19.00 UTC; by then, all mirrors should have been fully updated. If there’s any delay, we’ll let you know!

Now, just to get an idea of what’s coming in the update, some links to the package lists in Bugzilla:

Qt5 stack update

KF5 Stack Update

Plasma5 Stack Update

Kde Application Stack Update

LXQt Stack Update

Enjoy!

Posted in Uncategorized | 29 Comments

The Enormous Mageia 6 Update

Watch this space, we said – well, your patience is soon to be rewarded!

Releasing the Mageia 6 updates for QT5, KF5, Plasma, KDE and LXQt has just been approved. There will be well over 500 packages in total!

To help reduce the chance of users trying to install the updates from a mirror that hasn’t been fully updated, the hdlist generation will be held for 24 hours after the updates are pushed from updates testing to the updates repository. This should help ensure that the mirrors are fully synced before the hdlist generation is turned back on, and the updates are actually made available for users to install from the normal updates repository.

The hdlist is the list of packages, and their version, that the update system uses to know if updates are available – it is much smaller than the updates themselves, so delaying it will not impact the mirror synchronisation.

The next step will be to retest upgrading from Mageia 5 KDE to Mageia 6 Plasma, so we can turn the flag back on to allow upgrading using mgaapplet. Once that’s done, the limited provision of security updates for Mageia 5 that we’ve been doing will cease.

Then we can start producing and testing the Mageia 6.1 iso images to allow installing on systems with newer CPUs.

After Mageia 6.1 is released, Mageia 7 will become the primary focus, although Mageia 7 has already been in development for some time.

Also, we just learned yesterday about the new Spectre NG bugs. Once the mitigations for those are available, Mageia 6 installed systems will get those updates, but we’ll have to decide whether to build Mageia 6.2 iso images, or leave those updates for Mageia 7, for live iso users.

Roundup

And, of course, there have still been many other updates since the last Roundup – here’s what happened in Weeks 17 and 18:

Security fixes:

  • php   Mga5, 6
  • gsoap    Mga6
  • boost    Mga6
  • ghostscript    Mga5, 6
  • java-1.8.0-openjdk, copy-jdk-configs    Mga5, 6
  • links    Mga 5, 6
  • anki    Mga6
  • xdg-user-dirs    Mga6
  • libofx    Mga6
  • webkit2    Mga6
  • ming    Mga6
  • sox    Mga5, 6

Bugfix:

  • freerdp Mga6

… and almost a thousand updated packages into Cauldron for Mageia 7! A great big vote of thanks to our devs and QA people, without whom we would all be lost.

Remember to keep watching the usual resources: the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Enjoy!

Posted in Mageia, Updates, Weekly roundup | 23 Comments

Weekly Roundup 2018 – Week 16

Team leader elections are almost complete. Here’s the list, also viewable any time at https://wiki.mageia.org/en/Org_Council#2018:

  • Atelier: Donald Stewart (Schultz), Filip Komar (filip)
  • Bug Squad: Marja van Waes (marja), Samuel Verschelde (stormi)
  • Documentation: Yves Brungard (papoteur), A.M. Desmottes (lebarhon)
  • Forums team: Florian Hubold (doktor5000), isadora (isadora), Pascal Vilarem (Maât)
  • I18n: Yuri Chornoivan (yurchor),
  • Packagers: Neal Gompa (ngompa), Nicolas Lécureuil (neoclust)
  • QA: David Hodgins (DavidWHodgins), Bill Kenney (wilcal), Thomas J Andrews (TJ)
  • Security Team: David Walser (luigiwalser)
  • Sysadmins: Pascal Vilarem (Maât)

The first meeting of the new Council will be on IRC this week; for meeting logs see http://meetbot.mageia.org/. Meeting logs are open to all!

Work on the LXQt packages is still ongoing; watch this space for Great Plasma Update news. Updates and advisories this past week are coming along just fine – around 400 updates into Cauldron, and the following security advisories:

  • libtiff        Mga 5, 6
  • thunderbird, thunderbird-l10n        Mga 5, 6
  • zsh        Mga 6
  • flash-player-plugin        Mga 6
  • python-paramiko        Mga 6
  • firefox, firefox-l10n, nspr        Mga 6

As always, you can check for yourself on Mageia Advisories, the Mageia AppDBPkgSubmit to see the last 48 hours, and Bugzilla to see what’s currently happening.

Posted in Elections, Weekly roundup | 6 Comments