Este blog é alimentado pela comunidade aqui na rede SoftwareLivre.org e pelo feed do Planet Mageia English.
A quick update on the ISO progress – the Classical ISOs are looking good, although there was a bug with the Mate Menu which has been fixed, but another rebuild will be needed to get the fix onto the ISOs. The latest build of the Live ISOs fixed bugs with the installer crashing on systems with low memory and added boot entries to enable nonfree drivers.
Updates wise, there has been good activity. Here is a small selection:
- kernel 4.9.25
- flatpack 0.9.3
- nautilus 3.24.1
- phoronix-test-suite 7.0.1
- mesa 17.0.4
- thunderbird 52.0.1
- virtualbox 5.1.20
And many many more!
As the web facing nature of browsers and flash, the updates announced for chromium and flash player last week should now be on the mirrors and available, so if you haven’t updated yet, it’s advised to do so. Other updates this week include:
- proftpd 1.3.5e – fixes CVE -2017-7418
- icu 53.1-12.7 – CVE fixes
- tomcat 7.0.77 – CVE fixes
- firefox 52.1 – Numerous CVE fixes
With more already added to the validation queue keeping the QA team busy.
Not too much to report on the RC ISO testing this week, but that’s a good thing – the classical ISOs are nearly ready and the remaining trivial issues in the Live ISOs should be fixed in the next rebuild. The Mageia 6 release is starting to look very good.
Cauldron has had lots of updates as well, here are some highlights:
- dovecot 18.104.22.168
- dnfdragora 1.0.1
- koji 1.12.0
- tomcat 8.0.43 – Fixes CVE-2017-5647 and CVE-2017-5648
- caja 1.18.2
- kernel 4.9.23
- plasma 5.8.6
- vlc 3.0.0 – git nightly 20170405, fixes persistent performance on AMD with OpenGL driver, among others
Note that the plasma update was not a new version, but a sync with the 5.8 branch.
- wireshark 2.0.12 – CVE fixes, the full list is available here
- flash-player-plugin 22.214.171.124 – numerous CVE fixes, the full list is here
- chromium-browser 57.0.2987.133 – numerous CVE fixes, full list available here
- gimp 2.8.14 – bug and CVE fixes (mga20663 and mga18804)
These will arrive as soon as they have been validated by the QA team. While this has been a quiet week for Mageia 5 updates, it’s a slight calm before the storm as there are a new kernel and firefox coming that will keep the QA team busy.
The infrastructure updates are nearly complete, the mailing list administration and forums are still down, while this is far from ideal, the sysadmins are working hard to bring the forums up as quickly as possible.
The sysadmins have done some amazing work to get the remaining servers upgraded to Mageia 5, and some of the major packages we use upgraded as well. The remaining large issue is with the encoding of the upgraded PostgreSQL database that is used by all of our services, however, this was hopefully fixed today. That allowed Bugzilla to come back online fully upgraded, which will be a large help in tracking the bugs in the latest Mageia 6 ISOs and QA in general.
Our blog has also had some upgrades to its WordPress. We are now running the latest version, 4.7.3 with https set by default. Sadly we have had to drop some of our inactive blogs as the were not being translated. If that’s something you would be interested in helping with, the translation teams are always more than welcoming towards new people.
As always, some updates on how the ISO testing is going. The wider QA tests on the upcoming RC ISOs have found some problems, but they are trivial and the builds are looking good. Hopefully, the remaining issues can be fixed in the next round of new builds and we can release Mageia 6 RC for everyone to test. The QA team has also started to test upgrades from Mageia 5 to 6, the main focus in ensuring that the switch from KDE4 to Plasma 5 works well and that there are no other issues.
Update wise, there has been a lot of activity, both bugfixes and new versions, here are some highlights:
- gnome 3.24.1
- gtk+3.0 3.22.12
- qtdeclarative5 5.6.2 added a patch to fix kwin crashes
- dnf 2.3.0
- packagekit 1.1.5 backported fixes for offline updates
- mercurial and tortoisehg 4.1.2
- amarok 2.8.90 more appstream fixes
- godot 2.1.3 mainly bugfixes
- mediawiki 1.27.2 lots of CVE fixes, see here for details
It’s been a relatively quiet week for Mageia 5, MediaWiki was updated to 1.23.16 with lots of CVE fixes, a full announcement is available here. There was also a backport of simgear-2016.4.4, it’s currently in backports_testing if you are interested in trying it.
So sadly the big news this week is the outage of two of our servers for needed upgrades. The status of the services that are down can be read here. Our sysadmins have been hard at work, already pushing 30 patches to our infrastructure and working on porting the PostgreSQL database used by most services to a new server.
The first priority is to get the mirrorlist service running again quickly as it has the largest impact on users. Our Bugzilla, which will not only be moved to a machine running Mageia 5 but will also be upgraded to Bugzilla 5, will be the next step. The homepage has already been moved to a server that is fully up to date and had no downtime.
While the updates on the two servers we preventively took down were severely needed for security reasons, they have been in planning for a significant time, and require non-trivial development work to port scripts, templates and configurations to the updated Mageia 5 ecosystem.
The outage only affected two of our many servers. All of our other servers, including the build nodes, for i586, x86_64 and arm, which I struggled to count from memory, 6 arm and 3 x86 at last count – I swear the arm nodes are multiplying, ISO builder and the repository server have remained active and fully up to date on Mageia 5, busily building for Cauldron and Mageia 5, you can see the queue here. Nevertheless, it must be noted that the two servers which had to be taken down were the most exposed as they hosted most web-facing services (and since they ran outdated software, also the most vulnerable).
We can only apologise that these upgrades have not happened sooner, even if the impact on the development has been minimal, we will have to continue to make changes in our sysadmin procedures to ensure that upgrades are simpler and timelier in the future.
Once the services migration is complete, we will publish a blog post to give a better overview of what the components of our infrastructure are, what software they run, how the sysadmin team maintains it and the evolution in our sysadmin team that has been happening to for some time now.
ISO building and testing for Mageia 6 RC has been making good progress. The release blockers are being fixed nicely, a new drakxtools included on the latest ISOs fixed a number of partitioning bugs so the ISOs are starting to become satisfactory. The Live ISOs are now ready for wider QA testing, and an EFI issue that was holding up the 64-bit Classical ISOs has hopefully been fixed.
There were updates to many packages, the highlights of which were:
- drakconf 13.15 aka Mageia Control Center – fixes 3 bugs, improved message for missing packages (mga#20614), dropped legacy loaders (mga#18572) and improved Gtk+ animations (mga#19827)
- webkit2 2.16.1 fixes several crashes and rendering issue, numerous CVEs
- darktable 2.2.4 adds a few new features, more supported cameras and lots of bugfixes
- mate 1.18.1 fixes multiple memory leaks as well as improving support for status-notifier
- dnf 2.2.0
- enlightenment 0.21.7
- kernel 4.9.20 added firmware for Intel 6030 wifi cards and added more Polaris 12 PCI IDs.
There were updates to a number of packages for Mageia 5 this week, including:
- webkit 2 2.16.1 fixes several crashes and rendering issue, numerous CVEs
- python-django 1.18.16 with numerous CVE fixes
- nvidia-current 375.39 with CVE fixes and new GPU support
- phpmyadmin 126.96.36.199 with numerous CVE fixes
- wget 1.15 fixes various CVEs
These updates are going through validation, so will be pushed to a mirror once that process is completed. The Bugzilla downtime makes the QA team’s work slightly harder, but they are keeping testing via their mailing list, so updates should keep coming as usual
Our sysadmins decided to preventively shut down some of our web services which were still running on end-of-life Mageia versions, as their potential vulnerability to remote attacks was publicised in third party communities.
The migration of those services to Mageia 5 servers was planned but delayed due to a lack of sysadmin time to work on it. The unexpected publicity that it received obviously made this topic a high priority one, our infrastructure being exposed as an easy target. The sysadmins therefore decided to shut down the services to be able to work on the migration without further risks.
Please note that our buildsystems for packages and ISO images are running the latest stable release, and therefore Mageia users need not be concerned. The potential risks are confined to some web services of the mageia.org domain.
We are sorry for the disagreement, and will keep you posted with our progress on this issue.