My Free Software Activities in January 2017

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games

  • In January 2017 we had the last chance to get new upstream releases into the next stable release of Debian 9 aka Stretch. Hence I packaged new versions of pygame-sdl2, renpy, fife, unknown-horizons, redeclipse and redeclipse-data and also backported Red Eclipse to Jessie.
  • I uploaded fifechan to unstable and applied an upstream patch to fix a segmentation fault (#852247) in Unknown Horizons.
  • Package cleanups and improvements: freeorion (#843538), I enabled support for mips64el again; I tidied up gtkatlantic, powermanga, lincity-ng, opencity and tecnoballz; I applied a patch from Reiner Herrmann to make the build of netpanzer reproducible (#827150); In spring I changed the build-dependency of asciidoc to asciidoc-base (#850387) although it turned out later that this wasn’t strictly needed. I also removed ConvertUTF8 related code from spring because it might be non-free. I don’t think this is necessarily true but I didn’t want to argue with Lintian in this case.
  • I sponsored a new upstream release of pentobi for Juhani Numminen.
  • I backported minetest 0.4.5 to jessie-backports and fixed #851114, which I think was not really an issue since we already provide the font sources in Debian and Minetest depends on the respective package.
  • I triaged RC bug #847812 in pysolfc, provided a patch and reassigned the issue to src:pillow. Apparently this affected a lot more 32 bit applications written in Python.

Debian Java

Debian LTS

This was my eleventh month as a paid contributor and I have been paid to work 12,75 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 16. January until 22. January I was in charge of our LTS frontdesk. I triaged security issues in imagemagick, wordpress, hesiod, opus, mysql-5.5, netbeans, groovy and zoneminder.
  • DLA-779-1. Issued a security update for Tomcat 7 fixing 1 CVE and a regression when running Tomcat with SecurityManager enabled.
  • DLA-761-2. Issued a regression update for python-bottle. (Debian bug #850176).
  • DLA-781-1 and DLA-781-2. Issued a security update for Asterisk fixing 2 CVE after I had prepared the package last month. Later Brad Barnett discovered a regression when using SIP communication and provided assistance with debugging the issue. I corrected this one in DLA-781-2.
  • DLA-792-1. Issued a security update for libphp-swiftmailer fixing 1 CVE.
  • DLA-793-1. Issued a security update for opus fixing 1 CVE.
  • DLA-794-1. Issued a security update for groovy fixing 1 CVE.
  • DLA-797-1. Issued a security update for mysql-5.5 fixing 10 CVE. The update was prepared by Lars Tangvald.
  • DLA-813-1. Issued a security update for wordpress fixing 9 CVE.

Misc

  • In xarchiver (#850103) I added binutils to the list of suggested packages, in  iftop (#850040) I applied a patch from Brian Russell and I packaged a new upstream release of mediathekview, a Java application to watch and download broadcasts from German television stations. I had to make some major packaging changes because the build system switched from Ant to Gradle but there were fewer issues than expected.

My Free Software Activities in December 2016

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Android, Java, Games and LTS topics, this might be interesting for you.

Debian Android

Debian Games

  • We have entered the final straight for Stretch, so I kept a close eye on new game releases and bug reports in packages which I think should be part of the next stable release. Bzflag is certainly one of them, a tank battling game that can be played in the first-person perspective and which has arrived in version 2.4.8. I also packaged new releases of trigger-rally, a racing game, Renpy, pygame-sdl2 and Minetest
  • Bálint Réczey introduced libopenhmd to Debian a while ago and asked me in #845657 to enable OpenHMD support for neverball. Neverball is now the first game in the archive, at least as far as I know, that is ready for virtual reality. I have never tried it though because I don’t own the necessary gear from Oculus myself but it sounds like a cool feature.
  • A user of caveexpress reported a bug (#847147) in one level that prevented him from finishing it. I forwarded this one to upstream and he was able to quickly fix the issue and I could release 2.4+git20160609-3 later.
  • I triaged several RC bugs which were reported against our D language games and it turned out that the bug was in gdc (#845377).
  • I also made some small improvements to monopd‘s packaging and applied a patch from Laurent Bigonville to Freeciv that corrected a problem with AppData files (#848720).
  • I worked around another RC FTBFS bug in spring (#846921) which is apparently a regression in binutils (#847356) but its maintainer does not consider this to be release critical.
  • I tried to fix #848063 in ri-li but it seems to surface again under special circumstances. Since compilation works on all buildds for all release architectures and on my systems I downgraded the severity to important.
  • I uploaded Bullet 2.85.1 to experimental. It is currently waiting in the NEW queue due to the SONAME bump and because I decided to simplify the packaging. I don’t think it is longer worth it to provide several standalone binary packages. All Bullet 2 and 3 core libraries can be found in libbullet2.85 now while all the extra stuff is part of libbullet-extras2.85.
  • Last but not least I released debian-games 1.7 and updated the list of games. Castle Combat was removed this month from Debian.

Debian Java

Debian LTS

This was my tenth month as a paid contributor and I have been paid to work 13,5 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 12. December until 18. December I was in charge of our LTS frontdesk. I triaged bugs in jasper, openjdk-6, bluez, game-music-emu, simplesamlphp, imagemagick, nagios3, most, rabbitmq-server, html5lib and dcmtk.
  • DLA-742-1. Issued a security update for chrony fixing 1 CVE. This update was prepared by Vincent Blut.
  • DLA-745-1. Issued a security update for most fixing 1 CVE.
  • DLA-746-1. Issued a security update for tomcat6 fixing 1 CVE and two regressions from previous updates which were reported to Debian’s bug tracker.
  • DLA-747-1. Issued a security update for libupnp fixing 1 CVE.
  • DLA-748-1. Issued a security update for libupnp4 fixing 1 CVE.
  • DLA-746-2. Issued a regression update for tomcat6.
  • DLA-753-1. Issued a security update for tomcat7 fixing 1 CVE and three regressions that were similar in nature to the ones fixed in Tomcat 6.
  • DLA-761-1. Issued a security update for python-bottle fixing 1 CVE.
  • DLA-763-1. Issued a security update for squid3 fixing 1 CVE.
  • DLA-766-1. Issued a security update for libcrypto++ fixing 1 CVE.
  • I also worked on two CVEs for Asterisk, an Open Source PBX and telephony toolkit. The work is done and can currently be found at this location. I asked on the debian-lts mailing list for feedback and testing and already got some positive feedback. I will wait a few more days before I release the security update.

Non-maintainer uploads

  • I did two NMUs this month. I sponsored an upload of libtorrent for Peter Pentchev fixing #828414 and I fixed a trivial bug in gnash myself (#845847).

My Free Software Activities in November 2016

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Android

  • Chris Lamb was so kind to send in a patch for apktool to make the build reproducible (#845475). Although this was not enough to fix the issue it set me on the right path to eventually resolve bug number 845475.

Debian Games

  • I packaged a couple of new upstream releases for extremetuxracer, fifechan, fife, unknown-horizons, freeciv, atanks and armagetronad. Most notably fifechan was accepted by the FTP team which allowed me to package new versions of fife and unknown-horizons which are both back in testing again. I expect that upstream will make their final release sometime in December. Atanks has been orphaned a while ago and since upstream is still active and I kinda like the game I decided to adopt it. I also uploaded a backport of Freeciv 2.5.6 to jessie-backports.
  • In November we received a bunch of RC bug reports again because, hey, it is almost time for the Freeze, let’s break some packages. Thus I spent some time fixing freeorion (#843132), pokerth (#843078), simutrans (#828545), freeciv (#844198) and warzone2100 (#844870).
  • I also updated the debian-games blend, we are at version 1.6 now, and made some smaller adjustments. The most important change was adding a new binary package, games-all, that installs..well, all! I know this will make at least one person on this planet happy. Actually I was kind of forced into adding it because blends-dev automatically creates it as a requirement for choosing blends with the Debian Installer. But don’t be afraid games-all only recommends games-finest, the rest is suggested.
  • Last but not least I worked on performous and could close a wishlist bug report (#425898). The submitter asked to suggest some free song packages for this karaoke game.

Debian Java

  • I sponsored uncommons-watchmaker for Kai-Chung and also reviewed libnative-platform-java and granted upload rights to him.
  • I packaged new upstream releases of lombok-patcher, electric, undertow, sweethome3d and sweethome3d-furniture-editor.
  • I spent quite some time on reviewing (especially the copyright review took most of the time) and improving the packaging for tycho (#816604) which is a precondition for packaging the latest upstream release of Eclipse, a popular Java IDE. Luca Vercelli has been working on it for the last couple of months and he did most of the initial packaging. Unfortunately I was only able to upload the package last week which means that the chances for updating Eclipse for Stretch are slim.
  • Due to time constraints I could not finish the Netbeans update in time which I had started back in October. This is on my priority list for December now.
  • Several security issues were reported against Tomcat{6,7,8}. I helped with reviewing some of the patches that Emmanuel prepared for Jessie and worked on fixing the same bugs in Wheezy.

Debian LTS

This was my ninth month as a paid contributor and I have been paid to work 11 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 14. November until 21. November I was in charge of our LTS frontdesk. I triaged bugs in teeworlds, libdbd-mysql-perl, bash, libxml2, tiff, firefox-esr, drupal7, moin, libgc, w3m and sniffit.
  • DLA-715-1. Issued a security update for drupal7 fixing 2 CVE.
  • DLA-717-1. Issued a security update for moin fixing 2 CVE.
  • DLA-728-1. Issued a security update for tomcat6 fixing 8 CVE. (Debian bug #845385 was assigned a CVE later).
  • DLA-729-1. Issued a security update for tomcat7 fixing 8 CVE. (Debian bug #845385 was assigned a CVE later).
  • Especially the patches and the subsequent testing for CVE-2016-0762 and CVE-2016-6816 required most of the time.

Non-maintainer uploads

  • I uploaded an NMU for angband to fix #837394. The patch was kindly prepared by Adrian Bunk.

It is already this time of the year again. See you next year for another report. 🙂

My Free Software Activities in October 2016

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Android, Java, Games and LTS topics, this might be interesting for you.

Debian Android

Debian Games

  • I fixed RC bugs in lordsawar (#839323) and doomsday (#839338).
  • I packaged new upstream releases of atanks, lordsawar, blockattack and peg-e.
  • I completed the Bullet transition (#839243). Bullet 2.85 has also been released this month but it is now too late for Stretch because the transition freeze is already on the 5th of November. I expect more point releases a la 2.85.x during the coming weeks and I intend to provide an updated package in experimental soon.
  • I did some cleanups, package upgrades and bug fixes for box2d and redeclipse (apparently redeclipse-server requires the -data package to be present now).
  • I uploaded Redeclipse 1.5.6 to jessie-backports in the hope that more players will be able to connect to the multiplayer servers. Unfortunately network compatibility breaks rather frequently.
  • I applied a patch from Gianfranco Costamagna to address an Multiarch installation issue (#841824) in FreeOrion.

Debian Java

Debian LTS

This was my eight month as a paid contributor and I have been paid to work 13 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 10. October until 17. October I was in charge of our LTS frontdesk. I triaged bugs in libgd2, graphicsmagick, libxrender, mupdf, libxfixes, guile-2.0, glance, inspircd, libxi, libxv, libxst, spip, libxml2, libarchive and jasper.
  • DLA-648-1. Issued a security update for c-ares fixing 1 CVE.
  • DLA-664-1. Issued a security update for libxrender fixing 2 CVE.
  • DLA-666-1. Issued a security update for guile-2.0 fixing 2 CVE.
  • DLA-667-1. Issued a security update for libxv fixing 1 CVE.
  • DLA-668-1. Issued a security update for libass fixing 2 CVE. I triaged CVE-2016-7970 and marked the version in Wheezy as not affected.
  • DLA-673-1. Issued a security update for kdepimlibs fixing 1 CVE.

Non-maintainer uploads

  • I fixed various RC bugs in gnudoq and xsok which are not maintained by the Games Team. The following games are available in Stretch again: gnudoq (#817296, #817484), xsok (#817738) and I also worked on four more bug fixes to improve the game’s desktop integration and internationalization support.
  • I fixed another RC bug in trackballs (#831119) but while I was working on the update I discovered that the game frequently segfaults which makes it kind of unplayable (#839788). I haven’t found a solution yet but I suspect the switch to guile-2.0 and related patches introduced this behavior.

QA

  • I uploaded a new revision of criticalmass and applied a patch from Adrian Bunk to fix #811816, a FTBFS.
  • I triaged an RC bug for raptor2 (#824735) and the issue could be closed after the bug reporter confirmed that raptor2 built fine again.

My Free Software Activities in September 2016

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Android, Java, Games and LTS topics, this might be interesting for you.

Debian Android

Debian Games

  • I packaged a new upstream release of hyperrogue, a rogue-like game settled in a non-euclidian world, fixing one RC bug (#811991). I uploaded two more revisions later that addressed  build failures on arm64 and hppa.
  • I fixed more RC bugs (build failures with GCC-6) in torus-trooper (#835712) and fife (#811858).
  • I packaged new upstream releases of pygame-sdl2, renpy, freeorion, netrek-client-cow, redeclipse, redeclipse-data, hitori, atomix, adonthell and adonthell-data.
  • I updated gtkballs and fixed a documentation bug (#820588) but also a /usr/share/locale issue that prevented the actual use of the translations.
  • I raised the severity of #797998 to grave in unknown-horizons because the game cannot be started currently. In order to fix this issue I packaged a new build-dependency, fifechan, which is currently awaiting approval by the FTP team. As soon as fifechan got accepted I will upload new upstream releases of fife and unknown-horizons.
  • I released debian-games 1.5, a Debian blend and collection of games metapackages.
  • Hardening-wrapper has been deprecated for some time and this issue became release critical now. I updated cookietool, alex4 and netrek-client-cow to use dpkg-buildflags instead.
  • Together with Russel Coker I packaged a new upstream release of warzone2100. This package would benefit from a new regular uploader. If you are interested in it, please get involved. (Same story for hyperrogue, redeclipse, renpy and unknown-horizons and many other games.)
  • I started a new Bullet transition (#839243). The package is currently waiting in the NEW queue and I hope to complete this work in October.
  • I triaged #838199 and reassigned the issue to fonts-roboto. Initially I prepared an NMU but eventually the maintainer uploaded a new revision himself. It is now possible to install the hinted and unhinted versions of fonts-roboto together which also resolved former installation problems with kodi and freeorion.

Debian Java

  • I packaged new upstream releases of undertow, activemq and jackrabbit.
  • I fixed RC bugs in libphonenumber (#836768), wagon2 (#837022) and activemq (#839244).
  • I updated syncany in experimental and simplified the packaging a little. Unfortunately upstream has been on hiatus for the past year and we haven’t seen new releases in the meantime. Nevertheless give it a try, even though it is still alpha software, it’s an useful cloud-storage and synchronization tool.
  • I sponsored a new upstream release of freeplane for Felix Natter.
  • I prepared and uploaded security updates for jackrabbit and zookeeper in Jessie.

Debian LTS

This was my eight month as a paid contributor and I have been paid to work 12,25 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 12. September until 19. September I was in charge of our LTS frontdesk. I triaged bugs in tiff3, mysql-5.5, curl, dropbear, mantis, icu, dwarfutils, jackrabbit, zendframework, zookeeper and graphicsmagick. For the latter I skimmed through all commits since the last version to identify the patches that fix the recent issues in graphicsmagick. I also answered questions on the mailing list and contacted Diego Biurrun again about his progress with libav. It is now anticipated that Hugo Lefeuvre and Diego will issue a new libav security release this month.
  • I reviewed and tested a patch by Raphaël Hertzog for roundcube.
  • DLA-629-1. Issued a security update for jackrabbit fixing 1 CVE.
  • DLA-630-1. Issued a security update for zookeeper fixing 1 CVE.
  • DLA-633-1. Issued a security update for wordpress fixing 7 CVE. This one also required backports of certain functions from newer releases and a database upgrade that required careful testing.
  • I also issued DLA-622-1 and DLA-623-1, two security issues that I already mentioned last month. It was discovered that Debian’s versions of Tomcat were vulnerable to a root privilege escalation issue. However it was also necessary that another exploit, for instance in a web application, could be used to gain write access as the tomcat user. Former security issues were already fixed and new ones are not known. Nevertheless since a zero-day exploit could not be ruled out, the issue was embargoed for a month to give other distributions time to fix this issue as well. You can read more about this topic at legalhackers.com.

Non-maintainer uploads

Misc

  • I packaged a new upstream release of MediathekView.
  • I uploaded a new revision of xarchiver and applied a patch from Helmut Grohne that made it possible to cross-build the package.

My Free Software Activities in August 2016

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Android, Java, Games and LTS topics, this might be interesting for you.

Debian Android This was the final month of the Google Summer of Code and the students achieved the main goal of packaging the Android SDK. It is now possible to build Android apps on Debian with packages only from the main distribution (apt install android-sdk). Chirayu Desai . . . → Weiterlesen: My Free Software Activities in August 2016

My Free Software Activities in July 2016

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian.

Debian Android I improved apktool’s wrapper script and replaced 1.apk with a symlink to the already existing framework-res.apk file. (#827646) For Kai-Chung I sponsored new upstream releases of android-platform-external-jsilver, android-platform-frameworks-data-binding and android-platform-libcore. I fixed two FTBFS bugs in android-platform-tools-base which were caused by a new upstream version of libhttpcore-java and a behavioral change in Gradle. I packaged a new upstream release of libsmali-java. . . . → Weiterlesen: My Free Software Activities in July 2016

Der eigene vServer: Meine Erfahrungen mit vier Anbietern

Im Jahr 2012 mietete ich meinen ersten vServer bei serverway.de für mein Spieleprojekt und kurze Zeit später den Fünf-Cent-pro-Tag-Server von NbiServ.de. Nach vier Jahren habe ich nun Erfahrungen mit insgesamt vier Anbietern gesammelt und ich denke diese sind es nun Wert, sie mit dem Rest der Welt zu teilen. Worauf sollte man bei der Auswahl achten? Hilft viel Leistung wirklich viel und wie viel Geld sollte man vernünftigerweise einplanen?

Zur Zusammenfassung, auf was man beim vServer-“Kauf” achten sollte, geht es . . . → Weiterlesen: Der eigene vServer: Meine Erfahrungen mit vier Anbietern

My Free Software Activities in June 2016

My monthly report covers what I have been doing for Debian. I write it for Debian’s Long Term Support sponsors but also for the wider free software community in the hope that it might inspire people to get more involved with Debian or free software in general.

Debian Android We (the Android Tools Maintainers and our three GSoC students) started our regular IRC meetings on Thursday. I am mostly involved in answering packaging questions, reviewing package updates and uploading them . . . → Weiterlesen: My Free Software Activities in June 2016

My Free Software Activities in May 2016

My monthly report covers what I have been doing for Debian. I write it for Debian’s Long Term Support sponsors but also for the wider free software community in the hope that it might inspire people to get more involved with Debian or free software in general.

Debian LTS

This was my fourth month as a paid contributor and I have been paid to work 30 hours on Debian LTS. During this month I worked on the following things:

DLA-460-1. . . . → Weiterlesen: My Free Software Activities in May 2016