My Free Software Activities in March 2018

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games

Debian Java

  • I spent most of my free time on Java packages because…OpenJDK 9 is now the default Java runtime environment in Debian! As of today I count 319 RC bugs (bugs with severity normal would be serious today as well) of which 227 are already resolved. That means one third of the Java team’s packages have to be adjusted for the new OpenJDK version. Java 9 comes with a new module system called Jigsaw. Undoubtedly it represents a lot of new interesting ideas but it is also a major paradigm shift. For us mere packagers it means more work than any other version upgrade in the past. Let’s say we are a handful of regular contributors (I’m generous) and we spend most of our time to stabilize the Java ecosystem in Debian to the point that we can build all of our packages again. Repeat for every new Debian release. Unfortunately not much time is actually spent on packaging new and cool applications or libraries unless they are strictly required to fix a specific Java 9 issue. It just doesn’t feel right at the moment. Most upstreams are rather indifferent or relaxed when it comes to porting their applications to Java 9 because they still can use Java 8, so why can’t we? They don’t have to provide security support for five years and can make the switch to Java 9 much later. They can also cherry-pick certain versions of libraries whereas we have to ensure that everything works with one specific version of a library. But that’s not all: Java 9 will not be shipped with Buster and we even aim for OpenJDK 11! Releases of OpenJDK will be more frequent from now on, expect a new release every six months, and there are certain versions which will receive extended security support like OpenJDK 11. One thing we can look forward to: Apparently more commercial features of Oracle JDK will be merged into OpenJDK and it appears the longterm goal is to make Oracle JDK and OpenJDK builds completely interchangeable. So maybe one day only one free software JDK for everything and everyone? I hope so.
  • I worked on the following packages to address Java 9 or other bugs: activemq, snakeyaml, libjchart2d-java, jackson-dataformat-yaml, jboss-threads, jboss-logmanager, jboss-logging-tools, qdox2, wildfly-common, activemq-activeio, jackson-datatype-joda, antlr, axis, libitext5-java, libitext1-java, libitext-java, jedit, conversant-disruptor, beansbinding, cglib, undertow, entagged, jackson-databind, libslf4j-java, proguard, libhtmlparser-java, libjackson-json-java and sweethome3d (patch by Emmanuel Bourg)
  • New upstream versions: jboss-threads, okio, libokhttp-java, snakeyaml, robocode.
  • I NMUed jtb and applied a patch from Tiago Stürmer Daitx.

Debian LTS

This was my twenty-fifth month as a paid contributor and I have been paid to work 23,25 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 19.03.2018 until 25.03.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in imagemagick, libvirt, freeplane, exempi, calibre, gpac, ipython, binutils, libraw, memcached, mosquitto, sdl-image1.2, slurm-llnl, graphicsmagick, libslf4j-java, radare2, sam2p, net-snmp, apache2, ldap-account-manager, librelp, ruby-rack-protection, libvncserver, zsh and xerces-c.
  • DLA-1310-1. Issued a security update for exempi fixing 6 CVE.
  • DLA-1315-1. Issued a security update for libvirt fixing 2 CVE.
  • DLA-1316-1. Issued a security update for freeplane fixing 1 CVE.
  • DLA-1322-1. Issued a security update for graphicsmagick fixing 6 CVE.
  • DLA-1325-1. Issued a security update for drupal7 fixing 1 CVE.
  • DLA-1326-1. Issued a security update for php5 fixing 1 CVE.
  • DLA-1328-1. Issued a security update for xerces-c fixing 1 CVE.
  • DLA-1335-1. Issued a security update for zsh fixing 2 CVE.
  • DLA-1340-1. Issued a security update for sam2p fixing 5 CVE. I also prepared a security update for Jessie. (#895144)
  • DLA-1341-1. Issued a security update for sdl-image1.2 fixing 6 CVE.

Misc

  • I triaged all open bugs in imlib2 and forwarded the issues upstream. The current developer of imlib2 was very responsive and helpful. Thanks to Kim Woelders several longstanding bugs could be fixed.
  • There was also a new upstream release for xarchiver. Check it out!

Thanks for reading and see you next time.

My Free Software Activities in February 2018

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games

  • Last month I wrote about „The state of Debian Games“ and I was pleasantly surprised that someone apparently read my post and offered some help with saving endangered games. Well, I don’t know how it will turn out but at least it is encouraging to see that there are people who still care about some old fashioned games. As a matter of fact the GNOME maintainers would like to remove some obsolete GNOME 2 libraries which makes a few of our games RC-buggy. Ideally they should be ported to GNOME 3 but if they could be replaced with a similar game written in a different and awesome programming language (such as Java or Clojure?), for a different desktop environment, that would do as well. 😉 If you’re bored to death or just want a challenge contact us at debian-devel-games@lists.debian.org.
  • I packaged a new release of mupen64plus-qt to fix a FTBFS bug (#887576)
  • I uploaded a new version of freeciv to stretch-backports.
  • Pygame-sdl2 and renpy got some love too. (new upstream releases)
  • I sponsored a new revision of redeclipse for Martin-Erik Werner to fix #887744.
  • Yangfl introduced ddnet to Debian which is a popular modification/standalone game similar to teeworlds. I reviewed and eventually sponsored a new upstream release for him. If you are into multiplayer games then ddnet is certainly something you should look forward to.
  • I gladly applied another patch by Peter Green to fix #889059 in warzone2100 and Aurelien Jarno’s fix for btanks (#890632).

Debian Java

  • The Eclipse problem: The Eclipse IDE is seriously threatened to be removed from Debian. Once upon a time we even had a dedicated team that cared about the package but nowadays there is nobody. We regularly get requests to update the IDE to the latest version but there is no one who wants to do the necessary work. The situation is best described in #681726. This alone is worrying enough but due to an interesting dependency chain (batik -> maven -> guice -> libspring-java -> aspectj -> eclipse-platform) Eclipse cannot be removed without breaking dozens of other Java packages. So long story short I started to work on it and packaged a standalone libequinox-osgi-java package, so that we can save at least all reverse-dependencies for this package. Next was tycho which is required to build newer Eclipse versions. Annoyingly it requires said newer version of Eclipse to build…which means we must bootstrap it. I’m still in the process to upgrade tycho to version 1.0 and hope to make some progress in March.
  • I prepared security updates for jackson-databind, lucene-solr and tomcat-native.
  • New upstream releases: jboss-xnio, commons-parent, jboss-logging, jboss-module, mongo-java-driver and libspring-java (#890001).
  • Bug fixes and triaging: wagon2 (#881815, #889427), byte-buddy, (#884207), commons-io, maven-archiver (#886875), jdeb (#889642), commons-math, jflex (#890345), commons-httpclient (#871142)
  • I introduced jboss-bridger which is a new build-dependency of jboss-modules.
  • I sponsored a freeplane update for Felix Natter.

Debian LTS

This was my twenty-fourth month as a paid contributor and I have been paid to work 23,75 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 05.02.2018 until 11.02.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in binutils, graphicsmagick, wayland, unzip, kde-runtime, libjboss-remoting-java, libvirt, exim4, libspring-java, puppet, audacity, leptonlib, librsvg, suricata, exiv2, polarssl and imagemagick.
  • I tested a security update for exim4 and uploaded a package for Abhijith.
  • DLA-1275-1. Issued a security update for uwsgi fixing 1 CVE.
  • DLA-1276-1. Issued a security update for tomcat-native fixing 1 CVE.
  • DLA-1280-1. Issued a security update for pound fixing 1 CVE.
  • DLA-1281-1. Issued a security update for advancecomp fixing 1 CVE.
  • DLA-1295-1. Issued a security update for drupal7 fixing 4 CVE.
  • DLA-1296-1. Issued a security update for xmltooling fixing 1 CVE.
  • DLA-1301-1. Issued a security update for tomcat7 fixing 2 CVE.

Misc

  • I NMUed vdk2 (#885760) to prevent the removal of langdrill.

Thanks for reading and see you next time.

My Free Software Activities in January 2018

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games

  • The state of Debian Games: We have created a new games-team group at salsa.debian.org. If you are interested in maintaining games or related projects then we’re looking forward to see you there. A couple of Gnome related games are at risk of being removed from Debian. If you are interested in a challenge and want to port them to Gnome 3, we would very much like to hear from you too.
  • I reviewed and sponsored new upstream versions of simutrans-pak64 and simutrans for Jörg Frings-Fürst as well as openmw, mygui, wildmidi and openal for Bret Curtis. Later I could also upload hexalate for Unit193 and pegsolitaire for Juhani Numminen. Great job by Juhani who became the new upstream maintainer of pegsolitaire and saved the game from being removed from Debian.
  • I for myself packaged new upstream releases of springlobby, peg-e, pygame-sdl2, freeciv, renpy and cube2. I was a bit surprised to see upstream activity for the Sauerbraten engine again. Will we see a new major release this year?
  • Peter Green provided a patch to fix Debian RC bug #887929 in trigger-rally which I gladly accepted.
  • I also fixed RC bug #885761 in langdrill.

Debian Java

Debian LTS

This was my twenty-third month as a paid contributor and I have been paid to work 18,25 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 08.01.2018 until 14.01.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in libhibernate-validator-java, libkohana2-php, xbmc, jasperreports, transmission, wireshark, osc, xmltooling, php5 and openocd.
  • DLA-1241-1. Issued a security update for libkohana2-php fixing 1 CVE.
  • DLA-1242-1. Issued a security update for xmltooling fixing 1 CVE.
  • DLA-1243-1. Issued a security update for xbmc fixing 1 CVE.
  • DLA-1251-1. Issued a security update for php5 fixing 1 CVE.
  • DLA-1253-1. Issued a security update for openocd fixing 1 CVE.
  • DLA-1254-1. Issued a security update for lucene-solr fixing 1 CVE.
  • DLA-1264-1. Issued a security update for unbound fixing 1 CVE.
  • DLA-1265-1. Issued a security update for krb5 fixing 6 CVE.

Misc

  • I reviewed a patch for byzanz (#886439) but wasn’t really happy with the result.
  • I released version 1.4.10 of imlib2.
  • The discussion about a new reportbug feature gathered momentum in #878088 and I am confident now that we can conclude this issue in February.

Thanks for reading and see you next time.

My Free Software Activities in December 2017

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in  Java, Games and LTS topics, this might be interesting for you.

Debian Games

  • I spent some time in December 2017 to revive Hex-a-Hop, a nice (and somehow cute) logic game, which eventually closed seven bugs. Unfortunately this game was not well maintained but it should be up-to-date again now.
  • I released a new version of debian-games, a collection of games metapackages. Five packages were removed from Debian but  I could also add eight new games or frontends to compensate for that.
  • I updated a couple of packages to fix minor and normal bugs namely: dopewars (#633392,  #857671), caveexpress, marsshooter, snowballz (#866481), drascula, lure-of-the-temptress, lgeneral-data (#861048) and lordsawar (#885888).
  • I also packaged new upstream versions of renpy and lgeneral.
  • Last but not least: I completed another bullet transition (#885179).

Debian Java

Debian LTS

This was my twenty-second month as a paid contributor and I have been paid to work 14 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • DLA-1216-1. Issued a security update for wordpress fixing 4 CVE.
  • DLA-1227-1. Issued a security update for imagemagick fixing 4 CVE.
  • DLA-1231-1. Issued a security update for graphicsmagick fixing 8 CVE. I confirmed that two more CVE (CVE-2017-17783 and CVE-2017-17913) did not affect the version in Wheezy.
  • DLA-1236-1. Issued a security update for plexus-utils fixing 1 CVE.
  • DLA-1237-1. Issued a security update for plexus-utils2 fixing 1 CVE.
  • DLA-1208-1. I released an update for Debian’s reportbug tool to fix bug #878088. The LTS and security teams will be informed from now on when users report regressions due to security updates. I have also prepared updates for Jessie/Stretch and unstable but my NMU was eventually canceled by the maintainer of reportbug . He has not made a concrete counterproposal yet.

Misc

  • I reviewed and sponsored mygui and openmw for Bret Curtis.
  • I updated byzanz and fixed #830011.
  • I adopted the imlib2 image library and prepared a new upstream release. I hope to release it soon.

Non-maintainer upload

  • I NMUed lmarbles, prepared a new upstream release and fixed some bugs.

Thanks for reading and see you next time.

My Free Software Activities in November 2017

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in  Java, Games and LTS topics, this might be interesting for you.

Debian Games

Debian Java

  • New upstream versions this month: undertow, jackrabbit, libpdfbox2, easymock, libokhttp-java, mediathekview, pdfsam, libsejda-java, libsambox-java and libnative-platform-java.
  • I updated bnd (2.4.1-7) in order to help with the removal of Eclipse from Testing. Unfortunately there is more work to do and the only way forward is to package a newer version of Eclipse and to split the package in a way, so that such issues can be avoided in the future. P.S.: We appreciate help with maintaining Eclipse! (#681726)
  • I sponsored libimglib2-java for Ghislain Antony Vaillant.
  • I fixed a regression in libmetadata-extractor-java related to relative classpaths. (#880746)
  • I spent more time on upgrading Gradle to version 3.4.1 and finally succeeded. The package is in experimental now. Upgrading from 3.2.1 to 3.4.1 didn’t seem like a big undertaking but the 8 MB debdiff and ~170000 lines of code changes proved me wrong. I discovered two regressions with this version in mockito and bnd. The former one could be resolved but bnd requires probably an upgrade as well. I would like to avoid that at the moment because major bnd upgrades tend to affect dozens of reverse-dependencies, mostly in a negative way.
  • Netbeans was affected by a regression in jaxb and failed to build from source. (#882525) I could partly revert the damage but another bug in jaxb 2.3.0 is currently preventing a complete recovery.
  • I fixed two Java 9 transition bugs in libnative-platform-java (#874645) and  jedit (#875583).

Debian LTS

This was my twenty-first month as a paid contributor and I have been paid to work 14.75 hours (13 +1.75 from October) on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • DLA-1177-1. Issued a security update for poppler fixing 4 CVE.
  • DLA-1178-1. Issued a security update for opensaml2 fixing 1 CVE.
  • DLA-1179-1. Issued a security update for shibboleth-sp2 fixing 1 CVE.
  • DLA-1180-1. Issued a security update for libspring-ldap-java fixing 1 CVE.
  • DLA-1184-1. Issued a security update for optipng fixing 1 CVE.
  • DLA-1185-1. Issued a security update for sam2p fixing 1 CVE.
  • DLA-1197-1. Issued a security update for sox fixing 7 CVE.
  • DLA-1198-1. Issued a security update for libextractor fixing 6 CVE. I also discovered that libextractor in buster/sid is still affected by more security issues and reported my findings as Debian bug #883528.

Misc

  • I packaged a new upstream release of osmo, a neat task manager and calendar application.
  • I prepared a security update for sam2p, which will be part of the next Jessie point release, and libspring-ldap-java. (DSA-4046-1)

Thanks for reading and see you next time.

My Free Software Activities in October 2017

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games I packaged a new upstream version of springlobby. There is even a more recent one now but I discovered that it would fail to build from source. I reported the issue and now I am waiting for another release. These packages were also updated: bullet, tuxfootball . . . → Weiterlesen: My Free Software Activities in October 2017

My Free Software Activities in September 2017

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games I sponsored a new release of hexalate for Unit193 and icebreaker for Andreas Gnau. The latter is a reintroduction. New upstream releases this month: freeorion and hyperrogue. I backported freeciv and freeorion to Stretch. Debian Java New upstream releases and one update: sweethome3d, sweethome3d-furniture, sweethome3d-furniture-editor, sweethome3d-textures-editor . . . → Weiterlesen: My Free Software Activities in September 2017

My Free Software Activities in August 2017

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

DebConf 17 in Montreal

I traveled to DebConf 17 in Montreal/Canada. I arrived on 04. August and met a lot of different people which I only knew by name so far. I think this is definitely one of the best aspects of real life meetings, putting names to . . . → Weiterlesen: My Free Software Activities in August 2017

My Free Software Activities in July 2017

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games I backported freeciv, freeorion and minetest to stretch-backports. The bug fix (#866378) for 3dchess also landed in Stretch and Jessie. I sponsored Lugaru for Vincent Prat and Martin Erik Werner, a really cool 3D fighting game featuring a rabbit. The game is dfsg-free now and will . . . → Weiterlesen: My Free Software Activities in July 2017

PDFsam: How to upgrade a Maven application for Debian

In the coming weeks and months I intend to write a mini series about packaging Java software for Debian. The following article basically starts in the middle of this journey because the PDFsam upgrade is still fresh in my mind. It requires some preexisting knowledge about build tools like Maven and some Java terminology. But do not fear. Hopefully it will make sense in the end when all pieces fall into place.

A month ago I decided to upgrade PDFsam, . . . → Weiterlesen: PDFsam: How to upgrade a Maven application for Debian