My monthly report covers what I have been doing for Debian. I write it for Debian's Long Term Support sponsors but also for the wider free software community in the hope that it might inspire people to get more involved with Debian or free software in general.
This was my second month as a paid contributor and I have been paid to work 14,25 hours on Debian LTS. During this month I worked on the following things:
- DSA-3530-1: I finished the work on Tomcat 6 which I started last month and closely worked together with Debian's Security Team who reviewed the package and eventually issued DSA-3530-1. This update fixed 18 CVEs in Wheezy and Jessie.
- DSA-3524-1: Prepared security updates for ActiveMQ (Wheezy and Jessie) fixing one CVE.
- Tomcat 7. Prepared security updates for Tomcat 7 fixing 9 CVEs in Wheezy and 7 CVEs in Jessie. I asked for reviews and testing on the debian-java mailing list and I intend to finish the work in April.
- DSA-3537-1: Prepared security updates for imlib2 fixing 3 CVEs in Wheezy and Jessie.
- DSA-3538-1: Prepared security updates for libebml fixing 3 CVEs in Wheezy and Jessie.
- DSA-3539-1: Prepared security updates for srtp fixing 1 CVE in Wheezy and Jessie.
- roundcube. Prepared a security update for roundcube (Wheezy) fixing 1 CVE. Review by the Security Team is still pending. I expect a DSA in April.
- optipng. Prepared and uploaded a security update for optipng to Wheezy fixing 1 CVE.
- Making OpenJDK 7 the default-java implementation in Wheezy-LTS: March was also the month to prepare for the next LTS release on 2016-04-26. I worked several hours on the transition to OpenJDK 7 which will be supported for the whole LTS release cycle. I identified eighteen Java packages in Wheezy whose runtime dependencies must be updated to ensure that they will not pull in OpenJDK 6 by default but they will still work with OpenJDK 7. I updated the java-common package to make OpenJDK 7 the default-java implementation. I filed bug #819247 against release.debian.org and asked the Release Team to include the updated Java packages in the last point release for Wheezy. This issue is pending now and I expect that those packages will either be uploaded as part of the next point update for Wheezy or at the beginning of Wheezy-LTS. I will continue to work on this task in April and provide a backport of java-common for testing purposes and upload no-change updates of Tomcat 6/7, Jetty and java-common to Wheezy-LTS with NEWS files that inform users about the switch to OpenJDK 7. The goal is to switch default-java to OpenJDK 7 on 2016-06-26.
- android-platform-tools-base. I uploaded a new revision because I could eventually reenable the Lint module since lombok-ast got accepted into Debian which I had packaged one week before.
- apktool. Thanks to Chirayu Desai, who discovered a free public-domain implementation of the Little Endian data input stream class, I could fix apktool, close #819191 and sync this version with Ubuntu.
- android-platform-build. I sponsored a new revision for Kai-Chung.
- qdwizard. I sponsored qdwizard (ITP: #816426) prepared by Felix Natter, a new dependency for Jajuk, an advanced jukebox and music organizer.
- netbeans. I tightened the dependency on Java 8 because Netbeans did not work correctly with Java 7. (#816758, #817152)
- I triaged the following RC bugs for jpathwatch (#816998), velocity (#814679), lwjgl (#814167)
- activemq. I spent several hours on upgrading ActiveMQ, a Java message broker, to the latest upstream release 5.13.2 and closed two RC bugs (#809733, #808636) and another bug (#770455). All files under /etc/activemq will be properly removed on purge now. In addition this update required an update of uima-as that build-depends on libactivemq-java and while I was at it I did some spring cleaning and updated the related activemq-protobuf and activemq-activeio packages as well.
- uima-as. I updated uima-as and fixed an activemq related RC bug.
- undertow and jboss. I packaged new upstream releases of undertow, jboss-modules, jboss-jdeparser2 and jboss-xnio.
- renpy. I packaged the latest upstream releases 6.99.9 and 6.99.10 of python-pygame-sdl2 and renpy, a framework for developing visual novel games.
- spring. I packaged the latest release 101 of spring, a modern full-3D RTS game engine.
- freesweep. I updated the whole Freesweep package, a minesweeper game for the console, to use modern Debian helpers and technologies. In this process I fixed four outstanding bugs.
- atomix. I packaged the latest stable release of Atomix, a puzzle game.
- teg. I did another spring cleaning and updated teg, a strategy game like Risk.
- hitori. Packaged new upstream release 3.20.0.
- nikwi. Fixed bug #791966 and added arm64 to nikwi's supported architectures.
- dopewars. Fixed FTBFS bug #819619.
- zaz. Fixed three bugs and triaged the remaining ones in zaz, a 3D arcade action puzzle game.
- mtpaint. Fixed RC bug (#803286), so that mtpaint could migrate to testing again.
- pinball. Fixed FTBFS (#816108) and another build failure when building with dpkg-buildpackage -A (#806093). I also discovered that /var/games/pinball is correctly removed on purge nowadays and closed #443493.
- jcc. I NMUed jcc and fixed two RC bugs because it was one the packages that blocked the removal of OpenJDK 7 from Debian.
- piespy. I did a QA upload for piespy because it was one of the packages that blocked the removal of OpenJDK 7 from Debian.
- yics. I requested the removal of yics because this chess client was defunct without the Yahoo chess servers which closed down in 2014. (#814360)
- smc. I tried to fix #812096, a FTBFS, and updated outdated CEGUI includes but I soon realized that more porting work had to be done and it would be best to package the lastest upstream release instead.