Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian.
- I improved apktool’s wrapper script and replaced 1.apk with a symlink to the already existing framework-res.apk file. (#827646)
- For Kai-Chung I sponsored new upstream releases of android-platform-external-jsilver, android-platform-frameworks-data-binding and android-platform-libcore.
- I fixed two FTBFS bugs in android-platform-tools-base which were caused by a new upstream version of libhttpcore-java and a behavioral change in Gradle.
- I packaged a new upstream release of libsmali-java.
- This month GCC-6 bugs became release critical. I fixed and triaged those kind of bugs in games like supertransball2, berusky2, freeorion, bloboats, armagetronad and megaglest.
- I packaged new upstream releases of scorched3d, bzflag, spring, springlobby, freeorion, freeciv and extremetuxracer.
- Freeciv, one of the best strategy games ever by the way, also got a new binary package freeciv-client-gtk3. This package will eventually become the new default client to play the game in the future. You are welcome to test it.
- I packaged a new upstream release of adonthell and adonthell-data. This game is built with Python 3 and SDL 2 now and also uses the latest version of swig to generate its sources. We will probably see only one other future upstream release of adonthell because the main developer has decided to move on after more than 15 years of development.
- I fixed another RC bug in minetest, updated whichwayisup for this release cycle and moved the package to Git.
- My work in the Java Team this month was basically divided into two parts. I started with fixing RC bugs in httpcomponents-asyncclient, httpcomponents-client, libnb-platform18-java, jackrabbit, openjpa, libphonenumber (another GCC-6 RC-bug), osgi-compendium, commons-javaflow, apache-curator, assertj-core and avro-java.
- The second part revolved around jflex, a lexical analyzer generator for Java. Due to my work with gradle-jflex-plugin and libsmali-java, jflex got my attention and since it hasn’t been updated in the last seven years, I felt that I had to do it now because it’s always good being up-to-date. As usual in the Java world if you touch one package then you are almost always doomed to work on several follow up patches and updates. Of course the new upstream release of jflex broke several packages, so I fixed FTBFS bugs in gradle-jflex-plugin, libsmali-java, qdox, qdox2, cup and jhighlight.
- Rather relaxing was updating libcodesize-java for this release cycle and packaging a new upstream release of activemq.
- I sponsored jacoco for Kai-Chung.
This was my sixth month as a paid contributor and I have been paid to work 14,7 hours on Debian LTS. In that time I did the following:
- DLA-554-1. I spent most of the time this month on completing my work on libarchive. I issued DLA-554-1 and fixed 18 CVE plus another issue which was later assigned CVE-2016-6250.
- DLA-555-1. Issued a security update for python-django fixing 1 CVE.
- DLA-561-1. Issued a security update for uclibc fixing 3 CVE.
- DLA-562-1. Issued a security update for gosa fixing 1 CVE. I could triage another open CVE as not-affected after confirming that the issue had already been fixed two years ago.
- DLA-568-1. Issued a security update for wordpress fixing 6 CVE. I decided to go ahead with this update because I could not find any regressions. Unfortunately this wasn’t true for my intended fix for CVE-2015-8834. The database upgrade did not succeed hence I decided to postpone the fix for CVE-2015-8834 until we can narrow down the issue.
- DLA-576-1. Issued a security update for libdbd-mysql-perl fixing 2 CVE.
- From 04. July to 10. July I was in charge of our LTS frontdesk. I triaged CVEs in librsvg, bind9, trn, pdns and drupal7 and answered questions on the debian-lts mailing list.