My Free Software Activities in September 2016

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Android, Java, Games and LTS topics, this might be interesting for you.

Debian Android

• I sponsored a new upstream release of android-platform-tools-base prepared by Kai-Chung Yan and Chirayu Desai.

Debian Games

• I packaged a new upstream release of hyperrogue, a rogue-like game settled in a non-euclidian world, fixing one RC bug (#811991). I uploaded two more revisions later that addressed  build failures on arm64 and hppa.
• I fixed more RC bugs (build failures with GCC-6) in torus-trooper (#835712) and fife (#811858).
• I packaged new upstream releases of pygame-sdl2, renpy, freeorion, netrek-client-cow, redeclipse, redeclipse-data, hitori, atomix, adonthell and adonthell-data.
• I updated gtkballs and fixed a documentation bug (#820588) but also a /usr/share/locale issue that prevented the actual use of the translations.
• I raised the severity of #797998 to grave in unknown-horizons because the game cannot be started currently. In order to fix this issue I packaged a new build-dependency, fifechan, which is currently awaiting approval by the FTP team. As soon as fifechan got accepted I will upload new upstream releases of fife and unknown-horizons.
• I released debian-games 1.5, a Debian blend and collection of games metapackages.
• Hardening-wrapper has been deprecated for some time and this issue became release critical now. I updated cookietool, alex4 and netrek-client-cow to use dpkg-buildflags instead.
• Together with Russel Coker I packaged a new upstream release of warzone2100. This package would benefit from a new regular uploader. If you are interested in it, please get involved. (Same story for hyperrogue, redeclipse, renpy and unknown-horizons and many other games.)
• I started a new Bullet transition (#839243). The package is currently waiting in the NEW queue and I hope to complete this work in October.
• I triaged #838199 and reassigned the issue to fonts-roboto. Initially I prepared an NMU but eventually the maintainer uploaded a new revision himself. It is now possible to install the hinted and unhinted versions of fonts-roboto together which also resolved former installation problems with kodi and freeorion.

Debian Java

• I packaged new upstream releases of undertow, activemq and jackrabbit.
• I fixed RC bugs in libphonenumber (#836768), wagon2 (#837022) and activemq (#839244).
• I updated syncany in experimental and simplified the packaging a little. Unfortunately upstream has been on hiatus for the past year and we haven't seen new releases in the meantime. Nevertheless give it a try, even though it is still alpha software, it's an useful cloud-storage and synchronization tool.
• I sponsored a new upstream release of freeplane for Felix Natter.
• I prepared and uploaded security updates for jackrabbit and zookeeper in Jessie.

Debian LTS

This was my eight month as a paid contributor and I have been paid to work 12,25 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

• From 12. September until 19. September I was in charge of our LTS frontdesk. I triaged bugs in tiff3, mysql-5.5, curl, dropbear, mantis, icu, dwarfutils, jackrabbit, zendframework, zookeeper and graphicsmagick. For the latter I skimmed through all commits since the last version to identify the patches that fix the recent issues in graphicsmagick. I also answered questions on the mailing list and contacted Diego Biurrun again about his progress with libav. It is now anticipated that Hugo Lefeuvre and Diego will issue a new libav security release this month.
• I reviewed and tested a patch by Raphaël Hertzog for roundcube.
• DLA-629-1. Issued a security update for jackrabbit fixing 1 CVE.
• DLA-630-1. Issued a security update for zookeeper fixing 1 CVE.
• DLA-633-1. Issued a security update for wordpress fixing 7 CVE. This one also required backports of certain functions from newer releases and a database upgrade that required careful testing.
• I also issued DLA-622-1 and DLA-623-1, two security issues that I already mentioned last month. It was discovered that Debian's versions of Tomcat were vulnerable to a root privilege escalation issue. However it was also necessary that another exploit, for instance in a web application, could be used to gain write access as the tomcat user. Former security issues were already fixed and new ones are not known. Nevertheless since a zero-day exploit could not be ruled out, the issue was embargoed for a month to give other distributions time to fix this issue as well. You can read more about this topic at legalhackers.com.

Non-maintainer uploads

• I fixed various RC bugs in several games that are not maintained by the Games Team. The following games will be available in Stretch again soon: solarwolf, enigma, open-invaders, crrcsim, noiz2sa, csmash, csmash-demosong and glob2.

Misc

• I packaged a new upstream release of MediathekView.
• I uploaded a new revision of xarchiver and applied a patch from Helmut Grohne that made it possible to cross-build the package.