My Free Software Activities in March 2017

Welcome to Here is my monthly report that covers what I have been doing for Debian. If you're interested in Android, Java, Games and LTS topics, this might be interesting for you.

Debian Android

  • A new upstream release of apktool was uploaded to experimental.

Debian Games

  • I packaged new upstream releases of megaglest and megaglest-data.
  • I fixed a bug in pangzero (#857474) that crashed the game when someone pressed the pause key. The updated package will be part of Stretch.
  • The severity was inflated and the issue debatable but since it took less time to "fix" bug #857801 in dopewars than writing this sentence, I did it anyway.
  • I fixed bug #857236 and #857845 in holotz-castle. Background: There are various packages in Debian that ship a considerable amount of documentation which is usually a good thing. We always strive to optimize packages and reducing the package size is one option. In the past people thought that symlinking the doc directory of an arch:all (architecture-independent) package to an an arch:any (architecture-dependent) package saves disk space because it is not necessary to duplicate the same content on every architecture. Unfortunately this feature, dh-installdocs --link-doc, is broken by design (#766711) and in its current state not usable for this use case. As a consequence I filed a bug report against #857851, asked for an improvement of piuparts' status reports and also filed #857852 against dpkg which was later cloned into #858036 for debhelper. In a nutshell I would like to see better documentation how to use dh-maintscript-helper and *.maintscript files. I also believe it would be nice to simplify the latter by using only one file.

Debian Java

  • I packaged version 5.4 of sweethome3d and added myself to Uploaders and closed two bugs (#854030),(#856769)
  • I fixed an RC bug (#856626) in lucene-solr, more precisely in one of the configuration files of solr-tomcat, a search engine with Tomcat integration, that prevented the server from starting.
  • I am still investigating an RC issue (#857343) in logback. This is a potential security vulnerability that allows remote attackers to execute arbitrary code. My first patch was incomplete and more backported code from the latest upstream release is required. Unfortunately upstream was not very helpful in tracking down the necessary code changes. My question still remains unanswered.
  • Netbeans (#837081): Netbeans has been crashing from time to time. It is not easy to trigger the issue but it is related to libatk-wrapper-java-jni and the Accessibility ToolKit (ATK). I have cloned bug number #837081 as #858700 for now because I don't think it can be fixed in Netbeans.

Debian LTS

This was my thirteenth month as a paid contributor and I have been paid to work 14,75 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 06. March until 13. March I was in charge of our LTS frontdesk. I triaged security issues in qbittorrent, imagemagick, freetype, glibc, vim, suricada, texlive-base, web2py, lxc, r-base, mysql-5.5, partclone, irrsi, wordpress, mupdf and php5.
  • DLA-846-1. Issued a security update for libzip-ruby fixing 1 CVE.
  • DLA-853-1. Issued a security update for pidgin fixing 1 CVE.
  • DLA-855-1. Issued a security update for roundcube fixing 1 CVE.
  • DLA-860-1. Issued a security update for wordpress fixing 3 CVE.
  • DLA-870-1. Issued a security update for libplist fixing 3 CVE.
  • DLA-872-1. Issued a security update for xrdp fixing 1 CVE.
  • DLA-875-1. Issued a security update for php5 fixing 3 CVE.


  • March 2017 also saw a new version of MediathekView (now in experimental).

Thanks for reading and see you next time.

2 Replies to “My Free Software Activities in March 2017”

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.