Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.
- New upstream versions this month: bzflag and pygame-sdl2.
- I investigated a serious issue reported against widelands. (#880990) It turned out that SDL2 was temporarily broken in testing and made the game unusable.
- I fixed two RC bugs in atomix (#882004) and asc (#881998).
- The bug fix for simutrans was eventually accepted into Stretch. (#869029). Thanks to Adam.
- I updated a few packages, applied patches and made some improvements in viruskiller (#860731, #726900), bulletml (#847035), lierolibre (#806452) and sdlbasic (#814025).
- New upstream versions this month: undertow, jackrabbit, libpdfbox2, easymock, libokhttp-java, mediathekview, pdfsam, libsejda-java, libsambox-java and libnative-platform-java.
- I updated bnd (2.4.1-7) in order to help with the removal of Eclipse from Testing. Unfortunately there is more work to do and the only way forward is to package a newer version of Eclipse and to split the package in a way, so that such issues can be avoided in the future. P.S.: We appreciate help with maintaining Eclipse! (#681726)
- I sponsored libimglib2-java for Ghislain Antony Vaillant.
- I fixed a regression in libmetadata-extractor-java related to relative classpaths. (#880746)
- I spent more time on upgrading Gradle to version 3.4.1 and finally succeeded. The package is in experimental now. Upgrading from 3.2.1 to 3.4.1 didn't seem like a big undertaking but the 8 MB debdiff and ~170000 lines of code changes proved me wrong. I discovered two regressions with this version in mockito and bnd. The former one could be resolved but bnd requires probably an upgrade as well. I would like to avoid that at the moment because major bnd upgrades tend to affect dozens of reverse-dependencies, mostly in a negative way.
- Netbeans was affected by a regression in jaxb and failed to build from source. (#882525) I could partly revert the damage but another bug in jaxb 2.3.0 is currently preventing a complete recovery.
- I fixed two Java 9 transition bugs in libnative-platform-java (#874645) and jedit (#875583).
This was my twenty-first month as a paid contributor and I have been paid to work 14.75 hours (13 +1.75 from October) on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:
- DLA-1177-1. Issued a security update for poppler fixing 4 CVE.
- DLA-1178-1. Issued a security update for opensaml2 fixing 1 CVE.
- DLA-1179-1. Issued a security update for shibboleth-sp2 fixing 1 CVE.
- DLA-1180-1. Issued a security update for libspring-ldap-java fixing 1 CVE.
- DLA-1184-1. Issued a security update for optipng fixing 1 CVE.
- DLA-1185-1. Issued a security update for sam2p fixing 1 CVE.
- DLA-1197-1. Issued a security update for sox fixing 7 CVE.
- DLA-1198-1. Issued a security update for libextractor fixing 6 CVE. I also discovered that libextractor in buster/sid is still affected by more security issues and reported my findings as Debian bug #883528.
- I packaged a new upstream release of osmo, a neat task manager and calendar application.
- I prepared a security update for sam2p, which will be part of the next Jessie point release, and libspring-ldap-java. (DSA-4046-1)
Thanks for reading and see you next time.