Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.
- I advocated Phil Morrell to become Debian Maintainer with whom I have previously worked together on corsix-th. This month I sponsored his updates for scorched3d and the new play.it package, an installer for drm-free commercial games. Play.it is basically a collection of shell scripts that create a wrapper around games from gog.com or Steam and put them into a Debian package which is then seamlessly integrated into the user’s system. Similar software are game-data-packager, playonlinux or lutris (not yet in Debian).
- I packaged new upstream releases of blockattack, renpy, atomix and minetest, and also backported Minetest version 0.4.17.1 to Stretch later on.
- I uploaded RC bug fixes from Peter de Wachter for torus-trooper, tumiki-fighters and val-and-rick and moved the packages to Git.
- I tackled an RC bug (#897548) in yabause, a Saturn emulator.
- I sponsored connectagram, cutemaze and tanglet updates for Innocent de Marchi.
- Last but not least I refreshed the packaging of trophy and sauerbraten which had not seen any updates for the last couple of years.
- I packaged a new upstream release of activemq and could later address #901366 thanks to a bug report by Chris Donoghue.
- I also packaged upstream releases of bouncycastle, libpdfbox-java, libpdfbox2-java because of reported security vulnerabilities.
- I investigated and fixed RC bugs in openjpa (#901045), osgi-foundation-ee (#893382) and ditaa (#897494, Java 10 related).
- A snakeyaml update introduced a regression in apktool (#902666) which was only visible at runtime. Once known I could fix it.
- I worked on Netbeans again. It can be built from source now but there is still a runtime error (#891957) that prevents users from starting the application. The current plan is to package the latest release candidate of Netbeans 9 and move forward.
- From 18.06.2018 until 24.06.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in jasperreports, 389-ds-base, asterisk, lava-server, libidn, php-horde-image, tomcat8, thunderbird, glusterfs, ansible, mercurial, php5, jquery, redis, redmine, libspring-java, php-horde-crypt, mupdf, binutils, jetty9 and libpdfbox-java.
- DSA-4221-1. Issued a security update for libvncserver fixing 1 CVE.
- DLA-1398-1. Issued a security update for php-horde-crypt fixing 2 CVE.
- DLA-1399-1. Issued a security update for ruby-passenger fixing 2 CVE.
- DLA-1411-1. Issued a security update for tiff fixing 5 CVE.
- DLA-1410-1. Issued a security update for python-pysaml fixing 2 CVE.
- DLA-1418-1. Issued a security update for bouncycastle fixing 7 CVE.
Extended Long Term Support (ELTS) is a new project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my first month and I have been paid to work 7 hours on ELTS.
- ELA-1-1. Issued a security update for Git fixing 1 CVE.
- ELA-8-1. Issued a security update for ruby-passenger fixing 1 CVE.
- ELA-14-1. Backported the Linux 3.16 kernel from Jessie to Wheezy. This update also included backports of initramfs-tools and the linux-latest source package. The new kernel is available for amd64 and i386 architectures.
- I prepared security updates for libvncserver (Stretch, DSA-4221-1) and Sid) and bouncycastle (Stretch, DSA-4233-1)
Thanks for reading and see you next time.