Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.
DebConf18 in Hsinchu/Taiwan
- This year the annual Debian Conference took place in the city of Hsinchu/Taiwan. I was there from the 26th of July to the 6th of August. I enjoyed almost two weeks of hacking and talks and met more than a few nice people. I gave an updated talk about the current status of Debian Games and started a project to improve our Java packaging documentation (more about that in the next blog post).
- DebConf18 wasn't all about talking. I actually got some work done. I started with wbar (RC #897885) and lwjgl (RC #893302). I hope we still don't need OpenJDK 8 in buster for building packages but I don't think it would be the end of the world as long as we can avoid a runtime dependency. However it is clear that this only prolongs the inevitable. In libpdfbox2-java I could close (#899183) after I made sure that the last update corrected the problem. In the same vein I triaged an RC bug in asc after it became clear that asc was not affected by the GCC-8 transition.
- I had a go at libjide-oss-java (RC, #897491). So basically the package won't compile with OpenJDK 10 and later anymore because it depends on classes that were removed from the JDK. Fortunately for us they were only Windows-specific, so I could just remove the non-building classes. I hope there will be a better upstream solution in the future.
- I sponsored updates for cutemaze, connectagram and tanglet for Innocent de Marchi.
- I packaged new upstream releases of several games and Java packages too and also released an update of debian-games, a Blend and collection of metapackages. New versions this month: libokhttp-java, okio, blockattack, peg-e, hexalate, robocode, freeorion, hyperrogue and freeciv.
- I released a small bug fix release for marsshooter and hopefully made some KDE users happy.
- Thanks to Reiner Herrmann love and mrrescue are up-to-date again and free of RC bugs!
- I NMUed bomberclone and fixed/worked around a simple RC bug.
- Some guys talked me into maintaining https-everywhere, ublock-origin and privacybadger. 😉
- One of the best aspects of any conference is that you can just talk to someone who sits at the same table as you if you want to solve a problem. Together with Andreas Tille I could finally solve a packaging issue in pilon, which uses Scala. It would still be nice to have a working sbt build tool in Debian though.
- What can you say about Taiwan? I was impressed by the friendly people at the airport and railway stations who guided you along the way to Hsinchu and helped you out in case you struggled for directions. I have also learned on our day trip that you can just enter a police station to refill your water bottles. Those cold water producing machines are absolute lifesavers. Although I could only visit a small part of Taiwan and see Hsinchu and Taipei, I hope there will be a next time. Aah, and the weather was warm and humid. A bit too humid for my taste perhaps but I got used to it. Looking forward how it feels in spring or autumn. A big thanks goes out to all the people who organized and sponsored this DebConf. It was more than a pleasure.
- Previously I packaged new upstream versions of jboss-classfilewriter, jboss-logmanager and bouncycastle.
- I fixed an RC bug in sunflow.
- I restructured and rewrote our documentation about Java packaging. This is still work in progress, probably forever because it is a Wiki.
- Most exciting things happened at DebConf18 but before that I sponsored a new simutrans version, prepared by Jörg Frings-Fürst. Enjoy.
- From 09.07.2018 until 15.07.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in mailman, ruby-sprockets, beep, audiofile, gpac, libarchive-zip-perl, libgit2, znc, ant, ceph, xapian-core, wine, radare2, policykit-1 and taglib.
- DLA-1440-1. Issued a security update for libarchive-zip-perl fixing 1 CVE.
- DLA-1441-1. Issued a security update for sympa fixing 1 CVE.
- DLA-1442-1. Issued a security update for mailman fixing 2 CVE. (also DLA-1442-2)
- DLA-1445-1. Issued a security update for busybox fixing 10 CVE. Two regressions were discovered later and addressed in DLA-1445-2 and DLA-1445-3.
- DLA-1446-1. Issued a security update for intel-microcode fixing 2 CVE.
- DLA-1449-1. Issued a security update for openssl fixing 2 CVE.
- DLA-1452-1. Issued a security update for wordpress fixing 2 CVE.
- DLA-1453-1. Issued a security update for tomcat7 fixing 1 CVE.
- DLA-1465-1. Issued a security update for blender fixing 21 CVE.
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 "Wheezy". This was my second month and I have been paid to work 11.75 hours on ELTS.
- ELA-16-1. Issued a security update for tiff fixing 1 CVE.
- ELA-17-1. Issued a security update for linux 3.16 fixing 13 CVE.
- ELA-18-1. Issued a security update for intel-microcode fixing 3 CVE.
- ELA-19-1. Issued a security update for tiff3 fixing 2 CVE.
- ELA-20-1. Issued a security update for busybox fixing 10 CVE.
- I investigated open issues in apache2 and found out that it was not affected by CVE-2018-1333 and CVE-2018-8011.
- I was in charge of our ELTS frontdesk from 09.07.2018 until 15.07.2018 and triaged further CVE in audiofile, libsndfile, curl, couchdb, policykit-1, bouncycastle and cups.
Thanks for reading and see you next time.