Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.
- Again Yavor Doganov saved the day by porting monster-masher away from obsolete libraries like esound and gconfmm (RC, #848052, #856086, #885037). I reviewed and sponsored the package for him again.
- Gürkan Myczko prepared a new upstream version of greed, a classic text-console game. I provided a desktop icon and sponsored the upload.
- Several games failed to build from source because freetype-config is gone and pkg-config must be used from now on. That required RC bug fixes in asc (#887600), brutalchess (#892337, patch by Reiner Herrmann), cube2font (#892330, patch by Reiner Herrmann with additional updates by Martin Erik Werner) and scorched3d (#892434, patch by Adrian Bunk)
- I packaged new upstream versions of pcsx2, a Playstation 2 emulator, to fix RC bug #907411, also pygame-sdl2, renpy and bzflag.
- I refreshed the packaging of abe, asc-music, amoebax, angrydd, airstrike, burgerspace, berusky2 and berusky-data.
- Dima Kogan approached me about improving the current Bullet packaging and provided patches to build the double-precision library versions too. Bullet is a state-of-the-art C++ library for 3D collision detection, soft body and rigid body dynamics. I once introduced it to Debian because it was a required build-dependency of freeorion. Nowadays it powers several scientific applications. I still maintain it because I think it is a very useful library, e.g. used among others by openrobotics.
- I spent most of the time this month on updating Teeworlds. Since I run a Teeworlds server myself I discovered a remote denial-of-service vulnerability first hand. Of course my server was not the only target and the upstream developers had already released a fix. But I only got aware of it by chance. So I requested CVE-2018-18541, packaged the latest upstream release 0.7.0 and also prepared a security update for Stretch, released as DSA-4329-1.
- Last but not least I sponsored a new game created and prepared by Gerardo Ballabio called galois. It is a tetris-like game with special features like 3D and different brick shapes. It is currently waiting in the NEW queue.
- October 2018 finally saw the switch to OpenJDK 11 as the default Java implementation in Debian. We will release with OpenJDK 11 because it is a long-term release and supported for at least five years. Although the fallout was not as bad when we switched from Java 8 to Java 9, a considerable amount of packages started to FTBFS again because of removed classes like javax.activation or jaxb API.
- This month I could also make significant progress with fixing OpenJFX 11 applications. MediathekView is back on track (#910395, #912350) as is PDFsam (RC, #886394). I had to overcome a bug in openjfx first (RC, #910501) only to discover that GTK3 features are buggy on Wayland at the moment #910764. The latter is clearly an upstream bug and I currently work around it by using GTK 2.
- In a nutshell here are the updated Java packages for October including new upstream versions and RC bug fixes. libapache-mod-jk, gradle-jflex-plugin, qdox2, jackson-dataformat-xml, jackson-jr, cglib, lombok-patcher (#906383), lombok, lombok-ast (#906382), commons-pool2, jboss-logmanager, libpdfbox2-java (CVE-2018-11797), libpdfbox-java (CVE-2018-11797), fontawesomefx (RC, #893194), triplea (RC, #874132), syncany (RC, #910457), libsambox-java, libsejda-java, objenesis, jackrabbit, sweethome3d, sweethome3d-furniture, sweethome3d-furniture-editor, libcodesize-java, trove3 (RC, #912265), easymock, jboss-jdeparser (RC, #912295), mockito (RC, #910738), jboss-modules (RC, #912296), objenesis (RC, #911980)
- For MediathekView 13.2.1 I needed new packages: commons-dbcp2, jiconfont, jiconfont-swing, jiconfont-awesome. They are currently waiting in the NEW queue.
- I sponsored android-platform-system-core for Kai-Chung Yan and did a non-maintainer upload for eboard, a chess client to fix RC bug #893167. I forwarded some patches and I hope we will see another upstream release in the near future that addresses some issues.
- I packaged a new upstream release of ublock-origin.
- From 08.10.2018 until 14.10.2018 and 29.10.2018 until 4.11.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in gnulib, otrs2, tcpreplay, net-snmp, ghostscript, paramiko, pyopenssl, qpdf, requests, glassfish, imagemagick, tomcat8, tomcat7, moin, glusterfs, mono, tiff, systemd, network-manager, shellinabox, openssl, curl, squid3, icecast2, sdl-image1.2, libsdl2-image, mkvtoolnix, libapache-mod-jk, mariadb-10.0, mysql-connector-java and jasper.
- There was a problem with our list manager and some announcements could not be preserved.
- DLA-1535-1. Issued a security update for php-horde fixing 1 CVE.
- DLA-1536-1. Issued a security update for php-horde-core fixing 1 CVE.
- DLA-1537-1. Issued a security update for php-horde-kronolith fixing 1 CVE.
- DLA-1540-1. Issued a security update for net-snmp fixing 1 CVE.
- DLA-1543-1. Issued a security update for gnulib fixing 1 CVE.
- DLA-1544-1. Issued a security update for tomcat7 fixing 1 CVE.
- DLA-1545-1. Issued a security update for tomcat8 fixing 1 CVE.
- DLA-1546-1. Issued a security update for moin fixing 1 CVE.
- DLA-1552-1. Issued a security update for ghostscript fixing 3 CVE.
- DLA-1564-1. Issued a security update for mono fixing 1 CVE.
- DLA-1565-1. Issued a security update for glusterfs fixing 5 CVE.
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my fifth month and I have been paid to work 15 hours on ELTS.
- I was in charge of our ELTS frontdesk from 15.10.2018 until 21.10.2018 and I triaged CVE in chromium-browser, ghostscript, openexr, unzip, virtualbox, elfutils, liblivemedia, exiv2, movabletype-opensource, quemu, quemu-kvm, tiff and tcpreplay.
- ELA-50-1. Issued a security update for linux fixing 34 CVE.
- ELA-51-1. Issued a security update for tomcat7 fixing 1 CVE.
- ELA-54-1. Issued a security update for curl fixing 1 CVE.
- ELA-55-1. Issued a security update for firmware-nonfree fixing 8 CVE.
Thanks for reading and see you next time.