Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.
- Time's almost up and the soft freeze is near. In January I packaged a couple of new upstream versions for Teeworlds (0.7.2), Neverball (this one was a Git snapshot because they apparently don't like regular releases), cube2-data (easy, because I am upstream myself), adonthell and adonthell-data, fifechan, fife and unknown-horizons.
- After I uploaded the latest Teeworlds release to stretch-backports too, I sponsored pegsolitaire for Juhani Numminen and a shiny new Supertux release for Reiner Herrmann.
- I updated KXL, the Kacchan X Windows System Library. You have never heard of it? Well, never mind. However it powers three Debian games.
- Last but not least I updated btanks, your fast 2D tank arcade game.
- I spent a lot of time this month to get Netbeans into shape again. All patches had to be rebased and a new version of libnb-javaparser-java (RC, #893264) was needed. In the end libnb-platform18-java and visualvm could be fixed as well. There are still some bugs I am aware of. I hope some of them can be fixed in time.
- New upstream releases this month: qdox2, jboss-modules, jboss-threads, sweethome3d, sweethome3d-furniture-editor, sweethome3d-textures-editor and pdfsam.
- I reverted the last update of jackrabbit to work around the FTBFS in davmail (#917174).
- I removed the build-dependency on libandroid-23-java which solved RC bug #918282 in libokhttp-java.
- After some discussions I hope lwjgl, a lightweight game library written in Java, (RC, #912631), is usable again.
- I packaged new upstream releases of xarchiver, ublock-origin, binaryen, wabt and https-everywhere.
- Iftop supports multi-gigabit interfaces now. (#918758)
- I requested the removal of mysql-connector-java. (#920703)
This was my thirty-fifth month as a paid contributor and I have been paid to work 20,5 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:
- From 28.01.2019 until 03.02.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in mupdf, coturn, php5, netkit-rsh, guacamole-client, openjdk-7, python-numpy, python-gnupg, muble, mysql-connector-python, enigmail, python-colander, slurml-llnl, sox, uriparser, and drupal7.
- DLA-1631-1. Issued a security update for libcaca fixing 4 CVE.
- DLA-1633-1. Issued a security update for sqlite3 fixing 5 CVE.
- DLA-1650-1. Issued a security update for rssh fixing 1 CVE.
- DLA-1656-1. Issued a security update for agg fixing 1 CVE. This one required a sourceful upload of desmume and exactimage as well because agg provides only a static library.
- DLA-1662-1. Issued a security update for libthrift-java fixing 1 CVE.
- DLA-1673-1. Issued a security update for wordpress fixing 7 CVE.
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 "Wheezy". This was my eight month and I have been paid to work 15 hours on ELTS.
- I was in charge of our ELTS frontdesk from 28.01.2019 until 03.02.2019 and I triaged CVE in php5 and systemd.
- ELA-81-1. Issued a security update for systemd fixing 2 CVE. I investigated CVE-2018-16865 and found that systemd was not exploitable. I marked CVE-2018-16864, CVE-2018-16866 and CVE-2018-15688 as <not-affected> because the vulnerable code was introduced later.
- ELA-83-1. Issued a security update for php5 fixing 7 upstream bugs. No CVE have been assigned yet but upstream intends to do so shortly.
Thanks for reading and see you next time.