Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.
- February was the last month to package new upstream releases before the full freeze, if the changes were not too invasive of course :-). Atomix, gamine, simutrans, simutrans-pak64, simutrans-pak128.britain and hitori qualified.
- I sponsored a new version of mgba, a Game Boy Advance emulator, for Reiner Herrmann and worked together with Bret Curtis on wildmidi and openmw. The latest upstream version resolved a long-standing bug and made it possible that the game engine, a reimplementation of The Elder Scrolls III: Morrowind, will be part of a Debian stable release for the first time.
- Johann Suhter reported a bug in one of brainparty’s minigames and also provided the patch. All I had to do was uploading it. Thanks. (#922485)
- I corrected a minor cross-build FTBFS in openssn. Patch by Helmut Grohne. (#914724)
- I released a new version of debian-games and updated the dependency list of our games metapackages. This is almost the final version but expect another release in one or two months.
- This months highlight was FOSDEM 19 in Brussels, Belgium. I gave a lightning talk about „Debian Java: Insights and challenges„. It was an interesting and fun event and I enjoyed it a lot.
- Jan Lahoda and Jaroslav Tulach helped me to find a solution for a Netbeans sealing violation error. (#920707) If I could even find a fix for the Git problem (#920706), that would be awesome.
- I fixed RC bugs in ca-certificates-java (#864657), groovy (#922755), lucene-solr (#917739, #914223), libjgraphx-java (#891796) and libjogl2-java (#893287).
- I found a workaround for a massive Javadoc problem which causes all -doc packages to fail to build from source. Tony Mancill implemented the patch and so we could resolve RC bug #919798 for Maven based software. Just recently we fixed the same problem for javahelper based packages.
- Permission problems in solr-tomcat prevented the server from working. After some discussion I eventually addressed this issue by extending the systemd configuration of tomcat9 via a conf file installed by solr-tomcat. (#919638)
- New upstream versions: sweethome3d, jboss-xnio, jboss-classfilewriter, jboss-logmanager, intellij-annotations, libokhttp-java and libjavaewah-java.
- I packaged new upstream releases of ublock-origin, binaryen, https-everywhere and privacybadger.
- Joey Hess reported a problem with iftop which I forwarded upstream (#922427)
- I fixed a dependency strength bug in mediathekview. (#921613)
- From 25.02.2019 until 03.03.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in sox, collabtive, libkohana2-php, ldb, libpodofo, libvirt, openssl, wordpress, twitter-bootstrap, ceph, ikiwiki, edk2, advancecomp, glibc, spice-xpi and zabbix.
- DLA-1675-1. Issued a security update for python-gnupg fixing 1 CVE.
- DLA-1676-1. Issued a security update for unbound fixing 1 CVE.
- DLA-1696-1. Issued a security update for ceph fixing 2 CVE.
- DLA-1701-1. Issued a security update for openssl fixing 1 CVE.
- DLA-1702-1. Issued a security update for advancecomp fixing 2 CVE.
- DLA-1703-1. Issued a security update for jackson-databind fixing 10 CVE.
- DLA-1706-1. Issued a security update for poppler fixing 5 CVE.
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my ninth month and I have been paid to work 15 hours on ELTS.
- I was in charge of our ELTS frontdesk from 25.02.2019 until 03.03.2019 and I triaged CVE in file, gnutls26, nettle, libvirt, busybox and eglibc.
- ELA-84-1. Issued a security update for gnutls26 fixing 4 CVE. I also investigated CVE-2018-16869 in nettle and also CVE-2018-16868 in gnutls26. After some consideration I decided to mark these issues as ignored because the changes were invasive and would have required intensive testing. The benefits appeared small in comparison.
- ELA-88-1. Issued a security update for openssl fixing 1 CVE.
- ELA-90-1. Issued a security update for libsdl1.2 fixing 11 CVE.
- I started to work on sqlalchemy which requires a complex backport to fix a possible SQL injection vulnerability.
Thanks for reading and see you next time.