Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. ( a bit later than usual) If you’re interested in Java, Games and LTS topics, this might be interesting for you.
- Lars Kruse reported a bug in the gui-sdl2 theme of Freeciv, the famous strategy game, which I could quickly fix. (#923563)
- I fixed RC bug #922947 in retroarch-assets because of a change in fonts-roboto that broke symlinks to font files.
- Pedro Pena and Carlos Donizete Froes packaged two new games for Debian, Infinitetux (Pedro) and Pekka Kana 2 (Carlos). I reviewed and sponsored both games and they are currently waiting in the NEW queue. Infinitetux is a Super Mario like game written in Java. The original author of the game is no one else than Markus Persson, the developer of Minecraft. This game is one of his previous works that used the original game content from Nintendo. However Pedro completely replaced the artwork with freely available images and sounds. Quite interesting for Java developers: The game requires no third-party libraries and uses only classes from the JDK. Pekka Kana 2 is another jump-and-run game from Finnish creator Janne Kivilahti. He kindly released his game under a permissive BSD-2-clause license.
- I tackled several RC bugs in Java packages this month.
- libjogl2-java (#887140): The package failed to build on several non-supported architectures. Since we are already glad that it works on amd64 I had to limit the support in debian/control to those architectures where the package may be useful.
- lucene-solr (#919638): Solr refused to start with Tomcat 9 because of more strict permissions in Tomcat’s systemd service file. I initially tried to fix this in Tomcat but had to add a new systemd conf file to lucene-solr that overrides the permissions now.
- javahelper (#923756): I implemented a workaround for Javadoc build failures that started to occur only two months ago after the OpenJDK 11 package was upgraded.
- owasp-java-html-sanitizer (#923654): I removed the now non-existent build-dependency on libjsr305-java-doc.
- sweethome3d (#924594): I had to replace the virtual dependency on icedtea-netx-common with icedtea-netx.
- I triaged a RC bug in libitext-java (#923364). Unfortunately the bug submitter did not provide further information.
- It is a bit sad that Netbeans is currently affected by a severe bug which makes it impossible to create new Java projects. (#925509) I tried to fix it but I am stuck now. Help is appreciated.
- I provided a patch to fix RC bug #923759 in netlib-java.
- The ublock-origin addon does not work anymore with Firefox 66 in unstable (#925337) which is caused by a value in its manifest file, incognito:split, that is not supported by Firefox. Previous versions of Firefox just emitted a warning, now it is fatal. The same value works fine with Chromium. At the moment we provide one webextension package for both browsers in Debian but it looks like we have to consider to provide two different packages of ublock-origin again, to avoid such pitfalls in the future. I have filed #926586 to get more feedback.
- From 25.03.2019 until 31.03.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in twig, ruby2.1, znc, wpa, cloud-init, dovecot, edk2, activemq, bwa, tomcat8, mosquitto, gpsd, nuget, rails, robocode, libav and clamav.
- DLA-1708-1. Issued a security update for zabbix fixing 2 CVE.
- DLA-1711-1. Issued a security update for systemd fixing 1 CVE.
- DLA-1733-1. Issued a security update for wpa fixing 1 CVE.
- DLA-1736-1. Issued a security update for dovecot fixing 1 CVE.
- DLA-1738-1. Issued a security update for gpsd fixing 1 CVE.
- DLA-1739-1. Issued a security update for rails fixing 2 CVE.
- DLA-1753-1. Issued a security update for proftpd-dfsg to fix several memory leaks. However it turned out that under certain conditions #926719 the daemon now closes sftp connections. This appears to be an upstream bug that was fixed in version 1.3.6. I will investigate if we have to revert to the previous version or if we can move forward.
- DLA-1755-1. Issued a security update for graphicsmagick fixing 6 CVE.
- While I was working on DLA-1755-1 I discovered a regression in jasper which I addressed with DLA-1628-2.
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 “Wheezy”. This was my tenth month and I have been paid to work 15 hours on ELTS.
- I was in charge of our ELTS frontdesk from 11.03.2019 until 17.03.2019 and I triaged CVE in cron, ntp, gdk-pixbuf, glib2.0 and libssh2.
- ELA-92-1. Issued a security update for xmltooling fixing 1 CVE.
- ELA-94-1. Issued a security update for openssh fixing 3 CVE.
- ELA-105-1. Issued a security update for sqlalchemy fixing 2 CVE.
- I started to work on src:linux and will provide a new package next week.
Thanks for reading and see you next time.