Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.
- Python 3 ports: I reviewed and sponsored krank and solarwolf for Reiner Herrmann. Thanks to his diligent work two more Python games were ported to Python 3. He also packaged a new upstream release of hyperrogue and improved the build system. Less memory is required to build hyperrogue now and some buildd are thankful for that.
- The bullet transition got finally approved and completed successfully.
- I uploaded a new version of pygame-sdl2 to experimental which supports Python 3 now. However the library is still exclusively needed for renpy but upstream hasn’t finished the porting work to Python 3 yet. Hopefully this will be done next year. That means the new version of renpy which I also packaged this month still depends on Python 2.
- I fixed two bugs in Freeciv, the famous strategy game, by replacing fonts-noto-cjk with fonts-unfonts-core. (#934588) The latter fonts looks apparently better on ordinary screens. The second one was simple to fix, I just had to remove an unneeded Python 2 build-dependency. (#936553)
- The strategy game asc, a neat clone of Battle Isle 2, also needed some attention this month. I had to replace libwxgtk3.0-dev with libwxgtk3.0-gtk3-dev. (#943439)
- I did a QA upload of open-invaders because the maintainer email address was bouncing. The game needs a new maintainer.
- A new version of libhibernate-validator-java broke pdfsam in unstable. Fortunately the library couldn’t migrate to testing before the bug was reported. I haven’t completely figured out yet how to address this in pdfsam.
- I also packaged new upstream versions of jackson-jr, jackson-dataformat-xml, jackson-datatype-joda, jboss-xnio and objenesis.
- I prepared a security update of jackson-databind for Stretch and Buster released as DSA-4542-1.
- I packaged a new version of privacybadger, and backported ublock-origin to Stretch and Buster because the addon was incompatible with the latest Firefox ESR release.
- From 14.10.2019 until 20.10.2019 and from 28.10.2019 until 03.11.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in wordpress, ncurses, opencv, pillow, poppler, golang, gdal, lz4, python-reportlab, ruby-haml, vips, rdesktop, modsecurity-crs, zabbix, polarssl and tika.
- DLA-1960-1. Issued a security update for wordpress fixing 7 CVE.
- DLA-1966-1. Issued a security update for aspell fixing 1 CVE.
- DLA-1973-1. Issued a security update for libxslt fixing 1 CVE.
- DLA-1978-1. Issued a security update for python-ecdsa fixing 2 CVE.
- DLA-1982-1. Issued a security update for openafs fixing 2 CVE.
- I triaged 17 CVE in libgig and forwarded the result upstream. After the investigation I decided to mark these issues as no-dsa because all in all the security risk was low. (#931309)
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my seventeenth month and I have been assigned to work 15 hours on ELTS plus five hours from September. I used 8 of them for the following:
- ELA-185-1. Issued a security update for libxslt fixing 1 CVE.
- ELA-186-1. Issued a security update for libssh2 fixing 1 CVE.
- ELA-187-1. Issued a security update for cpio fixing 1 CVE. The update was prepared by Ola Lundqvist.
- ELA-188-1. Issued a security update for djvulibre fixing 1 CVE.
- I worked on OpenJDK 7. I contacted upstream and asked for a new IcedTea release on which we rely for packaging new upstream releases of OpenJDK. The release is still delayed.