Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.
- I started the month by backporting the latest version of minetest to buster-backports.
- New versions of Springlobby, the single and multiplayer lobby for the Spring RTS engine, and Freeciv (now at 2.6.1) were packaged.
- I had to remove python-pygccxml as a build-dependency from spring because of the Python 2 removal and there was also another unrelated build failure that got fixed as well.
- I also released a new version of the debian-games metapackages. A considerable number of games were removed from Debian in the past months, in parts due to the ongoing Python 2 removal but also because of inactive maintainers or upstreams. There were also some new games though. Check out the 3.1 changelog for more information. As a consequence of our Python 2 goal, the development metapackage for Python 2 is gone now.
- This month I packaged new releases of jboss-logging-tools, jackson-databind, jackson-jr, jackson-dataformat-xml and qdox2.
- I prepared a security update of tomcat8 for Stretch released as DSA 4596-1. Thanks to Peter Hurtenbach for his help with testing the package.
- The imlib2 image library was updated to version 1.6.1 and now supports the webp image format.
- I backported the Thunderbird addon dispmua to Buster and Stretch because the new Thunderbird ESR version had made it unusable.
- I also updated binaryen, a compiler and library for WebAssembly and asked upstream if they could relax the build-dependency on Git which they did.
From 23.12.2019 until 05.01.2020 I was in charge of our LTS frontdesk. I investigated and triaged CVE in sudo, shiro, waitress, sa-exim, imagemagick, nss, apache-log4j1.2, sqlite3, lemonldap-ng, libsixel, graphicsmagick, debian-lan-config, xerces-c, libpodofo, vim, pure-ftpd, gthumb, opencv, jackson-databind, pillow, fontforge, collabtive, libhibernate-validator-java, lucene-solr and gpac.
- DLA-2051-1. Issued a security update for intel-microcode fixing 2 CVE.
- DLA-2058-1. Issued a security update for nss fixing 1 CVE.
- DLA-2062-1. Issued a security update for sa-exim fixing 1 CVE.
- I prepared a security update for tomcat7 by updating to the latest upstream release in the 7.x series. It is pending review by Mike Gabriel at the moment.
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my nineteenth month and I have been assigned to work 15 hours on ELTS.
- I was in charge of our ELTS frontdesk from 23.12.2019 until 05.01.2020 and I triaged CVE in sqlite3, libxml2 and nss.
- ELA-200-2. Issued a security update for intel-microcode.
- Worked on tomcat7, CVE-2019-12418 and CVE-2019-17563, and finished the patches prepared by Mike Gabriel. We have discovered some unrelated test failures and are currently investigating the root cause of them.
- Worked on nss, which is required to build OpenJDK 7 and also needed at runtime for the SunEC security provider. I am currently investigating CVE-2019-17023 which has been assigned only a few days ago.
- ELA-206-1. Issued a security update for apache-log4j1.2 fixing 1 CVE.
Thanks for reading and see you next time.