Welcome to gambaru.de. Here is my monthly report (+ the first week in December) that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.
- I updated ufoai, UFO: Alien Invasion, and had to remove its map editor uforadiant because it depends on obsolete GTK 2 libraries. This prevented the removal of the whole game from testing. Upstream is looking for help to port the editor to GTK 3.
- ArmagetronAD, a light cycle game, was updated to version 0.2.9.0.1 and then to 0.2.9.1.0. Apparently the developers had some Corona related spare time and fixed various bugs.
- I could fix a display error in bastet’s highscore list, a ncurses falling block game. (#931550)
- At the end of the release cycle I usually update all of my remaining packages which haven’t been updated already. Most of the time I check if a package is still Policy compliant with the latest released version of the Debian Policy and I switch to the latest debhelper compatibility level and do some other polishing. This affected the following games: abe, amoebax, late, zangband, brainparty, dangen, and etw.
- I also packaged new versions of berusky, a sokoban game, and freeciv, the famous strategy game and
- sponsored a bug fix update of whichwayisup for Reiner Herrmann and
- did a NMU for fonts-play, patch by Martin Erik Werner, to prevent the removal of Red Eclipse, a first person shooter, from testing.
- Similar to games I also update the remaining Java packages at the end of the release cycle with focus on my own packages but also other team maintained packages which haven’t seen updates for quite a long time. Hence I touched libjcommon-java, libjemmy2-java, libjfreechart-java, libcsv-java, electric and dbus-java. I dropped dbus-java-bin because it was of little value for users, the tools were not working as intended and buggy. The project itself is no longer actively developed but it appears there is a fork with new updates. As long as the reverse-dependencies of libdbus-java continue to function I don’t plan to switch though.
- updated libxstream-java to fix CVE-2020-26217 and fixed a FTBFS in libmbassador-java.
- New upstream releases this month: libsambox-java, libsejda-java, libtwelvemonkeys-java, pdfsam, jboss-modules and jboss-xnio.
- The buster update of ublock-origin has been accepted.
- I packaged the latest version of https-everywhere.
- imlib2 failed to build from source on big endian architectures. A trivial patch to declare a variable could solve the problem.
- I also updated byzanz, a screen recorder.
- DLA-2447-1. Issued a security update for libxstream-java fixing 1 CVE.
- Triaged the open CVE in webcit as ignored in line with the latest version in Buster. The package was recently removed from Debian.
- Completed the package upgrade of pacemaker. My local tests finished successfully but I will only upload it if I get positive feedback from the users who reported the previous regression. The update would fix all remaining security issues but as with any new version there is a risk of introducing regressions.
- Continued the work on ansible.
Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 8 „Jessie“. This was my 30. month and I have been paid to work 15 hours on ELTS.
- ELA-326-1. Issued a security update for libxstream-java fixing 1 CVE.
- ELA-329-1. Investigated the eight remaining CVE in jasper. I could fix four CVE. It looks the rest is either not security relevant or can only be observed when jasper is compiled with ASAN.
- Investigated the remaining CVE in phpmyadmin and synced the fixes from Stretch with the released version in Jessie.
Thanks for reading and see you next time.