{"id":10159,"date":"2017-04-03T18:49:52","date_gmt":"2017-04-03T16:49:52","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10159"},"modified":"2017-04-03T18:49:52","modified_gmt":"2017-04-03T16:49:52","slug":"my-free-software-activities-in-march-2017","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2017\/04\/03\/my-free-software-activities-in-march-2017\/","title":{"rendered":"My Free Software Activities in March 2017"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Android, Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Android<\/h2>\n<ul>\n<li>A new upstream release of <a href=\"https:\/\/tracker.debian.org\/pkg\/apktool\">apktool<\/a> was uploaded to experimental.<\/li>\n<\/ul>\n<h2>Debian Games<\/h2>\n<ul>\n<li>I packaged new upstream releases of <a href=\"https:\/\/tracker.debian.org\/pkg\/megaglest\">megaglest<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/megaglest-data\">megaglest-data<\/a>.<\/li>\n<li>I fixed a bug in <a href=\"https:\/\/tracker.debian.org\/pkg\/pangzero\">pangzero<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=857474\">#857474<\/a>) that crashed the game when someone pressed the pause key. The updated package will be part of Stretch.<\/li>\n<li>The severity was inflated and the issue debatable but since it took less time to \"fix\" bug <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=857801\">#857801<\/a> in <a href=\"https:\/\/tracker.debian.org\/pkg\/dopewars\">dopewars<\/a> than writing this sentence, I did it anyway.<\/li>\n<li>I fixed bug <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=857236\">#857236<\/a> and <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=857845\">#857845<\/a> in <a href=\"https:\/\/tracker.debian.org\/pkg\/holotz-castle\">holotz-castle.<\/a> Background: There are various packages in Debian that ship a considerable amount of documentation which is usually a good thing. We always strive to optimize packages and reducing the package size is one option. In the past people thought that symlinking the doc directory of an arch:all (architecture-independent) package to an an arch:any (architecture-dependent) package saves disk space because it is not necessary to duplicate the same content on every architecture. Unfortunately this feature, dh-installdocs --link-doc, is broken by design (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=766711\">#766711<\/a>) and in its current state not usable for this use case. As a consequence I filed a bug report against tracker.debian.org <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=857851\">#857851<\/a>, asked for an improvement of piuparts' status reports and also filed <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=857852\">#857852<\/a> against <a href=\"https:\/\/tracker.debian.org\/pkg\/dpkg\">dpkg<\/a> which was later cloned into <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=858036\">#858036<\/a> for <a href=\"https:\/\/tracker.debian.org\/pkg\/debhelper\">debhelper<\/a>. In a nutshell I would like to see better documentation how to use dh-maintscript-helper and *.maintscript files. I also believe it would be nice to simplify the latter by using only one file.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>I packaged version 5.4 of <a href=\"https:\/\/tracker.debian.org\/pkg\/sweethome3d\">sweethome3d<\/a> and added myself to Uploaders and closed two bugs (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=854030\">#854030<\/a>),(<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=856769\">#856769<\/a>)<\/li>\n<li>I fixed an RC bug (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=856626\">#856626<\/a>) in <a href=\"https:\/\/tracker.debian.org\/pkg\/lucene-solr\">lucene-solr<\/a>, more precisely in one of the configuration files of solr-tomcat, a search engine with Tomcat integration, that prevented the server from starting.<\/li>\n<li>I am still investigating an RC issue (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=857343\">#857343<\/a>) in <a href=\"https:\/\/tracker.debian.org\/pkg\/logback\">logback<\/a>. This is a potential security vulnerability that allows remote attackers to execute arbitrary code. My first patch was incomplete and more backported code from the latest upstream release is required. Unfortunately upstream was not very helpful in tracking down the necessary code changes. <a href=\"http:\/\/mailman.qos.ch\/pipermail\/logback-user\/2017-March\/004875.html\">My question<\/a> still remains unanswered.<\/li>\n<li><a href=\"https:\/\/tracker.debian.org\/pkg\/netbeans\">Netbeans<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=837081\">#837081<\/a>): Netbeans has been crashing from time to time. It is not easy to trigger the issue but it is related to <a href=\"https:\/\/tracker.debian.org\/pkg\/java-atk-wrapper\">libatk-wrapper-java-jni<\/a> and the Accessibility ToolKit (ATK). I have cloned bug number #837081 as <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=858700\">#858700<\/a> for now because I don't think it can be fixed in Netbeans.<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my thirteenth month as a paid contributor and I have been paid to work 14,75 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>From 06. March until 13. March I was in charge of our LTS frontdesk. I triaged security issues in qbittorrent, imagemagick, freetype, glibc, vim, suricada, texlive-base, web2py, lxc, r-base, mysql-5.5, partclone, irrsi, wordpress, mupdf and php5.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/03\/msg00003.html\">DLA-846-1<\/a>. Issued a security update for libzip-ruby fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/03\/msg00010.html\">DLA-853-1<\/a>. Issued a security update for pidgin fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/03\/msg00012.html\">DLA-855-1<\/a>. Issued a security update for roundcube fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/03\/msg00017.html\">DLA-860-1<\/a>. Issued a security update for wordpress fixing 3 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/03\/msg00028.html\">DLA-870-1.<\/a> Issued a security update for libplist fixing 3 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/03\/msg00030.html\">DLA-872-1<\/a>. Issued a security update for xrdp fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/03\/msg00033.html\">DLA-875-1<\/a>. Issued a security update for php5 fixing 3 CVE.<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>March 2017 also saw a new version of <a href=\"https:\/\/tracker.debian.org\/pkg\/mediathekview\">MediathekView<\/a> (now in experimental).<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Android, Java, Games and LTS topics, this might be interesting for you. Debian Android A new upstream release of apktool was uploaded to experimental. Debian Games I packaged new upstream releases of megaglest and &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2017\/04\/03\/my-free-software-activities-in-march-2017\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in March 2017\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10159"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10159"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10159\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}