{"id":10240,"date":"2017-11-13T20:38:54","date_gmt":"2017-11-13T19:38:54","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10240"},"modified":"2017-11-13T20:38:54","modified_gmt":"2017-11-13T19:38:54","slug":"my-free-software-activities-in-october-2017","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2017\/11\/13\/my-free-software-activities-in-october-2017\/","title":{"rendered":"My Free Software Activities in October 2017"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in\u00a0 Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>I packaged a new upstream version of <a href=\"https:\/\/tracker.debian.org\/pkg\/springlobby\">springlobby<\/a>. There is even a more recent one now but I discovered that it would fail to build from source. I <a href=\"https:\/\/github.com\/springlobby\/springlobby\/issues\/800\">reported<\/a> the issue and now I am waiting for another release.<\/li>\n<li>These packages were also updated: <a href=\"https:\/\/tracker.debian.org\/pkg\/bullet\">bullet<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/tuxfootball\">tuxfootball<\/a> (#876481), <a href=\"https:\/\/tracker.debian.org\/pkg\/berusky\">berusky<\/a> (#877979), <a href=\"https:\/\/tracker.debian.org\/pkg\/spring\">spring<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/hitori\">hitori<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/trackballs\">trackballs<\/a>.<\/li>\n<li>I released a new version of <a href=\"https:\/\/tracker.debian.org\/pkg\/cube2-data\">cube2-data<\/a>, a DFSG-free version of the Sauerbraten game. This release was largely made possible thanks to the work of Nyav.<\/li>\n<li>I prepared two stable point releases of <a href=\"https:\/\/tracker.debian.org\/pkg\/berusky\">berusky<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/simutrans\">simutrans<\/a> to fix #877979 and # 869029 for users of Debian's stable distributions too. The bug in Berusky is already resolved but I'm still waiting for the confirmation to upload simutrans (#878668).<\/li>\n<li>I updated <a href=\"https:\/\/tracker.debian.org\/pkg\/wing\">wing<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/biniax2\">biniax2<\/a>. Here I discovered that biniax2 would segfault immediately at startup after recompilation. I tracked down the issue to some C code that caused undefined behavior, prepared a patch and released a fixed revision.<\/li>\n<li>I sponsored a new upstream version of <a href=\"https:\/\/tracker.debian.org\/pkg\/mupen64plus-qt\">mupen64plus-qt<\/a>.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>This month I started to work on fixing <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/pkgreport.cgi?tag=default-java9;users=debian-java@lists.debian.org\">Java9 bugs<\/a> since Java 9 shall become the new default JDK\/JRE for Buster. The bug reports were filed by Chris West who did the important work of identifying build failures and broken packages. I started with some low hanging fruits first and the following packages are now Java 9 ready: libgetopt-java, libjide-oss-java, activemq-protobuf, antelope, yecht, slashtime, colorpicker, f2j, libreadline-java, libjaxp1.3-java, jlapack, isorelax, libisrt-java, rxtx, uima-addons.<\/li>\n<li>New upstream releases this month: <a href=\"https:\/\/tracker.debian.org\/pkg\/apktool\">apktool<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-xnio\">jboss-xnio<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/okio\">okio<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/pdfsam\">pdfsam<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libsejda-java\">libsejda-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/bcel\">bcel<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/autocomplete\">autocomplete<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/mediathekview\">mediathekview<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/sweethome3d\">sweethome3d<\/a>.<\/li>\n<li>MediathekView introduced yet another build-dependency. Let's welcome <a href=\"https:\/\/tracker.debian.org\/pkg\/libokhttp-java\">libokhttp-java<\/a> in Debian.<\/li>\n<li>I upgraded <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-databind\">jackson-databind<\/a> to fix <a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2017-7525\">CVE-2017-7525.<\/a> While I was at it, I continued this work with jackson-core, jackson-annotations, jackson-dataformat-xml, jackson-jr, jackson-datatype-joda, jackson-module-jaxb-annotations, jackson-dataformat-cbor, jackson-dataformat-smile, jackson-dataformat-yaml and jackson-jaxrs-providers. I also requested <a href=\"https:\/\/bugs.debian.org\/878472\">the removal<\/a> of jackson-datatype-guava.<\/li>\n<li>More resolved RC issues: commons-io (#873118), tycho (#879250)<\/li>\n<li>Package updates: <a href=\"https:\/\/tracker.debian.org\/pkg\/mockobjects\">mockobjects<\/a> (converted from CDBS to DH) and<a href=\"https:\/\/tracker.debian.org\/pkg\/jblas\"> jblas<\/a> (RC #877225, #873212, #698176)<\/li>\n<li>The Maven 2 to Maven 3 transition caused (and still causes) a lot of fallout: I investigated the following packages with RC bugs. In most cases the issue was in another package, so the bugs could be closed but there were also packages like <a href=\"https:\/\/tracker.debian.org\/pkg\/conversant-disruptor\">conversant-disruptor<\/a> (#869002) which caused build failures unrelated to the transition. In total 15 packages were triaged or fixed: jasypt (#871195), mustache-java (#869009), libslf4j-java, apache-log4j2, conversant-disruptor, powermock(#869017), jetty9(#869021), maven-site-plugin(#869001),\u00a0 javamail(#871102), assertj-core(#871131), java-allocation-instrumenter(#869251), json-smart(#868603), sisu-guice(#868611), maven-archiver(#871069), doxia-sitetools(#875948)<\/li>\n<li>I have started to work on a new upstream version of <a href=\"https:\/\/tracker.debian.org\/pkg\/triplea\">triplea<\/a>, multiple strategy games written in Java. The update would fix a couple of bugs and make the package ready for Java 9.<\/li>\n<li>It was also <a href=\"https:\/\/lists.debian.org\/debian-java\/2017\/10\/msg00078.html\">requested<\/a> to upgrade <a href=\"https:\/\/tracker.debian.org\/pkg\/gradle\">Gradle<\/a> to version 3.4.1 at least. I have made good progress but there is more work to do.<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my twentieth month as a paid contributor and I have been paid to work 19 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. I will catch up with the remaining 1,75 hours in November. In that time I did the following:<\/p>\n<ul>\n<li>From 30. October to 05. November I was in charge of our LTS frontdesk. I triaged bugs in jasperreports, jbossas4, libstruts1.2-java, httpcomponents-client, vim, emacs23, trafficserver, async-http-client, liblouis, wordpress, apr, apr-utils, redis, nautilus, libpam4j and spip.<\/li>\n<li>I decided to mark jbossas4 as end-of-life because the Java application server was never fully packaged and the version in Wheezy is already nine years old. I investigated the open security issues in jasperreports and contacted upstream but they have not published any details yet.<\/li>\n<li>I pinged bug <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=878088\">#878088<\/a>. The reportbug maintainer still has to respond to the idea of informing the security teams when users report bugs in security uploads. I will discuss the possibility with the rest of the team, whether it is helpful to patch reportbug in Wheezy\/Jessie\/Stretch now.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/10\/msg00031.html\">DLA-1151-1<\/a> and <a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/11\/msg00003.html\">DLA-1160-1<\/a>. Issued two security updates for WordPress\u00a0 addressing 10 CVE. It was later discovered that the patch for CVE-2017-14990 was incomplete and caused a regression when using WordPress' multi-site feature. Single-site installations were not affected. The complete fix would either include a\u00a0 database upgrade or a different approach without using the new database field \"signup_id\". I reverted the patch for now and issued a regression update in <a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/11\/msg00015.html\">DLA-1151-2<\/a>.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/11\/msg00001.html\">DLA-1158-1<\/a>. Issued a security update for bchunk fixing 3 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/11\/msg00002.html\">DLA-1159-1<\/a>. Issued a security update for graphicsmagick fixing 2 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/11\/msg00007.html\">DLA-1164-1<\/a>. Issued a security update for mupdf fixing 2 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/11\/msg00008.html\">DLA-1165-1<\/a>. Issued a security update for libpam4j fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/11\/msg00010.html\">DLA-1167-1<\/a>. Issued a security update for ruby-yajl fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2017\/11\/msg00011.html\">DLA-1157-1<\/a>. I uploaded a security update for openssl. The update was prepared by Kurt Roeckx, the maintainer of openssl.<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>I prepared the security updates for libpam4j (<a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2017\/msg00287.html\">DSA-4025-1<\/a>) and bchunk (<a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2017\/msg00288.html\">DSA-4026-1<\/a>) and fixed the same issues in Sid and Buster.<\/li>\n<\/ul>\n<p>&nbsp;<br \/>\nThanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in\u00a0 Java, Games and LTS topics, this might be interesting for you. Debian Games I packaged a new upstream version of springlobby. There is even a more recent one now but I discovered that it &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2017\/11\/13\/my-free-software-activities-in-october-2017\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in October 2017\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10240"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10240"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10240\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10240"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10240"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}