{"id":10374,"date":"2018-06-04T19:46:02","date_gmt":"2018-06-04T17:46:02","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10374"},"modified":"2018-06-04T19:46:02","modified_gmt":"2018-06-04T17:46:02","slug":"my-free-software-activities-in-may-2018","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2018\/06\/04\/my-free-software-activities-in-may-2018\/","title":{"rendered":"My Free Software Activities in May 2018"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>Since Alioth is history now I picked up some random games this month, converted their SVN repositories to Git and moved them to <a href=\"https:\/\/salsa.debian.org\">salsa.debian.org<\/a>. Meanwhile I also updated those games to the latest standards in Debian. But even if they were already maintained in Git, some of them just deserved some new lease of life. Their names are: <a href=\"https:\/\/tracker.debian.org\/pkg\/openssn\">openssn<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/oneisenough\">oneisenough<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/geki2\">geki2<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/lmemory\">lmemory<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/ardentryst\">ardentryst<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/barrage\">barrage<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/asylum\">asylum<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/amphetamine\">amphetamine<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/bouncy\">bouncy<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/berusky2-data\">berusky2-data<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/phlipple\">phlipple<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/blocks-of-the-undead\">blocks-of-the-undead<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/billard-gl\">billard-gl<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/pathological\">pathological<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/freecol\">freecol<\/a>.<\/li>\n<li>I packaged new upstream releases of <a href=\"https:\/\/tracker.debian.org\/pkg\/bzflag\">bzflag<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/trackballs\">trackballs<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/enet\">enet<\/a>.<\/li>\n<li>I fixed an RC bug (import error) in <a href=\"https:\/\/tracker.debian.org\/pkg\/raincat\">raincat<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=897542\">#897542<\/a>).<\/li>\n<li>I adopted <a href=\"https:\/\/tracker.debian.org\/pkg\/pente\">pente<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/bastet\">bastet<\/a> because the former uploaders are no longer active in Debian.<\/li>\n<li>I made the quiz in <a href=\"https:\/\/tracker.debian.org\/pkg\/childsplay\">childsplay<\/a> playable again.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>Another month, another Java bug squashing party. I could triage and fix a couple of RC bugs in <a href=\"https:\/\/tracker.debian.org\/pkg\/electric\">electric<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/uddi4j\">uddi4j<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/modulator\">modulator<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libjide-oss-java\">libjide-oss-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/lucene-solr\">lucene-solr<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libhtmlparser-java\">libhtmlparser-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/mongo-java-driver\">mongo-java-driver<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libxalan2-java\">libxalan2-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libjibx1.2-java\">libjibx1.2-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/svnkit\">svnkit<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libxerces2-java\">libxerces2-java<\/a>.<\/li>\n<li>New upstream releases: <a href=\"https:\/\/tracker.debian.org\/pkg\/okio\">okio<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/wildfly-common\">wildfly-common<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-modules\">jboss-modules<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-logmanager\">jboss-logmanager<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/undertow\">undertow<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/batik\">batik<\/a>.<\/li>\n<li>Unfortunately we had to make a decision in regard to <a href=\"https:\/\/tracker.debian.org\/pkg\/undertow\">undertow<\/a> (embeddable webserver) and decided to request the removal from Stable. It is rather frequently affected by security issues but upstream often provides little information how to fix them (except of the usual \"upgrade to the latest release\" of course). I filed a bug report and asked for a better and more transparent security policy but it will probably take some time until it is implemented. In the meantime we will remove Undertow from Stable because it has no reverse-dependencies and simply saves us time for more important tasks.<\/li>\n<li>I prepared security updates for <a href=\"https:\/\/tracker.debian.org\/pkg\/batik\">batik<\/a> (DSA-4215-1),\u00a0<a href=\"https:\/\/tracker.debian.org\/pkg\/zookeeper\"> zookeeper<\/a> (DSA-4214-1)\u00a0 in Stretch and jackson-databind (<a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2018\/msg00117.html\">DSA-4190-1<\/a>) (Jessie\/Stretch).<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my twenty-seventh month as a paid contributor and I have been paid to work 24,25 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>From 21.05.2018 until 27.05.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in glusterfs, tomcat7, zookeeper, imagemagick, strongswan, radare2, batik, mupdf and graphicsmagick.<\/li>\n<li>I <a href=\"https:\/\/lists.debian.org\/debian-lts\/2018\/05\/msg00053.html\">drafted<\/a> a announcement for Wheezy's EOL that was later released as <a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/06\/msg00001.html\">DLA-1393-1<\/a> and as an official <a href=\"https:\/\/www.debian.org\/News\/2018\/20180601\">Debian news<\/a>.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/05\/msg00014.html\">DLA-1384-1<\/a>. I reviewed and uploaded xdg-utils for Abhijith PA.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/05\/msg00012.html\">DLA-1381-1<\/a>. Issued a security update for imagemagick\/Wheezy fixing 3 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/05\/msg00016.html\">DLA-1385-1<\/a>. Issued a security update for batik\/Wheezy fixing 1 CVE.<\/li>\n<li>Prepared a backport of Tomcat 7.0.88 for Jessie which fixes all open CVE (5) in Jessie. From now on we intend to provide the latest upstream releases for a specific Tomcat branch. We hope this will improve the user experience. It also allows Debian users to get more help from Tomcat developers directly because there is no significant Debian specific delta anymore. The update is pending review by the security team.<\/li>\n<li>Prepared a security update for graphicsmagick fixing 19 CVE. I also investigated CVE-2017-10794 and CVE-2017-17913 and came to the conclusion that the Jessie version is not affected. I merged and reviewed another update by L\u00e1szl\u00f3 B\u00f6sz\u00f6rm\u00e9nyi. At the moment the update is pending review by the security team. Together these updates will fix the most important issues in Graphicsmagick\/Jessie.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2018\/msg00142.html\">DSA-4214-1<\/a>. Prepared a security update for zookeeper fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2018\/msg00143.html\">DSA-4215-1<\/a>. Prepared a security update for batik\/Jessie fixing 1 CVE.<\/li>\n<li>Prepared a security update for memcached in Jessie and Stretch fixing 2 CVE. This update is also pending review by the security team.<\/li>\n<li>Finished the security update for JRuby (Jessie and Stretch) fixing 5 respectively 7 CVE. However we discovered that JRuby fails to build from source in Jessie and a fix or workaround will most likely break reverse-dependencies. Thus we have decided to mark JRuby as end-of-life in Jessie also because the version is already eight years old.<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>I reviewed and sponsored <a href=\"https:\/\/tracker.debian.org\/pkg\/xtrkcad\">xtrkcad<\/a> for J\u00f6rg Frings-F\u00fcrst.<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games Since Alioth is history now I picked up some random games this month, converted their SVN repositories to Git and moved &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2018\/06\/04\/my-free-software-activities-in-may-2018\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in May 2018\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10374"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10374"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10374\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}