{"id":10448,"date":"2018-09-05T18:16:32","date_gmt":"2018-09-05T16:16:32","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10448"},"modified":"2018-09-05T18:16:32","modified_gmt":"2018-09-05T16:16:32","slug":"my-free-software-activities-in-august-2018","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2018\/09\/05\/my-free-software-activities-in-august-2018\/","title":{"rendered":"My Free Software Activities in August 2018"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>Really good news this month as Yavor Doganov provided patches for\u00a0 <a href=\"https:\/\/tracker.debian.org\/pkg\/gamazons\">gamazons<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=885735\">#885735<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/gnomekiss\">gnomekiss<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=885740\">#885740<\/a>) and <a href=\"https:\/\/tracker.debian.org\/pkg\/teg\">teg<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=885751\">#885751<\/a>) which all depended on obsolete GNOME 2 libraries. He succeeded in porting them to GooCanvas and GNOME 3. We are currently aware of some issues in Teg (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=907834\">#907834<\/a>) and would appreciate more feedback from game testers. In any case this was a non-trivial feat and many thanks go to Yavor who prevented the removal of three games from Debian.<\/li>\n<li>I applied a patch from Adrian Bunk which made <a href=\"https:\/\/tracker.debian.org\/pkg\/freeorion\">FreeOrion<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906746\">#906746<\/a>) more portable and packaged the latest and greatest release 0.4.8 later.<\/li>\n<li>I fixed a broken start script in <a href=\"https:\/\/tracker.debian.org\/pkg\/freecol\">FreeCol<\/a> due to OpenJDK 10 changes. (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=907661\">#907661<\/a>)<\/li>\n<li>The <a href=\"https:\/\/tracker.debian.org\/pkg\/spring\">Spring<\/a> RTS engine was affected by a GCC-8 RC bug. (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906409\">#906409<\/a>)<\/li>\n<li>I backported <a href=\"https:\/\/tracker.debian.org\/pkg\/freeciv\">FreeCiv<\/a> 2.6.0 to Stretch.<\/li>\n<li>I updated some games to the latest standards in Debian, made some minor changes and applied patches to fix FTCBFS bugs or build failures due to a missing libm library. Those issues were solved in <a href=\"https:\/\/tracker.debian.org\/pkg\/tenmado\">tenmado<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/supertransball2\">supertransball2<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=902537\">#902537<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/seahorse-adventures\">seahorse-adventures<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/empire\">empire<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=900197\">#900197<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/phlipple\">phlipple<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=907207\">#907207<\/a>) and <a href=\"https:\/\/tracker.debian.org\/pkg\/ace-of-penguins\">ace-of-penguins<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=900200\">#900200<\/a>).<\/li>\n<li>I sponsored <a href=\"https:\/\/tracker.debian.org\/pkg\/mupen64plus-qt\">mupen64plus-qt<\/a> for Dan Hastings.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>I made some minor updates for the Java Packaging guide and <a href=\"https:\/\/gambaru.de\/blog\/2018\/09\/04\/wiki-debian-org-the-java-packaging-guide\/\">announced<\/a> its existence here on this blog.<\/li>\n<li>I packaged new upstream releases and fixed some serious issues in <a href=\"https:\/\/tracker.debian.org\/pkg\/libmiglayout-java\">libmiglayout-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/wildfly-client-config\">wildfly-client-config<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/h2database\">h2database<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=902787\">#902787<\/a>),<a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-dataformat-xml\"> jackson-dataformat-xml<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906368\">#906368<\/a>),<a href=\"https:\/\/tracker.debian.org\/pkg\/libcommons-compress-java\"> libcommons-compress-java<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906301\">#906301<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/xmlgraphics-commons\">xmlgraphics-commons<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906523\">#906523<\/a>) and <a href=\"https:\/\/tracker.debian.org\/pkg\/tomcat8\">tomcat8<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906447\">#906447<\/a>).<\/li>\n<li>We still have <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/pkgreport.cgi?which=maint&amp;data=pkg-java-maintainers%40lists.alioth.debian.org&amp;archive=no&amp;pend-exc=done&amp;sev-inc=critical&amp;sev-inc=grave&amp;sev-inc=serious\">about 100 RC<\/a> bugs to fix at the moment. As usual there are still <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/pkgreport.cgi?users=debian-java@lists.debian.org;tag=default-java9\">Java 9<\/a> and <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/pkgreport.cgi?users=debian-java@lists.debian.org;tag=default-java10\">Java 10<\/a> issues (and soon I'm sure Java 11). This month I triaged and fixed RC bugs in <a href=\"https:\/\/tracker.debian.org\/pkg\/spatial4j-0.4\">spatial4j-0.4<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=902789\">#902789<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/plexus-archiver\">plexus-archiver<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906396\">#906396<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/zookeeper\">zookeeper<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=897892\">#897892<\/a> prepared by tony mancill), <a href=\"https:\/\/tracker.debian.org\/pkg\/simple-xml\">simple-xml<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=888547\">#888547<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/axis\">axis<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=902861\">#902861<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/asm\">asm<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=902570\">#902570<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/jnr-posix\">jnr-posix<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=901044\">#901044<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/mina2\">mina2<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=907001\">#907001<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/disruptor\">disruptor<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906347\">#906347<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/libreadline-java\">libreadline-java<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=898380\">#898380<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/gnome-split\">gnome-split<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=893201\">#893201<\/a>) and <a href=\"https:\/\/tracker.debian.org\/pkg\/lucene-solr\">lucene-solr<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906384\">#906384<\/a>, <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=904063\">#904063<\/a>).<\/li>\n<li>I applied a patch from Bdale Garbee and lowered the minimum required source\/target level to 1.6 in <a href=\"https:\/\/tracker.debian.org\/pkg\/ant\">Ant<\/a> again since we know that OpenJDK 11 will support that. However we will have to revert to 1.7 again because OpenJDK 12 will drop support for Java 6 in the future.<\/li>\n<li>I completed a security update for Tomcat 8. It was issued by the security team as <a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2018\/msg00211.html\">DSA 4281-1.<\/a><\/li>\n<li>I packaged a new build-dependency for <a href=\"https:\/\/tracker.debian.org\/pkg\/mediathekview\">mediathekview<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libmbassador-java\">libmbassador-java<\/a>. The update also requires a working JavaFX package and probably one or two additional packages. I intend to work on JavaFX in September.<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>I NMUed <a href=\"https:\/\/tracker.debian.org\/pkg\/ruby-zip\">ruby-zip<\/a> to fix RC bug (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=902720\">#902720<\/a>) and <a href=\"https:\/\/tracker.debian.org\/pkg\/libcgroup\">libcgroup<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=906308\">#906308<\/a>) and uploaded the fix for the latter to Stretch as well. (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=907386\">#907386<\/a>)<\/li>\n<li>I updated <a href=\"https:\/\/tracker.debian.org\/pkg\/byzanz\">byzanz<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/pyblosxom\">pyblosxom<\/a> and moved them to salsa.debian.org.<\/li>\n<li>I packaged a new upstream release of the <a href=\"https:\/\/tracker.debian.org\/pkg\/https-everywhere\">https-everywhere<\/a> browser extension.<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my\u00a0thirtieth month as a paid contributor and I have been paid to work 23,75 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>From 13.08.2018 until 19.08.2018 and from 27.08.2018 until 02.09.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in intel-microcode, bind9, confuse, libykneomgr, mp4v2, gdm3, wesnoth-1.10, ruby-zip, otrs2, mathjax, mono, tcpflow, bluez, openssh, mariadb-10.0, tomcat-native, wordpress, thunderbird, spice, spice-gtk, libextractor, postgresql-9.1, libcgroup, zutils, soundtouch, squirrelmail, git-annex, ghostscript, libpgjava, elfutils, libpodofo, libtirpc, libxkbcommon, libtasn1-6, cinder, 389-ds-base, wireshark, php5, libzypp, imagemagick, kfreebsd-10, tiff, discount and polarssl.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/08\/msg00013.html\">DLA-1467-1<\/a>.\u00a0 Issued a security update for ruby-zip fixing 1 CVE.<\/li>\n<li>I worked on gdm3 to fix <a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-14424\">CVE-2018-14424<\/a>.\u00a0 I backported the patch to Jessie but could still trigger a session restart with the POC. Since there is no crash and the session is completely restored, we believe now that this is the intended behavior.\u00a0 I also <a href=\"https:\/\/lists.debian.org\/debian-lts\/2018\/08\/msg00086.html\">tried to contact<\/a> Chris Coulson, the original bug reporter, for further advice but have not received a reply yet. If we don't discover another issue we will release a DLA for gdm3 in September.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/08\/msg00019.html\">DLA-1472-1<\/a>. Issued a security update for libcgroup fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/08\/msg00021.html\">DLA-1473-1<\/a>. Issued a security update for otrs2 fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/08\/msg00030.html\">DLA-1482-1<\/a>. Issued a security update for libx11 fixing 3 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/08\/msg00023.html\">DLA-1475-1<\/a>. Issued a security update for tomcat-native fixing 2 CVE.<\/li>\n<li>I am still working on a security update for ghostscript. I have already backported the majority of patches to Jessie to fix a <a href=\"https:\/\/www.kb.cert.org\/vuls\/id\/332928\">serious sandboxing issue<\/a> with the -dSAFER mode.\u00a0 More patches are required to fix the problem and only yesterday more CVE were assigned to them.<\/li>\n<\/ul>\n<h2>ELTS<\/h2>\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my third month and I have been paid to work 12\u00a0 hours on ELTS.<\/p>\n<ul>\n<li>I was in charge of our ELTS frontdesk from 13.08.2018 until 19.08.2018 and I triaged CVE in intel-microcode, azureus, gdm3, couchdb, lxc, squirrelmail, wordpress, wpa, xen, tomcat7, firmware-nonfree, postgresql-9.1, apache2, bluez, dojo, libcommons-compress-java, spice, spice-gtk, tomcat-native, libcgroup, libx11 and samba.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-21-1-openssl\/\">ELA-21-1<\/a>. Issued a security update for openssl fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-27-1-tomcat7\/\">ELA-27-1<\/a>. Issued a security update for tomcat7 fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-28-1-tomcat-native\/\">ELA-28-1<\/a>. Issued a security update for tomcat-native fixing 2 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-20-2-busybox\/\">ELA-20-2<\/a>. Issued a regression update for busybox.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-29-1-postgresql-9.1\/\">ELA-29-1<\/a>. Issued a security update for postgresql-9.1 fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-30-1-libx11\/\">ELA-30-1<\/a>. Issued a security update for libx11 fixing 3 CVE.<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games Really good news this month as Yavor Doganov provided patches for\u00a0 gamazons (#885735), gnomekiss (#885740) and teg (#885751) which all depended &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2018\/09\/05\/my-free-software-activities-in-august-2018\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in August 2018\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10448"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10448"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10448\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10448"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10448"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}