{"id":10469,"date":"2018-10-09T13:06:28","date_gmt":"2018-10-09T11:06:28","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10463"},"modified":"2018-10-09T13:06:28","modified_gmt":"2018-10-09T11:06:28","slug":"my-free-software-activities-in-september-2018","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2018\/10\/09\/my-free-software-activities-in-september-2018\/","title":{"rendered":"My Free Software Activities in September 2018"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>Yavor Doganov continued his heroics in September and completed the port to GTK 3 of <a href=\"https:\/\/tracker.debian.org\/pkg\/teg\">teg<\/a>, a risk-like game. (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=907834\">#907834<\/a>) Then he went on to fix <a href=\"https:\/\/tracker.debian.org\/pkg\/gnome-breakout\">gnome-breakout<\/a>.<\/li>\n<li>I packaged a new upstream release of <a href=\"https:\/\/tracker.debian.org\/pkg\/freesweep\">freesweep<\/a>, a minesweeper game, which fixed some minor bugs but unfortunately not <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=907750\">#907750<\/a>.<\/li>\n<li>I spent most of the time this month on packaging a newer upstream version of <a href=\"https:\/\/tracker.debian.org\/pkg\/unknown-horizons\">unknown-horizons<\/a>, a strategy game similar to the old Anno games. After also upgrading the <a href=\"https:\/\/tracker.debian.org\/pkg\/fife\">fife<\/a> engine, <a href=\"https:\/\/tracker.debian.org\/pkg\/fifechan\">fifechan<\/a> and NMUing <a href=\"https:\/\/tracker.debian.org\/pkg\/python-enet\">python-enet<\/a>, the game is up-to-date again.<\/li>\n<li>More new upstream versions this month: <a href=\"https:\/\/tracker.debian.org\/pkg\/atomix\">atomix<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/springlobby\">springlobby<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/pygame-sdl2\">pygame-sdl2<\/a>, and <a href=\"https:\/\/tracker.debian.org\/pkg\/renpy\">renpy<\/a>.<\/li>\n<li>I updated <a href=\"https:\/\/tracker.debian.org\/pkg\/widelands\">widelands<\/a> to fix an incomplete appdata file (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=857644\">#857644<\/a>) and to make the desktop icon visible again.<\/li>\n<li>I enabled gconf support in <a href=\"https:\/\/tracker.debian.org\/pkg\/morris\">morris<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=908611\">#908611<\/a>) again because gconf will be supported in Buster.<\/li>\n<li><a href=\"https:\/\/tracker.debian.org\/pkg\/drascula\">Drascula<\/a>, a classic adventure game, refused to start because of changes to the <a href=\"https:\/\/tracker.debian.org\/pkg\/scummvm\">ScummVM<\/a> engine. It is working now. (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=908864\">#908864<\/a>)<\/li>\n<li>In other news I backported <a href=\"https:\/\/tracker.debian.org\/pkg\/freeorion\">freeorion<\/a> to Stretch and sponsored a new version of the <a href=\"https:\/\/tracker.debian.org\/pkg\/runescape\">runescape<\/a> wrapper for Carlos Donizete Froes.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>Only late in September I found the time to work on JavaFX but by then Emmanuel Bourg had already done most of the work and upgraded OpenJFX to version 11. We now have a couple of broken packages (again) because JavaFX is no longer tied to the JRE but is designed more like a library. Since most projects still cling to JavaFX 8 we have to fix several build systems by accommodating those new circumstances.\u00a0 Surely there will be more to report next month.<\/li>\n<li>A Ubuntu user reported that importing furniture libraries was no longer possible in <a href=\"https:\/\/tracker.debian.org\/pkg\/sweethome3d\">sweethome3d<\/a> (LP: #1773532) when it is run with OpenJDK 10. Although upstream is more interested in supporting Java 6, another user found a fix which I could apply too.<\/li>\n<li>New upstream versions this month: <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-modules\">jboss-modules<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libtwelvemonkeys-java\">libtwelvemonkeys-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/robocode\">robocode<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/apktool\">apktool<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/activemq\">activemq<\/a> (RC <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=907688\">#907688<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/cup\">cup<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/jflex\">jflex<\/a>. The cup\/jflex update required a careful order of uploads because both packages depend on each other. After I confirmed that all reverse-dependencies worked as expected, both parsers are up-to-date again.<\/li>\n<li>I submitted two point updates for <a href=\"https:\/\/tracker.debian.org\/pkg\/dom4j\">dom4j<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/tomcat-native\">tomcat-native<\/a> to fix several security issues in Stretch.<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>Firefox 60 landed in Stretch which broke all xul-* based browser plugins. I thought it made sense to backport at least two popular addons, <a href=\"https:\/\/tracker.debian.org\/pkg\/ublock-origin\">ublock-origin<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/https-everywhere\">https-everywhere<\/a>, to Stretch.<\/li>\n<li>I also prepared another security update for <a href=\"https:\/\/tracker.debian.org\/pkg\/discount\">discount<\/a> (<a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2018\/msg00223.html\">DSA-4293-1<\/a>) and uploaded\u00a0 <a href=\"https:\/\/tracker.debian.org\/pkg\/libx11\">libx11<\/a> to Stretch to fix three open CVE.<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my\u00a0thirty-first month as a paid contributor and I have been paid to work 29,25 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>From 24.09.2018 until 30.09.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in dom4j, otrs2, strongswan, python2.7, udisks2, asterisk, php-horde, php-horde-core, php-horde-kronolith, binutils, jasperreports, monitoring-plugins, percona-xtrabackup, poppler, jekyll and golang-go.net-dev.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00009.html\">DLA-1499-1<\/a>. Issued a security update for discount fixing 4 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00015.html\">DLA-1504-1<\/a>. Issued a security update for ghostscript fixing 14 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00017.html\">DLA-1506-1<\/a>. Announced a security update for intel-microcode.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00018.html\">DLA-1507-1<\/a>. Issued a security update for libapache2-mod-perl2 fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00021.html\">DLA-1510-1<\/a>. Issued a security update for glusterfs fixing 11 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00022.html\">DLA-1511-1<\/a>. Issued an update for reportbug.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00024.html\">DLA-1513-1<\/a>. Issued a security update for openafs fixing 3 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00028.html\">DLA-1517-1<\/a>. Issued a security update for dom4j fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00034.html\">DLA-1523-1<\/a>. Issued a security update for asterisk fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/09\/msg00038.html\">DLA-1527-1<\/a> and <a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/10\/msg00000.html\">DLA-1527-2<\/a>. Issued a security update for ghostscript fixing 2 CVE and corrected an incomplete fix for CVE-2018-16543 later.<\/li>\n<li>I reviewed and uploaded strongswan and otrs2 for Abhijith PA.<\/li>\n<\/ul>\n<h2>ELTS<\/h2>\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my fourth month and I have been paid to work 15\u00a0 hours on ELTS.<\/p>\n<ul>\n<li>I was in charge of our ELTS frontdesk from 10.09.2018 until 16.09.2018 and I triaged CVE in samba, activemq, chromium-browser, curl, dom4j, ghostscript, firefox-esr, elfutils, gitolite, glib2.0, glusterfs, imagemagick, lcms2, lcms, jhead, libpodofo, libtasn1-3, mgetty, opensc, openafs, okular, php5, smarty3, radare, sympa, wireshark, zsh, zziplib and intel-microcode.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-35-1-samba\/\">ELA-35-1<\/a>. Issued a security update for samba fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-36-1-curl\/\">ELA-36-1<\/a>.\u00a0Issued a security update for curl fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-37-2-openssh\/\">ELA-37-2<\/a>. Issued a regression update for openssh.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-39-1-intel-microcode\/\">ELA-39-1<\/a>. Issued a security update for intel-microcode addressing 6 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-42-1-libapache2-mod-perl2\/\">ELA-42-1<\/a>. Issued a security update for libapache2-mod-perl2 fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-45-1-dom4j\/\">ELA-45-1<\/a>. Issued a security update for dom4j fixing 1 CVE.<\/li>\n<li>I started to work on a security update for the Linux kernel which will be released shortly.<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games Yavor Doganov continued his heroics in September and completed the port to GTK 3 of teg, a risk-like game. (#907834) Then &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2018\/10\/09\/my-free-software-activities-in-september-2018\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in September 2018\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10469"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10469"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10469\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}