{"id":10486,"date":"2018-12-07T00:21:02","date_gmt":"2018-12-06T23:21:02","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10486"},"modified":"2018-12-07T00:21:02","modified_gmt":"2018-12-06T23:21:02","slug":"my-free-software-activities-in-november-2018","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2018\/12\/07\/my-free-software-activities-in-november-2018\/","title":{"rendered":"My Free Software Activities in November 2018"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>This month I packaged a new upstream Git snapshot of <a href=\"https:\/\/tracker.debian.org\/pkg\/performous\">performous<\/a>, a karaoke game, because this seemed to be the quickest route to fix a build failure and RC bug (<a href=\"https:\/\/bugs.debian.org\/914061\">#914061<\/a>) with Debian's latest Boost version. We had to overcome some portability issues later (<a href=\"https:\/\/bugs.debian.org\/914667\">#914667<\/a>, <a href=\"https:\/\/bugs.debian.org\/914688\">#914688<\/a>) and now the only blocker for a migration to testing is GCC-8 itself.<\/li>\n<li>I uploaded a new revision of <a href=\"https:\/\/tracker.debian.org\/pkg\/widelands\">widelands<\/a> to fix a FTBFS with ICU 63.1 (<a href=\"https:\/\/bugs.debian.org\/913513\">#913513<\/a>). The patch was provided by L\u00e1szl\u00f3 B\u00f6sz\u00f6rm\u00e9nyi.<\/li>\n<li>I updated the packaging of the following games without making bigger changes, just the normal \"grooming\": <a href=\"https:\/\/tracker.debian.org\/pkg\/box2d\">box2d<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/brainparty\">brainparty<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/dangen\">dangen<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/flatzebra\">flatzebra<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jester\">jester<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/etw\">etw<\/a>.<\/li>\n<li>The latest upstream release 7.1.3 of <a href=\"https:\/\/tracker.debian.org\/pkg\/renpy\">renpy<\/a>, a framework for developing visual-novel type games, is available now.<\/li>\n<li>Last but not least I backported <a href=\"https:\/\/tracker.debian.org\/pkg\/teeworlds\">teeworlds<\/a> version 0.7.0, a fun action packed 2D shooter, and its special build system <a href=\"https:\/\/tracker.debian.org\/pkg\/bam\">bam<\/a> to Stretch because the current version 0.6.0 is unable to connect to 0.7.0 servers. Now players should be able to choose between their favorite Teeworld versions.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>In November 2018 the Security Team approached us about <a href=\"https:\/\/tracker.debian.org\/pkg\/mysql-connector-java\">mysql-connector-java<\/a>, the JDBC driver for MySQL and asked whether it would be possible to replace it with <a href=\"https:\/\/tracker.debian.org\/pkg\/mariadb-connector-java\">mariadb-connector-java<\/a>. I thought that was a good idea because the latter is a drop-in-replacement with a more transparent upstream and it would save us time to do something more important than fixing security vulnerabilities twice in the future. I had to prepare some patches and filed numerous bug reports for <a href=\"https:\/\/tracker.debian.org\/pkg\/osmosis\">osmosis<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/igv\">igv<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/pegasus-wms\">pegasus-wms<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jameica\">jameica<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/lucene-solr\">lucene-solr<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/sqlline\">sqlline<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libreoffice-canzeley-client\">libreoffice-canzeley-client<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libreoffice-base-drivers\">libreoffice-base-drivers<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jython\">jython<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jclic\">jclic<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/netbeans\">netbeans<\/a>. The current status and remaining tasks are tracked with Debian bug <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=912916\">#912916<\/a>.<\/li>\n<li>For the rest of the time I mostly fixed RC bugs in <a href=\"https:\/\/tracker.debian.org\/pkg\/libpicocontainer-java\">libpicocontainer-java<\/a> (<a href=\"https:\/\/bugs.debian.org\/912547\">#912547<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/activemq\">activemq<\/a> (<a href=\"https:\/\/bugs.debian.org\/912642\">#912642<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/libjackson-json-java\">libjackson-json-java<\/a> (<a href=\"https:\/\/bugs.debian.org\/912541\">#912541<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-module-jaxb-annotations\">jackson-module-jaxb-annotations<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/lombok\">lombok<\/a> (<a href=\"https:\/\/bugs.debian.org\/910748\">#910748<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/cglib\">cglib<\/a> (<a href=\"https:\/\/bugs.debian.org\/912645\">#912645<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/scala\">scala<\/a> (<a href=\"https:\/\/bugs.debian.org\/912393\">#912393<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/libxstream-java\">libxstream-java<\/a> (<a href=\"https:\/\/bugs.debian.org\/912377\">#912377<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/javafxsvg\">javafxsvg<\/a> (<a href=\"https:\/\/bugs.debian.org\/893345\">#893345<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-dataformat-xml\">jackson-dataformat-xml<\/a> (<a href=\"https:\/\/bugs.debian.org\/913840\">#913840<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/controlsfx\">controlsfx<\/a> (<a href=\"https:\/\/bugs.debian.org\/911858\">#911858<\/a>) and <a href=\"https:\/\/tracker.debian.org\/pkg\/h2database\">h2database<\/a> (<a href=\"https:\/\/bugs.debian.org\/913565\">#913565<\/a>).<\/li>\n<li>Later I could also package a new upstream version of <a href=\"https:\/\/tracker.debian.org\/pkg\/activemq\">activemq<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-modules\">jboss-modules<\/a>, but more importantly <a href=\"https:\/\/tracker.debian.org\/pkg\/mediathekview\">mediathekview<\/a>, my pet peeve, so to speak. \ud83d\ude42<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>I sponsored another update of <a href=\"https:\/\/tracker.debian.org\/pkg\/android-platform-system-core\">android-platform-system-core<\/a> for Kai-Chung Yan. From now on that should be no longer necessary because he is a Debian Developer now. Congratulations!<\/li>\n<li>I packaged a new upstream release of <a href=\"https:\/\/tracker.debian.org\/pkg\/https-everywhere\">https-everywhere<\/a>, a very useful Firefox\/Chromium addon.<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my\u00a0thirty-third month as a paid contributor and I have been paid to work 30 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>From 19.11.2018 until 25.11.2018\u00a0 I was in charge of our LTS frontdesk. I investigated and triaged CVE in jasper, gnome-keyring, keepalived, otrs2, gnuplot, gnuplot5, ncurses, sysstat, php5, uw-imap, eclipse and apktool.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00005.html\">DLA-1568-1<\/a>. Issued a security update for curl fixing 5 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00023.html\">DLA-1583-1<\/a>. Issued a security update for jasper fixing 5 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00028.html\">DLA-1592-1<\/a>. Issued a security update for otrs2 fixing 2 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00029.html\">DLA-1593-1<\/a>. Issued a security update for phpbb3 fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00036.html\">DLA-1598-1<\/a>. Issued a security update for ghostscript fixing 4 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00037.html\">DLA-1600-1<\/a>. Issued a security update for libarchive fixing 12 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/12\/msg00000.html\">DLA-1603-1<\/a>. Issued a security update for suricata fixing 4 CVE.<\/li>\n<li>I reviewed the openssl update which was later released as <a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00024.html\">DLA 1586-1<\/a>.<\/li>\n<li>I also reviewed and sponsored <a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00032.html\">squid3<\/a>, <a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00033.html\">icecast2<\/a> and <a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/11\/msg00034.html\">keepalived<\/a> for Abhijith PA.<\/li>\n<\/ul>\n<h2>ELTS<\/h2>\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my sixth month and I have been paid to work 15\u00a0 hours on ELTS.<\/p>\n<ul>\n<li>I was in charge of our ELTS frontdesk from 19.11.2018 until 25.11.2018 and I triaged CVE in git, sysstat, suricata, libarchive and jasper.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-62-1-libarchive\/\">ELA-62-1<\/a>.\u00a0 Issued a security update for libarchive fixing 3 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-64-1-suricata\/\">ELA-64-1<\/a>.\u00a0 Issued a security update for suricata fixing 4 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-65-1-jasper\/\">ELA-65-1<\/a>.\u00a0 Issued a security update for jasper fixing 9 CVE.<\/li>\n<li>Since upstream development of jasper has slowed down and many bugs remain without a response, I wrote the patches for <a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-18873\">CVE-2018-18873<\/a>, <a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-19539\">CVE-2018-19539<\/a> and <a href=\"https:\/\/security-tracker.debian.org\/tracker\/CVE-2018-19542\">CVE-2018-19542<\/a> myself. I will look into the remaining issues in December.<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games This month I packaged a new upstream Git snapshot of performous, a karaoke game, because this seemed to be the quickest &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2018\/12\/07\/my-free-software-activities-in-november-2018\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in November 2018\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10486"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10486"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10486\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}