{"id":10492,"date":"2019-01-09T20:43:29","date_gmt":"2019-01-09T19:43:29","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10492"},"modified":"2019-01-09T20:43:29","modified_gmt":"2019-01-09T19:43:29","slug":"my-free-software-activities-in-december-2018","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2019\/01\/09\/my-free-software-activities-in-december-2018\/","title":{"rendered":"My Free Software Activities in December 2018"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>I used this month to polish some of my team-maintained packages and to slightly improve the debian packaging in <a href=\"https:\/\/tracker.debian.org\/pkg\/openyahtzee\">openyahtzee<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/monopd\">monopd<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/opencity\">opencity<\/a>, <a href=\"http:\/\/pangzero\">pangzero<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/powermanga\">powermanga<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/ri-li\">ri-li<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/tecnoballz\">tecnoballz<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/whichwayisup\">whichwayisup<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/atanks\">atanks<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/ufoai\">ufoai<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/dreamchess\">dreamchess<\/a>.<\/li>\n<li>I fixed RC bug <a href=\"https:\/\/bugs.debian.org\/915453\">#915453<\/a> in <a href=\"https:\/\/tracker.debian.org\/pkg\/supertuxkart\">supertuxkart<\/a>.<\/li>\n<li>I released a new version of <a href=\"https:\/\/tracker.debian.org\/pkg\/debian-games\">debian-games<\/a>,\u00a0 a collection of metapackages to ease the installation of games in Debian. I plan to do another update in January. This one will then almost be the final state for Buster but there is usually another last minor update during deep freeze to include even the latest changes.<\/li>\n<li>I also packaged a new upstream version of <a href=\"https:\/\/tracker.debian.org\/pkg\/enemylines3\">enemylines3<\/a>, which was merely a bug fix release though. Nevertheless I could drop two Debian patches. Yeah.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>I guess it's fair to say that we are on the finishing straight now. Netbeans 10 was finally released on December 27th and I try to make little steps each day to complete the update still in time for Buster.<\/li>\n<li>I fixed an RC bug in <a href=\"https:\/\/tracker.debian.org\/pkg\/activemq\">activemq<\/a> caused by obsolete symlinks (<a href=\"https:\/\/bugs.debian.org\/916777\">#916777<\/a>) and another RC issue in <a href=\"https:\/\/tracker.debian.org\/pkg\/syncany\">syncany<\/a>. (<a href=\"https:\/\/bugs.debian.org\/916609\">#916609<\/a>)<\/li>\n<li>New upstream versions this month: <a href=\"https:\/\/tracker.debian.org\/pkg\/easymock\">easymock<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/intellij-annotations\">intellij-annotations<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libpdfbox2-java\">libpdfbox2-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/okio\">okio<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libokhttp-java\">libokhttp-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-dataformat-xml\">jackson-dataformat-xml<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/pdfsam\">pdfsam<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libsambox-java\">libsambox-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libsejda-java\">libsejda-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libsejda-io-java\">libsejda-io-java<\/a>.<\/li>\n<li>I also packaged the latest stable version of <a href=\"https:\/\/tracker.debian.org\/pkg\/jackrabbit\">jackrabbit<\/a>, however it turned out that it would make davmail unusable (<a href=\"https:\/\/bugs.debian.org\/917174\">#917174<\/a>) which is why I later decided to revert this change again. Although the real issue here is that <a href=\"https:\/\/tracker.debian.org\/pkg\/davmail\">davmail<\/a> should be updated by upstream to use a more current version of jackrabbit (and httpclient <a href=\"https:\/\/bugs.debian.org\/917175\">#917175<\/a>), there was no compelling reason to remove davmail from testing.<\/li>\n<li>I prepared a security update for <a href=\"https:\/\/tracker.debian.org\/pkg\/c3p0\">c3p0<\/a> (<a href=\"https:\/\/bugs.debian.org\/917257\">#917257<\/a>, CVE-2018-20433) and uploaded it to unstable, Jessie (<a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/12\/msg00021.html\">DLA-1621-1<\/a>) and Stretch (<a href=\"https:\/\/bugs.debian.org\/917560\">#917560<\/a>).<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>I updated <a href=\"https:\/\/tracker.debian.org\/pkg\/osmo\">osmo<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/tofrodos\">tofrodos<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/iftop\">iftop<\/a> and applied a patch by Andreas Henriksson for <a href=\"https:\/\/tracker.debian.org\/pkg\/wbar\">wbar<\/a> to\u00a0 fix a reproducibility issue on merged-usr systems.<\/li>\n<li>The browser extension <a href=\"https:\/\/tracker.debian.org\/pkg\/privacybadger\">privacybadger<\/a> was updated to version 2018.12.17.<\/li>\n<li>I prepared a security update of <a href=\"https:\/\/tracker.debian.org\/pkg\/libarchive\">libarchive<\/a> for Stretch released as <a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2018\/msg00293.html\">DSA-4360-1<\/a>.<\/li>\n<li>I reported a FTBFS that got recently fixed in <a href=\"https:\/\/tracker.debian.org\/pkg\/moria\">moria<\/a>. (<a href=\"https:\/\/bugs.debian.org\/916030\">#916030<\/a>)<\/li>\n<\/ul>\n<h2>NMU<\/h2>\n<ul>\n<li>I NMUed three games to fix open RC bugs: <a href=\"https:\/\/tracker.debian.org\/pkg\/gltron\">gltron<\/a> (<a href=\"https:\/\/bugs.debian.org\/897760\">#897760<\/a>), <a href=\"https:\/\/tracker.debian.org\/pkg\/mudlet\">mudlet<\/a> (<a href=\"https:\/\/bugs.debian.org\/907159\">#907159<\/a>) and <a href=\"https:\/\/tracker.debian.org\/pkg\/zatacka\">zatacka<\/a> (<a href=\"https:\/\/bugs.debian.org\/891778\">#891778<\/a> patch by Bernhard \u00dcbelacker).<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my\u00a0thirty-fourth month as a paid contributor and I have been paid to work 30 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>From 17.12.2018 until 06.01.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in graphiscmagick, sqlite3, libvncserver, pspp, yara, terminology, sssd, libarchive, freecol, rabbitmq-server, hoteldruid, libraw, nagios3, gnupg2, igraph, python3.4, radare2, imagemagick, tar, poppler, tcpreplay,\u00a0 libcaca, binutils, liblas, mxml, jasper, aria2, systemd, libpff, libsixel, libspring-security-2.0-java, nasm, yaml-cpp and yaml-cpp0.3.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/01\/msg00006.html\">DLA-1630-1<\/a>. I triaged and investigated 39 CVE in libav. Later I issued a security update for libav fixing 14 of them.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/12\/msg00011.html\">DLA-1612-1<\/a>. Issued a security update for libarchive fixing 2 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/12\/msg00014.html\">DLA-1615-1<\/a>. Issued a security update for nagios3 fixing 5 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2018\/12\/msg00015.html\">DLA-1616-1<\/a>. Issued a security update for libextractor fixing 2 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/01\/msg00003.html\">DLA-1628-1<\/a>. Issued a security update for jasper fixing 8 CVE (announced 9). It turned out that CVE-2018-19139 has not been fixed yet.<\/li>\n<\/ul>\n<h2>ELTS<\/h2>\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my seventh month and I have been paid to work 15 hours on ELTS.<\/p>\n<ul>\n<li>I was in charge of our ELTS frontdesk from 17.12.2018 until 06.01.2019 and I triaged CVE in libarchive, gnutls26, rabbitmq-server, binutils, wget, tar, krb5, jasper and systemd.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-72-1-jasper\/\">ELA-72-1<\/a>. Issued a security update for jasper fixing 5 CVE. I analyzed the remaining open issues, prepared patches myself and <a href=\"https:\/\/github.com\/mdadams\/jasper\/issues\/182#issuecomment-451109657\">forwarded them<\/a> upstream.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-73-1-libcaca\/\">ELA-73-1<\/a>. Issued a security update for libcaca fixing 4 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-74-1-sqlite3\/\">ELA-74-1<\/a>. Issued a security update for sqlite3 fixing 3 CVE.<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games I used this month to polish some of my team-maintained packages and to slightly improve the debian packaging in openyahtzee, monopd, &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2019\/01\/09\/my-free-software-activities-in-december-2018\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in December 2018\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10492"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10492"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10492\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}