{"id":10501,"date":"2019-02-12T00:40:44","date_gmt":"2019-02-11T23:40:44","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10501"},"modified":"2019-02-12T00:40:44","modified_gmt":"2019-02-11T23:40:44","slug":"my-free-software-activities-in-january-2019","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2019\/02\/12\/my-free-software-activities-in-january-2019\/","title":{"rendered":"My Free Software Activities in January 2019"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>Time's almost up and the soft freeze is near. In January I packaged a couple of new upstream versions for <a href=\"https:\/\/tracker.debian.org\/pkg\/teeworlds\">Teeworlds<\/a> (0.7.2), <a href=\"https:\/\/tracker.debian.org\/pkg\/neverball\">Neverball<\/a> (this one was a Git snapshot because they apparently don't like regular releases), <a href=\"https:\/\/tracker.debian.org\/pkg\/cube2-data\">cube2-data<\/a> (easy, because I am upstream myself), <a href=\"https:\/\/tracker.debian.org\/pkg\/adonthell\">adonthell<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/adonthell-data\">adonthell-data<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/fifechan\">fifechan<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/fife\">fife<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/unknown-horizons\">unknown-horizons<\/a>.<\/li>\n<li>After I uploaded the latest Teeworlds release to stretch-backports too, I sponsored <a href=\"https:\/\/tracker.debian.org\/pkg\/pegsolitaire\">pegsolitaire<\/a> for Juhani Numminen and a shiny new <a href=\"https:\/\/tracker.debian.org\/pkg\/supertux\">Supertux<\/a> release for Reiner Herrmann.<\/li>\n<li>I updated <a href=\"https:\/\/tracker.debian.org\/pkg\/kxl\">KXL<\/a>, the Kacchan X Windows System Library. You have never heard of it? Well, never mind. However it powers three Debian games.<\/li>\n<li>Last but not least I updated <a href=\"https:\/\/tracker.debian.org\/pkg\/btanks\">btanks<\/a>,\u00a0 your fast 2D tank arcade game.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>I spent a lot of time this month to get <a href=\"https:\/\/tracker.debian.org\/pkg\/netbeans\">Netbeans<\/a> into shape again.\u00a0 All patches had to be rebased and a new version of <a href=\"https:\/\/tracker.debian.org\/pkg\/libnb-javaparser-java\">libnb-javaparser-java<\/a> (RC, #893264) was needed. In the end <a href=\"https:\/\/tracker.debian.org\/pkg\/libnb-platform18-java\">libnb-platform18-java<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/visualvm\">visualvm<\/a> could be fixed as well. There are still some bugs I am aware of.\u00a0 I hope some of them can be fixed in time.<\/li>\n<li>New upstream releases this month: <a href=\"https:\/\/tracker.debian.org\/pkg\/qdox2\">qdox2<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-modules\">jboss-modules<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-threads\">jboss-threads<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/sweethome3d\">sweethome3d<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/sweethom3d-furniture-editor\">sweethome3d-furniture-editor<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/sweethome3d-textures-editor\">sweethome3d-textures-editor<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/pdfsam\">pdfsam<\/a>.<\/li>\n<li>I reverted the last update of <a href=\"https:\/\/tracker.debian.org\/pkg\/jackrabbit\">jackrabbit<\/a> to work around the FTBFS in <a href=\"https:\/\/tracker.debian.org\/pkg\/davmail\">davmail<\/a> (#917174).<\/li>\n<li>I removed the build-dependency on libandroid-23-java which solved RC bug #918282 in <a href=\"https:\/\/tracker.debian.org\/pkg\/libokhttp-java\">libokhttp-java<\/a>.<\/li>\n<li>After some discussions I hope<a href=\"https:\/\/tracker.debian.org\/pkg\/lwjgl\"> lwjgl<\/a>, a lightweight game library written in Java,\u00a0 (RC, #912631), is usable again.<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>I packaged new upstream releases of <a href=\"https:\/\/tracker.debian.org\/pkg\/xarchiver\">xarchiver<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/ublock-origin\">ublock-origin<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/binaryen\">binaryen<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/wabt\">wabt<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/https-everywhere\">https-everywhere<\/a>.<\/li>\n<li><a href=\"https:\/\/tracker.debian.org\/pkg\/iftop\">Iftop<\/a> supports multi-gigabit interfaces now. (#918758)<\/li>\n<li>I requested the removal of <a href=\"https:\/\/tracker.debian.org\/pkg\/mysql-connector-java\">mysql-connector-java<\/a>. (#920703)<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my\u00a0thirty-fifth month as a paid contributor and I have been paid to work 20,5 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>From 28.01.2019 until 03.02.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in mupdf, coturn, php5, netkit-rsh, guacamole-client, openjdk-7, python-numpy, python-gnupg, muble, mysql-connector-python, enigmail, python-colander, slurml-llnl, sox, uriparser, and drupal7.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/01\/msg00007.html\">DLA-1631-1.<\/a> Issued a security update for libcaca fixing 4 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/01\/msg00009.html\">DLA-1633-1<\/a>. Issued a security update for sqlite3 fixing 5 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/01\/msg00027.html\">DLA-1650-1<\/a>. Issued a security update for rssh fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/02\/msg00001.html\">DLA-1656-1<\/a>. Issued a security update for agg fixing 1 CVE. This one required a sourceful upload of desmume and exactimage as well because agg provides only a static library.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/02\/msg00008.html\">DLA-1662-1<\/a>. Issued a security update for libthrift-java fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/02\/msg00019.html\">DLA-1673-1<\/a>. Issued a security update for wordpress fixing 7 CVE.<\/li>\n<\/ul>\n<h2>ELTS<\/h2>\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my eight month and I have been paid to work 15 hours on ELTS.<\/p>\n<ul>\n<li>I was in charge of our ELTS frontdesk from 28.01.2019 until 03.02.2019 and I triaged CVE in php5 and systemd.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-81-1-systemd\/\">ELA-81-1<\/a>. Issued a security update for systemd fixing 2 CVE. I investigated CVE-2018-16865 and found that systemd was not exploitable. I marked <span id=\"LC2543\" class=\"line\" lang=\"plaintext\">CVE-2018-16864<\/span>, <span id=\"LC2545\" class=\"line\" lang=\"plaintext\">CVE-2018-16866<\/span> and <span id=\"LC2547\" class=\"line\" lang=\"plaintext\">CVE-2018-15688<\/span> as &lt;not-affected&gt; because the vulnerable code was introduced later.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-83-1-php5\/\">ELA-83-1<\/a>. Issued a security update for php5\u00a0 fixing 7 upstream bugs. No CVE have been assigned yet but upstream intends to do so shortly.<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games Time&#8217;s almost up and the soft freeze is near. In January I packaged a couple of new upstream versions for Teeworlds &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2019\/02\/12\/my-free-software-activities-in-january-2019\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in January 2019\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10501"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10501"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10501\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}