{"id":10534,"date":"2019-06-11T22:27:36","date_gmt":"2019-06-11T20:27:36","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10534"},"modified":"2019-06-11T22:27:36","modified_gmt":"2019-06-11T20:27:36","slug":"my-free-software-activities-in-may-2019","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2019\/06\/11\/my-free-software-activities-in-may-2019\/","title":{"rendered":"My Free Software Activities in May 2019"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>Like in previous release cycles I published a new version of <a href=\"https:\/\/tracker.debian.org\/pkg\/debian-games\">debian-games<\/a> at the end to incorporate the latest archive changes. Unfortunately, Netbeans, the Java IDE, cuyo and holdingnuts didn't make it and I demoted them to Suggests.<\/li>\n<li>A longstanding graphical issue (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=871223\">#871223<\/a>) was resolved in <a href=\"https:\/\/tracker.debian.org\/pkg\/neverball\">Neverball<\/a> where stars in goal points were displayed as squares. As usual something (OpenGL-related?) must have changed somewhere but in the end the installation of some missing png files made the difference. How it worked without them before remains a mystery.<\/li>\n<li>I sponsored two uploads which were later unblocked for Buster. Bernat reported a crash in <a href=\"https:\/\/tracker.debian.org\/pkg\/etw\">etw<\/a>, a football simulation game ported from the AMIGA. Fortunately Steinar H. Gunderson could provide a patch quickly. (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=928240\">#928240<\/a>)<\/li>\n<li>A rebuild of <a href=\"https:\/\/tracker.debian.org\/pkg\/marsshooter\">marsshooter<\/a>, a great looking space shooter with an awesome soundtrack, may have been the trigger for a segmentation fault. Jacob Nevins stumbled over it and Bernhard \u00dcbelacker provided a patch to fix missing return statements.\u00a0 (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=929513\">#929513<\/a>)<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>I provided a security update for <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-databind\">jackson-databind<\/a> to fix CVE-2019-12086 (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=929177\">#929177<\/a>) in Buster and prepared DSA-4452-1 to fix the remaining 11 CVE in Stretch.<\/li>\n<li>Unfortunately <a href=\"https:\/\/tracker.debian.org\/pkg\/netbeans\">Netbeans<\/a> will not be in Buster. There were at least two issues why I could not recommend our Debian version, clear regressions in comparison to the version in Stretch. I found it odd that the severest one was fixed in Ubuntu shortly after the removal from testing. I surely would have appreciated the patch for Debian too. At the moment I don't believe I will continue to work on Netbeans, very time consuming to get it in shape for Debian, too many dependencies, where the slightest changes in r-deps may cause bugs in Netbeans, nobody else in the Java team is really interested and most Java developers probably install the upstream version. A really bad combination.<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>As promised I uploaded a new upstream release of <a href=\"https:\/\/tracker.debian.org\/pkg\/ublock-origin\">ublock-origin<\/a> to experimental.<\/li>\n<li>I fixed CVE-2018-19105, <a href=\"https:\/\/tracker.debian.org\/pkg\/librecad\">librecad<\/a> (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=928477\">#928477<\/a>) in Buster and Stretch (<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=929246\">#929246<\/a>)<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my\u00a0thirty-ninth month as a paid contributor and I have been paid to work 18 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>I investigated CVE-2019-0227, axis and suggested to mark it as unimportant. I triaged CVE-2019-0227, ampache as no-dsa for Jessie.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/05\/msg00030.html\">DLA-1798-1<\/a>. Issued a security update for jackson-databind fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/05\/msg00036.html\">DLA-1804-1<\/a>. Issued a security update for curl fixing 1 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/06\/msg00004.html\">DLA-1816-1<\/a>. Issued a security update for otrs2 fixing 2 CVE.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/05\/msg00031.html\">DLA-1753-3<\/a>. Issued a regression update for proftpd-dfsg. When the creation of a directory failed during sftp transfer, the sftp session would be terminated instead of failing gracefully due to a non-existing debug logging function.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/06\/msg00009.html\">DLA-1821-1<\/a>. I'm currently testing the next security update of phpmyadmin. I triaged or fixed 19 CVE.<\/li>\n<\/ul>\n<h2>ELTS<\/h2>\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my twelfth month and I have been paid to work 8 hours on ELTS (15 hours were allocated). I intend to use the remaining hours in June.<\/p>\n<ul>\n<li>I investigated three CVE in pacemaker, CVE-2018-16877, CVE-2018-16878, CVE-2019-3885 and found that none of them affected Wheezy.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-127-1-linux\/\">ELA-127-1<\/a>. Issued a security update for linux and linux-latest fixing 15 CVE.<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games Like in previous release cycles I published a new version of debian-games at the end to incorporate the latest archive changes. &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2019\/06\/11\/my-free-software-activities-in-may-2019\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in May 2019\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10534"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10534"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10534\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10534"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}