{"id":10559,"date":"2019-09-11T00:37:47","date_gmt":"2019-09-10T22:37:47","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10559"},"modified":"2019-09-11T00:37:47","modified_gmt":"2019-09-10T22:37:47","slug":"my-free-software-activities-in-august-2019","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2019\/09\/11\/my-free-software-activities-in-august-2019\/","title":{"rendered":"My Free Software Activities in August 2019"},"content":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n<h2>Debian Games<\/h2>\n<ul>\n<li>The new month began as the old one ended: with some great porting efforts to Python 3 and more bug fixes from Reiner Herrmann! I reviewed and sponsored <a href=\"https:\/\/tracker.debian.org\/pkg\/monsterz\">monsterz<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/oneisenough\">oneisenough<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/pathological\">pathological<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/pyracerz\">pyracerz<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/dd2\">dd2<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/freedroidrpg\">freedroidrpg<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/blockout2\">blockout2<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/hyperrogue\">hyperrogue<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/freegish\">freegish<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/liquidwar\">liquidwar<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/openpref\">openpref<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/yabause\">yabause<\/a>.<\/li>\n<li>I replaced the build-dependency on libwxgtk3.0-dev in <a href=\"https:\/\/tracker.debian.org\/pkg\/springlobby\">springlobby<\/a> with libwxgtk3.0-gtk3-dev (#933460) and uploaded <a href=\"https:\/\/tracker.debian.org\/pkg\/auralquiz\">auralquiz<\/a> to switch to phonon4qt5.<\/li>\n<li>I packaged new upstream releases of <a href=\"https:\/\/tracker.debian.org\/pkg\/blockattack\">blockattack<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/hitori\">hitori<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/renpy\">renpy<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/cutemaze\">cutemaze<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/peg-e\">peg-e<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/bullet\">bullet<\/a> and will ask the release team for a small transition in September for the latter.<\/li>\n<li>I sponsored a new version of <a href=\"https:\/\/tracker.debian.org\/pkg\/pekka-kana-2\">pekka-kana-2<\/a> for Carlos Donizete Froes.<\/li>\n<\/ul>\n<h2>Debian Java<\/h2>\n<ul>\n<li>This was a I-package-new-upstream-releases-month. New versions of <a href=\"https:\/\/tracker.debian.org\/pkg\/undertow\">undertow<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/lombok-patcher\">lombok-patcher<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/activemq\">activemq<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/visualvm\">visualvm<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/commons-dbcp2\">commons-dbcp2<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-logmanager\">jboss-logmanager<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-databind\">jackson-databind<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-xnio\">jboss-xnio<\/a>,\u00a0 <a href=\"https:\/\/tracker.debian.org\/pkg\/libtwelvemonkeys-java\">libtwelvemonkeys-java<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/mvel\">mvel<\/a> are in the archive now.<\/li>\n<li>I uploaded a new revision of <a href=\"https:\/\/tracker.debian.org\/pkg\/insubstantial\">insubstantial<\/a> with a patch by Andrius Merkys\u00a0 that fixed a grave runtime error in <a href=\"https:\/\/tracker.debian.org\/pkg\/triplea\">triplea<\/a> (#935777).<\/li>\n<\/ul>\n<h2>Misc<\/h2>\n<ul>\n<li>I fixed two minor CVE in <a href=\"https:\/\/tracker.debian.org\/pkg\/binaryen\">binaryen<\/a>, a compiler and toolchain infrastructure library for WebAssembly, by packaging the latest upstream release.<\/li>\n<\/ul>\n<h2>Debian LTS<\/h2>\n<p>This was my 42. month as a paid contributor and I have been paid to work 21,75 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n<ul>\n<li>From 12.8.2019 until 18.08.2019 and from 09.09.2019 until 10.09.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in kde4libs, apache2, nodejs-mysql, pdfresurrect, nginx, mongodb, nova, radare2, flask, bundler, giflib, ansible, zabbix, salt, imapfilter, opensc and sqlite3.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/08\/msg00027.html\">DLA-1886-2<\/a>. Issued a regression update for openjdk-7. The regression was caused by the removal of several classes in rt.jar by upstream. Since Debian never shipped the SunEC security provider SSL connections based on elliptic curve algorithms could not be established anymore. The problem was solved by building sunec.jar and its native library libsunec.so from source. An update of the nss source package was required too which resolved a five year old bug. (#<a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=750400\">750400<\/a>).<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/08\/msg00034.html\">DLA-1900-1<\/a>. Issued a security update for apache2 fixing 2 CVE, three more CVE did not affect the version in Jessie.<\/li>\n<li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/09\/msg00008.html\">DLA-1914-1<\/a>. Issued a security update for icedtea-web fixing 3 CVE.<\/li>\n<li>I have been working on a backport of opensc, a set of libraries and utilities to access smart cards that support cryptographic operations, from Stretch which will fix more than a dozen CVE.<\/li>\n<\/ul>\n<h2>ELTS<\/h2>\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my fifteenth month and I have been assigned to work 15 hours on ELTS of which I used 10 of them.<\/p>\n<ul>\n<li>\u00a0I was in charge of our ELTS frontdesk from 26.08.2019 until 01.09.2019 and I triaged CVE in dovecot, <span id=\"LC3883\" class=\"line\" lang=\"plaintext\">libcommons-compress-java, clamav, ghostscript, gosa as end-of-life because security support for them has ended in Wheezy. There were no new issues for supported packages. All in all this was a rather unspectacular week.<\/span><\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-156-1-linux\/\">ELA-156-1<\/a>. Issued a security update for linux fixing 9 CVE.<\/li>\n<li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-154-2-openjdk-7\/\">ELA-154-2<\/a>. Issued a regression update for openjdk-7 and nss because the removed classes in rt.jar caused the same issues in Wheezy too.<\/li>\n<\/ul>\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games The new month began as the old one ended: with some great porting efforts to Python 3 and more bug fixes &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2019\/09\/11\/my-free-software-activities-in-august-2019\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in August 2019\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10559"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10559"}],"version-history":[{"count":0,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10559\/revisions"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10559"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10559"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}