{"id":10718,"date":"2019-10-10T22:49:21","date_gmt":"2019-10-10T20:49:21","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=10718"},"modified":"2019-10-11T23:45:10","modified_gmt":"2019-10-11T21:45:10","slug":"my-free-software-activities-in-september-2019","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2019\/10\/10\/my-free-software-activities-in-september-2019\/","title":{"rendered":"My Free Software Activities in September 2019"},"content":{"rendered":"\n<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n\n\n\n<h2>Debian Games<\/h2>\n\n\n\n<ul><li>Reiner Herrmann investigated a build failure of <a href=\"https:\/\/tracker.debian.org\/pkg\/supertuxkart\">supertuxkart<\/a> on several architectures and prepared an update to link against libatomic. I reviewed and sponsored the new revision which allowed supertuxkart 1.0 to migrate to testing.<\/li><li>Python 3 ports: Reiner also ported <a href=\"https:\/\/tracker.debian.org\/pkg\/bouncy\">bouncy<\/a>, a game for small kids, to Python3 which I reviewed and uploaded to unstable.<\/li><li>Myself upgraded <a href=\"https:\/\/tracker.debian.org\/pkg\/atomix\">atomix<\/a> to version 3.34.0 <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=941315\">as requested<\/a> although it is unlikely that you will find a major difference to the previous version.<\/li><\/ul>\n\n\n\n<h2>Debian Java<\/h2>\n\n\n\n<ul><li>This month I packaged new upstream releases of <a href=\"https:\/\/tracker.debian.org\/pkg\/robocode\">robocode<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libsambox-java\">libsambox-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libsejda-java\">libsejda-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/pdfsam\">pdfsam<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/undertow\">undertow<\/a>,<a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-threads\"> jboss-threads<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/libpdfbox2-java\">libpdfbox2-java<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/lombok-patcher\">lombok-patcher<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-databind\">jackson-databind<\/a>. <\/li><li>I became the new uploader of <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-databind\">jackson-databind<\/a> because the package was unmaintained and it is frequently affected by CVE, e.g. <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=940498\">#940498<\/a>. I intend to implement a way to use a whitelist for Debian to address the reoccurring  security vulnerabilities instead of a blacklist which will always be incomplete. <\/li><li>I fixed bug <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=933715\">#933715<\/a> in <a href=\"https:\/\/tracker.debian.org\/pkg\/javahelper\">javahelper<\/a> to fix a build failure whenever someone used the little obscure virtual dependency debhelper-compat. <\/li><li>I reviewed a new package, <a href=\"https:\/\/github.com\/lucaskanashiro\/yetus\/\">yetus<\/a>, from Lucas Kanashiro and gave some packaging advice.<\/li><li>I prepared a buster-pu for<a href=\"https:\/\/tracker.debian.org\/pkg\/lucene-solr\"> lucene-solr<\/a> to fix <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=933854\">#933854<\/a> and <a href=\"https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=933857\">#933857<\/a>.<\/li><\/ul>\n\n\n\n<h2>Misc<\/h2>\n\n\n\n<ul><li>I packaged new upstream releases of <a href=\"https:\/\/tracker.debian.org\/pkg\/ublock-origin\">ublock-origin<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/privacybadger\">privacybadger<\/a>, two popular Firefox\/Chromium addons and<\/li><li> packaged a new upstream release of <a href=\"https:\/\/packages.debian.org\/unstable\/wabt\">wabt<\/a>, the WebAssembly Binary Toolkit.<\/li><\/ul>\n\n\n\n<h2>Debian LTS<\/h2>\n\n\n\n<p>This was my 43. month as a paid contributor and I have been paid to work 23,75 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n\n\n\n<ul><li>From 11.09.2019 until 15.09.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in libonig, bird, curl, openssl, wpa, httpie, asterisk, wireshark and libsixel.<\/li><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/09\/msg00017.html\">DLA-1922-1<\/a>. Issued a security update for wpa fixing 1 CVE.<\/li><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/09\/msg00026.html\">DLA-1932-1<\/a>. Issued a security update for openssl fixing 2 CVE.<\/li><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/09\/msg00034.html\">DLA-1900-2<\/a>. Issued a regression update for apache fixing 1 CVE.<\/li><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/10\/msg00001.html\">DLA-1943-1<\/a>. Issued a security update for jackson-databind fixing 4 CVE.<\/li><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/10\/msg00013.html\">DLA-1954-1<\/a>. Issued a security update for lucene-solr fixing 1 CVE. I triaged CVE-2019-12401 and marked Jessie as not-affected because we use the system libraries of woodstox in Debian.<\/li><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/10\/msg00015.html\">DLA-1955-1<\/a>. Issued a security update for tcpdump fixing 24 CVE by backporting the latest upstream release to Jessie. I discovered several test failures but after more investigation I came to the conclusion that the test cases were simply created with a newer version of libpcap which causes the test failures with Jessie's older version. <\/li><\/ul>\n\n\n\n<h2>ELTS<\/h2>\n\n\n\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my sixteenth month and I have been assigned to work 15 hours on ELTS plus five hours from August. I used 15 of them for the following:<\/p>\n\n\n\n<ul><li>I was in charge of our ELTS frontdesk from 30.09.2019 until 06.10.2019 and I triaged CVE in tcpdump. There were no reports of other security vulnerabilities for supported packages in this week.<\/li><li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-163-1-curl\/\">ELA-163-1<\/a>. Issued a security update for curl fixing 1 CVE.<\/li><li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-171-1-openssl\/\">ELA-171-1<\/a>. Issued a security update for openssl fixing 2 CVE.<\/li><li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-172-1-linux\/\">ELA-172-1<\/a>. Issued a security update for linux fixing 23 CVE.<\/li><li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-174-1-tcpdump\/\">ELA-174-1<\/a>. Issued a security update for tcpdump fixing 24 CVE. <\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games Reiner Herrmann investigated a build failure of supertuxkart on several architectures and prepared an update to link against libatomic. I reviewed &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2019\/10\/10\/my-free-software-activities-in-september-2019\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in September 2019\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10718"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=10718"}],"version-history":[{"count":6,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10718\/revisions"}],"predecessor-version":[{"id":10840,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/10718\/revisions\/10840"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=10718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=10718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=10718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}