{"id":11135,"date":"2020-01-11T18:36:49","date_gmt":"2020-01-11T17:36:49","guid":{"rendered":"https:\/\/gambaru.de\/blog\/?p=11135"},"modified":"2020-01-11T18:40:46","modified_gmt":"2020-01-11T17:40:46","slug":"my-free-software-activities-in-december-2019","status":"publish","type":"post","link":"https:\/\/gambaru.de\/blog\/2020\/01\/11\/my-free-software-activities-in-december-2019\/","title":{"rendered":"My Free Software Activities in December 2019"},"content":{"rendered":"\n<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you're interested in Java, Games and LTS topics, this might be interesting for you.<\/p>\n\n\n\n<h2>Debian Games<\/h2>\n\n\n\n<ul><li>I started the month by backporting the latest version of <a href=\"https:\/\/tracker.debian.org\/pkg\/minetest\">minetest<\/a> to buster-backports.<\/li><li>New versions of <a href=\"https:\/\/tracker.debian.org\/pkg\/springlobby\">Springlobby<\/a>, the single and multiplayer lobby for the Spring RTS engine,  and <a href=\"https:\/\/tracker.debian.org\/pkg\/freeciv\">Freeciv<\/a> (now at 2.6.1) were packaged.<\/li><li>I had to remove python-pygccxml as a build-dependency from <a href=\"https:\/\/tracker.debian.org\/pkg\/spring\">spring<\/a> because of the Python 2 removal and there was also another unrelated build failure that got fixed as well.<\/li><li>I also released a new version of the <a href=\"https:\/\/tracker.debian.org\/pkg\/debian-games\">debian-games<\/a> metapackages. A considerable number of games were removed from Debian in the past months, in parts due to the ongoing Python 2 removal but also because of inactive maintainers or upstreams. There were also some new games though. Check out the 3.1 changelog for more information. As a consequence of our Python 2 goal, the development metapackage for Python 2 is gone now.<\/li><\/ul>\n\n\n\n<h2>Debian Java<\/h2>\n\n\n\n<ul><li>This month I packaged new releases of <a href=\"https:\/\/tracker.debian.org\/pkg\/jboss-logging-tools\">jboss-logging-tools<\/a>,<a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-databind\"> jackson-databind<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-jr\">jackson-jr<\/a>, <a href=\"https:\/\/tracker.debian.org\/pkg\/jackson-dataformat-xml\">jackson-dataformat-xml<\/a> and <a href=\"https:\/\/tracker.debian.org\/pkg\/qdox2\">qdox2<\/a>.<\/li><li>I prepared a security update of <a href=\"https:\/\/tracker.debian.org\/pkg\/tomcat8\">tomcat8<\/a> for Stretch released as <a href=\"https:\/\/lists.debian.org\/debian-security-announce\/2019\/msg00250.html\">DSA 4596-1<\/a>. Thanks to Peter Hurtenbach for his help with testing the package.<\/li><\/ul>\n\n\n\n<h2>Misc<\/h2>\n\n\n\n<ul><li>The <a href=\"https:\/\/tracker.debian.org\/pkg\/imlib2\">imlib2<\/a> image library was updated to version 1.6.1 and now supports the webp image format.<\/li><li>I backported the Thunderbird addon <a href=\"https:\/\/tracker.debian.org\/pkg\/dispmua\">dispmua<\/a> to Buster and Stretch because the new Thunderbird ESR version had made it unusable.<\/li><li>I also updated <a href=\"https:\/\/tracker.debian.org\/pkg\/binaryen\">binaryen<\/a>, a compiler and library for WebAssembly and asked upstream if they could relax the build-dependency on Git which they did.<\/li><\/ul>\n\n\n\n<h2>Debian LTS<\/h2>\n\n\n\n<p>This was my 46. month as a paid contributor and I have been paid to work 16,5 hours on <a href=\"https:\/\/wiki.debian.org\/LTS\/\">Debian LTS<\/a>, a project started by <a href=\"https:\/\/raphaelhertzog.com\">Rapha\u00ebl Hertzog<\/a>. In that time I did the following:<\/p>\n\n\n\n<p>From 23.12.2019 until 05.01.2020 I was in charge of our LTS frontdesk. I investigated and triaged CVE in sudo, shiro, waitress, sa-exim, imagemagick, nss, apache-log4j1.2, sqlite3, lemonldap-ng, libsixel, graphicsmagick, debian-lan-config, xerces-c, libpodofo, vim, pure-ftpd, gthumb, opencv, jackson-databind, pillow, fontforge, collabtive, libhibernate-validator-java, lucene-solr and gpac.<\/p>\n\n\n\n<ul><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2019\/12\/msg00035.html\">DLA-2051-1<\/a>. Issued a security update for intel-microcode fixing 2 CVE.<\/li><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2020\/01\/msg00004.html\">DLA-2058-1<\/a>. Issued a security update for nss fixing 1 CVE.<\/li><li><a href=\"https:\/\/lists.debian.org\/debian-lts-announce\/2020\/01\/msg00006.html\">DLA-2062-1<\/a>. Issued a security update for sa-exim fixing 1 CVE.<\/li><li>I prepared a security update for tomcat7 by updating to the latest upstream release in the 7.x series. It is pending review by Mike Gabriel at the moment.<\/li><\/ul>\n\n\n\n<h2>ELTS<\/h2>\n\n\n\n<p>Extended Long Term Support (<a href=\"https:\/\/wiki.debian.org\/LTS\/Extended\">ELTS<\/a>) is a project led by <a href=\"https:\/\/www.freexian.com\/\">Freexian<\/a> to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 \"Wheezy\". This was my nineteenth month and I have been assigned to work 15 hours on ELTS.<\/p>\n\n\n\n<ul><li>I was in charge of our ELTS frontdesk from 23.12.2019 until 05.01.2020 and I triaged CVE in sqlite3, libxml2 and nss.<\/li><li><a href=\"https:\/\/deb.freexian.com\/extended-lts\/updates\/ela-200-2-intel-microcode\/\">ELA-200-2<\/a>.  Issued a security update for intel-microcode.<\/li><li>Worked on tomcat7, CVE-2019-12418 and CVE-2019-17563, and finished the patches prepared by Mike Gabriel. We have discovered some unrelated test failures and are currently investigating the root cause of them.<\/li><li>Worked on nss, which is required to build OpenJDK 7 and also needed at runtime for the SunEC security provider. I am currently investigating CVE-2019-17023 which has been assigned only a few days ago.<\/li><li>ELA-206-1. Issued a security update for apache-log4j1.2 fixing 1 CVE.<\/li><\/ul>\n\n\n\n<p>Thanks for reading and see you next time.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you&#8217;re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games I started the month by backporting the latest version of minetest to buster-backports. New versions of Springlobby, the single and multiplayer &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/gambaru.de\/blog\/2020\/01\/11\/my-free-software-activities-in-december-2019\/\" class=\"more-link\"><span class=\"screen-reader-text\">\u201eMy Free Software Activities in December 2019\u201c<\/span> weiterlesen<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[53,68,155],"_links":{"self":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/11135"}],"collection":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/comments?post=11135"}],"version-history":[{"count":3,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/11135\/revisions"}],"predecessor-version":[{"id":11139,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/posts\/11135\/revisions\/11139"}],"wp:attachment":[{"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/media?parent=11135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/categories?post=11135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gambaru.de\/blog\/wp-json\/wp\/v2\/tags?post=11135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}