My Debian Activities in January 2021

FTP master

This month I could increase my activities in NEW again and accepted 132 packages. Unfortunately I also had to reject 12 packages. The overall number of packages that got accepted was 374.

Debian LTS

This was my seventy-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 26h. During that time I did LTS and normal security uploads of:

  • [DSA 4823-1] influxdb security update for one CVE
  • [DLA 2536-1] libsdl2 security update for nine CVEs

With the buster upload of highlight.js I could finish to fix CVE-2020-26237 in all releases.

I also tried to fix one or the other CVE for golang packages, to be exact: golang-github-russellhaering-goxmldsig, golang-github-tidwall-match, golang-github-tidwall-gjson and golang-github-antchfx-xmlquery. The version in unstable is easily done by uploading a new upstream version after checking with ratt that all reverse-build-dependencies are still working. The next step will be to really upload all reverse-build-dependencies that need a new build. As the number of reverse-build-dependencies might be rather large, this needs to be done automatically somehow. The problem I am struggling with at the moment are packages that need to be rebuilt but the version in git already increased …

Another problem with golang packages are packages that are referenced by a Built-Using: line, but whose sources are not yet available on security-master. If this happens, the uploaded package will be automatically rejected. Unfortunately the rejection-email only contains the first missing package. So in order to reduce the hassle with such uploads, please send me the Built-Using:-line before the upload and I will import everything. In December/January this affected the uploads of influxdb and snapd.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-first ELTS month.

During my allocated time I uploaded:

  • ELA-351-1 for sudo
  • ELA-352-1 for dbus
  • ELA-353-1 for libsdl2

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of:

I improved packaging of:

The golang packages here are basically ones with a missing source upload. For whatever reason maintainers tend to forget about this …