FTP master
This month I could increase my activities in NEW again and accepted 132 packages. Unfortunately I also had to reject 12 packages. The overall number of packages that got accepted was 374.
Debian LTS
This was my seventy-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
This month my all in all workload has been 26h. During that time I did LTS and normal security uploads of:
- [DSA 4823-1] influxdb security update for one CVE
- [DLA 2536-1] libsdl2 security update for nine CVEs
With the buster upload of highlight.js I could finish to fix CVE-2020-26237 in all releases.
I also tried to fix one or the other CVE for golang packages, to be exact: golang-github-russellhaering-goxmldsig, golang-github-tidwall-match, golang-github-tidwall-gjson and golang-github-antchfx-xmlquery. The version in unstable is easily done by uploading a new upstream version after checking with ratt that all reverse-build-dependencies are still working. The next step will be to really upload all reverse-build-dependencies that need a new build. As the number of reverse-build-dependencies might be rather large, this needs to be done automatically somehow. The problem I am struggling with at the moment are packages that need to be rebuilt but the version in git already increased …
Another problem with golang packages are packages that are referenced by a Built-Using: line, but whose sources are not yet available on security-master. If this happens, the uploaded package will be automatically rejected. Unfortunately the rejection-email only contains the first missing package. So in order to reduce the hassle with such uploads, please send me the Built-Using:-line before the upload and I will import everything. In December/January this affected the uploads of influxdb and snapd.
Last but not least I did some days of frontdesk duties.
Debian ELTS
This month was the thirty-first ELTS month.
During my allocated time I uploaded:
- ELA-351-1 for sudo
- ELA-352-1 for dbus
- ELA-353-1 for libsdl2
Last but not least I did some days of frontdesk duties.
Other stuff
This month I uploaded new upstream versions of:
- … osmo-hlr
- … openbsc
- … golang-github-russellhaering-goxmldsig
- … golang-github-tidwall-match
- … golang-github-briandowns-spinner
- … golang-github-tidwall-gjson
- … golang-github-antchfx-xmlquery
- … golang-github-keltia-archive
- … dmarc-cat
I improved packaging of:
- … libctl
- … golang-github-getlantern-hex
- … golang-github-gokyle-fswatch
- … golang-github-knqyf263-go-dep-parser
- … golang-github-knqyf263-nested
- … golang-github-muesli-crunchy
- … golang-github-muesli-goprogressbar
- … golang-github-xrash-smetrics
- … golang-github-otiai10-copy
- … golang-github-shurcool-httpgzip
- … golang-github-shurcool-httpfs
- … golang-github-toqueteos-webbrowser
- … golang-gitlab-lupine-go-mimedb
- … golang-github-apparentlymart-go-dump
- … golang-github-hashicorp-go-slug
- … golang-github-knqyf263-go-version
- … golang-github-alecthomas-binary
- … mpb
- … meep
- … golang-github-linkedin-goavro
The golang packages here are basically ones with a missing source upload. For whatever reason maintainers tend to forget about this …