My Debian Activities in September 2021

FTP master

This month I accepted 224 and rejected 47 packages. This is almost thrice the rejects of last month. Please, be more careful and check your package twice before uploading. The overall number of packages that got accepted was 233.

Debian LTS

This was my eighty-seventh month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 24.75h. During that time I did LTS and normal security uploads of:

  • [DLA 2755-1] btrbk security update for one CVE
  • [DLA 2762-1] grilo security update for one CVE
  • [DLA 2766-1] openssl security update for one CVE
  • [DLA 2774-1] openssl1.0 security update for one CVE
  • [DLA 2773-1] curl security update for two CVEs

I also started to work on exiv2 and faad2.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-ninth ELTS month.

Unfortunately during my allocated time I could not process any upload. I worked on openssl, curl and squashfs-tools but for one reason or another the prepared packages didn’t pass all tests. In order to avoid regressions, I postponed the uploads (meanwhile an ELA for curl was published …).

Last but not least I did some days of frontdesk duties.

Other stuff

On my neverending golang challenge I again uploaded some packages either for NEW or as source upload.

As Odyx took a break from all Debian activities, I volunteered to take care of the printing packages. Please be merciful when somethings breaks after I did an upload. My first printing upload was hplip

My Debian Activities in August 2021

FTP master

Yeah, Bullseye is released, thanks a lot to everybody involved!

This month I accepted 242 and rejected 18 packages. The overall number of packages that got accepted was 253.

Debian LTS

This was my eighty-sixth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 23.75h. During that time I did LTS and normal security uploads of:

  • [DLA 2738-1] c-ares security update for one CVE
  • [DLA 2746-1] scrollz security update for one CVE
  • [DLA 2747-1] ircii security update for one CVE
  • [DLA 2748-1] tnef security update for one CVE
  • [DLA 2749-1] gthumb security update for one CVE
  • [DLA 2752-1] squashfs-tools security update for one CVE
  • buster-pu for gthumb #993228
  • prepared debdiffs for squashfs-tools in Buster and Bullseye, which will result in DSA 4967
  • prepared debdiffs for btrbk in Buster and Bullseye

I also started to work on openssl, grilo and had to process packages from NEW on security-master.

As the CVE of btrbk was later marked as no-dsa, an upload to stable and oldstable is needed now.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-eighth ELTS month.

During my allocated time I uploaded:

  • ELA-474-1 for c-ares
  • ELA-480-1 for squashfs-tools

I also started to work on openssl.

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of:

On my neverending golang challenge I again uploaded some packages either for NEW or as source upload.

My Debian Activities in July 2021

FTP master

This month I accepted 13 and rejected 2 packages. The overall number of packages that got accepted was 13.

As the Release Team prefers not to have any new package upload to unstable, the numbers are this low. I am afraid there is some discussion needed after the release of Bullseye …

Debian LTS

This was my eighty-fifth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2720-1] aspell security update for two CVEs
  • [DLA 2722-1] libsndfile security update for one CVE
  • [DLA 2723-1] linuxptp security update for one CVE
  • prepared aspell update in Buster, which resulted in DSA 4948-1

I also made further progress on gpac and started to test the package now.

Last but not least I did some days of frontdesk duties. I am not sure whether it is just me, but I got the impression that nowadays lots of CVEs can be marked as not-affected in the corresponding Stretch-version. Most of the remaining CVEs only have a small security impact (if at all) and can be marked as no-dsa. So the number of packages that really need an update decreases steadily. Does that mean that all issues in older versions are fixed now? Or are people more focused on new features in software as it is easier to find issues in more or less unexplored code?

Debian ELTS

This month was the thirty-seventh ELTS month.

During my allocated time I uploaded:

  • ELA-461-1 for jasper
  • ELA-462-1 for aspell
  • ELA-464-1 for libsndfile

Last but not least I did some days of frontdesk duties. In ELTS the decreasing number of uploads, as mentioned above, seems to be even more clearly.

Other stuff

I played a bit with RISC-V and looked after some packages that did not build on that architecture. Generally this looks like fun but building packages with qemu dampens the mood a bit. So if anybody knows some hardware that runs Debian, that is available now and that does not cost more than my car, I would be happy to get some pointer.

This month I uploaded new upstream versions of:

to experimental.

I improved packaging and fixed bugs in:

On my neverending golang challenge I again uploaded some packages either for NEW or as source upload.

My Debian Activities in June 2021

FTP master

This month I accepted 105 and rejected 6 packages. The overall number of packages that got accepted was 111.

Debian LTS

This was my eighty-fourth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been almost 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2691-1] libgcrypt20 security update for one CVE
  • [DLA 2692-1] bluez security update for two CVEs
  • [DLA 2694-1] tiff security update for two CVEs
  • [DLA 2697-1] fluidsynth security update for one CVE
  • [DLA 2698-1] node-bl security update for one CVE
  • [DLA 2699-1] ipmitool security update for one CVE
  • PU bug #989815 ring/buster for one CVE

I also made further progress on gpac.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-sixth ELTS month.

During my allocated time I uploaded:

  • ELA-444-1 for libgcrypt20
  • ELA-445-1 for bluez
  • ELA-447-1 for tiff
  • ELA-450-1 for fluidsynth

Last but not least I did some days of frontdesk duties.

Other stuff

On my neverending golang challenge I again uploaded lots of packages either for NEW or as source upload.

My Debian Activities in April 2021

FTP master

This month I accepted 103 and rejected 10 packages, which is again an increase compared to last month. The overall number of packages that got accepted was only 107.

Debian LTS

This was my eighty-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2629-1] libebml security update for one CVE
  • debdiff for libebml/buster
  • [DLA 2636-1] pjproject security update for one CVE
  • NMU leptonlib/unstable for four CVEs
  • PU bug #987376 leptonlib/buster for four CVEs
  • debdiff for ring/unstable which resulted in upload of version 20210112.2.b757bac~ds1-1 that fixed two CVEs
  • PU bug #987246 tnef/buster for one CVE

I also created debdiffs of tnef and ring for other suites, which did not result in any upload yet. Further I started to work on gpac and struggle with dozens of issues here.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-fourth ELTS month.

Unfortunately my work on python2.7 and python3.4 did not result in an upload before the end of the month.

Last but not least I did some days of frontdesk duties.

Other stuff

On my neverending golang challenge I again uploaded lots of packages either for NEW or as source upload.

Last but not least I voted.

My Debian Activities in March 2021

FTP master

Things never turn out the way you expect, so this month I was only able to accept 38 packages and rejected none. Due to the freeze, the overall number of packages that got accepted was 88.

Debian LTS

This was my eighty-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2606-1] lxml security update for one CVE
  • [DSA 4880-1] lxml security update for one CVE
  • [DLA 2611-1] ldb security update for two CVEs
  • [DLA 2612-1] leptonlib security update for four CVEs

I also prepared debdiffs for unstable and/or buster for leptonlib and libebml, which for one reason or another did not result in an upload yet.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-third ELTS month.

During my allocated time I uploaded:

  • ELA-388-1 for zeromq3
  • ELA-390-1 for lxml
  • ELA-391-1 for jasper
  • ELA-393-1 for ldb
  • ELA-394-1 for leptonlib

Last but not least I did some days of frontdesk duties.

Other stuff

On my neverending golang challenge I uploaded (or sponsored for thola dependencies):
golang-github-tombuildsstuff-giovanni, golang-github-apparentlymart-go-userdirs, golang-github-apparentlymart-go-shquot, golang-github-likexian-gokit, olang-gopkg-mail.v2, golang-gopkg-redis.v5, golang-github-facette-natsort, golang-github-opentracing-contrib-go-grpc, golang-github-felixge-fgprof, golang-ithub-gogo-status, golang-github-leanovate-gopter, golang-github-opentracing-basictracer-go, golang-github-lightstep-lightstep-tracer-common, golang-github-o-sourcemap-sourcemap, golang-github-igm-pubsub, golang-github-igm-sockjs-go, golang-github-centrifugal-protocol, golang-github-mna-redisc, golang-github-fzambia-eagle, golang-github-centrifugal-centrifuge, golang-github-chromedp-sysutil, golang-github-client9-misspell, golang-github-knq-snaker, cdproto-gen, golang-github-mattermost-xml-roundtrip-validator, golang-github-crewjam-saml, ssllabs-scan, golang-uber-automaxprocs, golang-uber-goleak, golang-github-k0kubun-go-ansi, golang-github-schollz-progressbar, golang-github-komkom-toml, golang-github-labstack-echo, golang-github-inexio-go-monitoringplugin

My Debian Activities in February 2021

FTP master

This month I accepted 162 and rejected 28 packages, which is again a small increase compared to last month. The overall number of packages that got accepted was 291.

Debian LTS

This was my eightieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2551-1] slirp security update two CVEs
  • [DLA 2552-1] connman security update two CVEs
  • [DLA 2567-1] unrar-free security update three CVEs
  • [DLA 2566-1] libbsd security update one CVE
  • [DLA 2571-1] openvswitch security update six CVEs
  • [DLA 2572-1] wpa security update for one CVE

I also prepared debdiffs for golang-github-appc-cni, wpa and libbsd, which for one reason or another did not result in a DLA yet.

Moreover I did some NEW processing and other stuff on security-master.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-second ELTS month.

During my allocated time I uploaded:

  • ELA-367-1 for libbsd
  • ELA-368-1 for unrar-free
  • ELA-370-1 for wpa

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of:

My Debian Activities in January 2021

FTP master

This month I could increase my activities in NEW again and accepted 132 packages. Unfortunately I also had to reject 12 packages. The overall number of packages that got accepted was 374.

Debian LTS

This was my seventy-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 26h. During that time I did LTS and normal security uploads of:

  • [DSA 4823-1] influxdb security update for one CVE
  • [DLA 2536-1] libsdl2 security update for nine CVEs

With the buster upload of highlight.js I could finish to fix CVE-2020-26237 in all releases.

I also tried to fix one or the other CVE for golang packages, to be exact: golang-github-russellhaering-goxmldsig, golang-github-tidwall-match, golang-github-tidwall-gjson and golang-github-antchfx-xmlquery. The version in unstable is easily done by uploading a new upstream version after checking with ratt that all reverse-build-dependencies are still working. The next step will be to really upload all reverse-build-dependencies that need a new build. As the number of reverse-build-dependencies might be rather large, this needs to be done automatically somehow. The problem I am struggling with at the moment are packages that need to be rebuilt but the version in git already increased …

Another problem with golang packages are packages that are referenced by a Built-Using: line, but whose sources are not yet available on security-master. If this happens, the uploaded package will be automatically rejected. Unfortunately the rejection-email only contains the first missing package. So in order to reduce the hassle with such uploads, please send me the Built-Using:-line before the upload and I will import everything. In December/January this affected the uploads of influxdb and snapd.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-first ELTS month.

During my allocated time I uploaded:

  • ELA-351-1 for sudo
  • ELA-352-1 for dbus
  • ELA-353-1 for libsdl2

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of:

I improved packaging of:

The golang packages here are basically ones with a missing source upload. For whatever reason maintainers tend to forget about this …

My Debian Activities in December 2020

FTP master

This month I only accepted 8 packages and like last month rejected 0. Despite the holidays 293 packages got accepted.

Debian LTS

This was my seventy-eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 26h. During that time I did LTS uploads of:

  • [DLA 2489-1] minidlna security update for two CVEs
  • [DLA 2490-1] x11vnc security update for one CVE
  • [DLA 2501-1] influxdb security update for one CVE
  • [DLA 2511-1] highlight.js security update for one CVE

Unfortunately package slirp has the same version in Stretch and Buster. So I first had to upload slirp/1:1.0.17-11 to unstable, in order to be allowed to fix the CVE in Buster and to finally upload a new version to Stretch. Meanwhile the fix for Buster has been approved by the Release Team and I am waiting for the next point release now.

I also prepared a debdiff for influxdb, which will result in DSA-4823-1 in January.

As there appeared new CVEs for openjpeg2, I did not do an upload yet. This is planned for January now.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirtieth ELTS month.

During my allocated time I uploaded:

  • ELA-341-1 for highlight.js

As well as for LTS, I did not finish work on all CVEs of openjpeg2, so the upload is postponed to January.

Last but not least I did some days of frontdesk duties.

Unfortunately I also had to give back some hours.

Other stuff

This month I uploaded new upstream versions of:

I fixed one or two bugs in:

I improved packaging of:

Some packages just needed a source upload:

… and there have been even some new packages:

With these uploads I finished the libosmocom- and libctl-transitions.

The Debian Med Advent Calendar was again really successful this year. There was no new record, but with 109, the second most number of bugs has been closed.

year number of bugs closed
2011 63
2012 28
2013 73
2014 5
2015 150
2016 95
2017 105
2018 81
2019 104
2020 109

Well done everybody who participated. It is really nice to see that Andreas is no longer a lone wolf.

My Debian Activities in November 2020

FTP master

Unfortunately a day only has 24h. As the freeze is approaching, I had to concentrate a bit more on keeping my packages in shape. So this month I only accepted nine packages. The good news, I rejected no package. The overall number of packages that got accepted was 328.

Debian LTS

This was my seventy-seventh month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 22.75h. During that time I did LTS uploads of:

  • [DLA 2446-1] moin security update for two CVEs
  • [DLA 2451-1] libvncserver security update for one CVE
  • [DLA 2459-1] golang-1.7 security update for two CVEs
  • [DLA 2460-1] golang-1.8 security update for three CVEs
  • [DLA 2468-1] tcpflow security update for one CVE
  • [DLA 2469-1] qemu security update for five CVEs

I also started to work on x11vnc and slirp.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the twenty ninth ELTS month.

During my allocated time I uploaded:

  • ELA-319-1 for libass
  • ELA-320-1 for tcpflow
  • ELA-321-1 for qemu

Unfortunately I also had to give back some hours.

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of:

I fixed one or two bugs in:

I improved packaging of:

… and there have been even some new packages:

As it is again this time of the year, I would also like to draw some attention to the Debian Med Advent Calendar. Like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don’t hesitate, start to squash :-).

The announcement on the mailing list can be found here.