My Debian Activities in May 2017

FTP assistant

This month I only marked 39 packages for accept and rejected 5 packages.

Debian LTS

This was my thirty-fifth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 27.25h. During that time I did LTS uploads or prepared one for Jessie/Sid:

  • [DLA 934-1] radicale security update for one CVE
  • [DLA 942-1] jbig2dec security update for three CVEs
  • [DLA 947-1] icu security update for two CVEs
  • [DLA 950-1] libtasn1-3 security update for one CVE
  • [DSA 3861-1] libtasn1-6 security update for one CVE
  • [DLA 956-1] libsndfile security update for four CVE
  • [DLA 957-1] bind9 security update for three CVEs
  • [DLA 962-1] tnef security update for one CVE
  • [DSA 3869-1] tnef security update for one CVE

For [DLA 948-1] dropbear and [DLA 958-1] libonig I only did the LTS bookkeeping and sent the DLA.

The icu upload would not have been possible without the help of Roberto.

I also tried to work on jasper, libxml2, libytnef and swftools but unfortunately all upstreams did not finish their respective patches this month, so maybe there will be an upload in June.

Other stuff

Again this has been a busy LTS month, so I only uploaded a new version of smstools, which closed most of its bugs and adopted adopted ptpd as DOPOM.

As a prerequisite of wview I uploaded radlib. Unfortunately I could not do anything for wview, so work on this has to be postponed. Another new package is te923con, which I hope is able to read data from my weather station.

Last but no least I fixed an RC bug in alljoyn-services-1504.

My Debian Activities in April 2017

FTP assistant

This month I marked 72 packages for accept and sent one email to a maintainer asking questions. The number of rejections went down to 15. I would name that a good level again.

Debian LTS

This was my thirty-fourth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

As others reduced their workload for this month, my all in all workload has been 23.75h. During that time I did uploads of

    [DLA 897-1] qbittorrent security update for two CVEs
    [DLA 898-1] libosip2 security update for four CVEs
    [DLA 901-1] radare2 security update for one CVE
    [DLA 914-1] minicom security update for one CVE
    [DLA 915-1] botan1.10 security update for one CVE
    [DLA 920-1] jasper security update for two CVEs

In addition I had one week of frontdesk duties.

I also started to work on icu and bind9. The patches for icu applied fine but the corresponding test did not work but stopped somewhere in the middle!? I am open for any suggestions why this could happen.

Other stuff

This has been a busy LTS month, so I only created node-tunein and adopted smstools as DOPOM.

My Debian Activities in March 2017

FTP assistant

This month I marked 111 packages for accept and sent four emails to maintainers asking questions. The bad number of the month are the 41 packages I had to reject. This rejection rate was the worst of all my NEW-months.

May I ask everybody to pay a bit more attention before uploading/sponsoring a package?

Debian LTS

This was my thirty-third month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 14.75h. During that time I did uploads of

  • [DSA 3798-1] tnef security update for four CVEs
  • [DLA 839-2] tnef regression update
  • [DSA 3798-2] tnef regression update
  • tnef security update in unstable/testing for four CVEs
  • [DLA 878-1] libytnef security update for ten CVEs

I also took care of radare and marked all CVEs as not-affected in Wheezy. My next package on the list will be qbittorrent.

Other stuff

I uploaded a new version of entropybroker to fix a bug with the handling of return codes of ppoll. This version will also make it to Stretch. The same happens with a bug in alljoyn-services-1509. I don’t know why everybody talks about unblock-bugs that need to be filed!? The release team was always faster in granting the unblock than me in filing the corresponding bug.

As my DOPOM for this month I adopted httperf, took care of some bugs and sent patches upstream.

I also created a new project on Alioth that is called debian-mobcom (Alioth page), which shall be a place for all packages concerning mobile communication on the network part. I only uploaded libosmocore to experimental yet, so the package list is rather short.

Let other devices use my own NTP server

I have these fine set-top boxes here, that try to synchronize their time with some external NTP servers.

The names of the NTP servers are coded into the firmware and can not be changed in the network settings menu. They are called ntp1.technibutler.de, ntp2.technibutler.de and ntp3.technibutler.de. Though they are already Stratum 2 servers, I would rather use my own, local DCF77 radio clock. Obviously it makes no sense to contact some server in the wide internet to get information that is already available locally.

Luckily those servers are just used for time synchronization and nobody wants to get web pages from them or wants to send emails to them. So all that needs to be done is to redefine their address resolution in DNS.

In a first step, I configure my own DNS server. The example below are config files for bind9. Any other DNS server should work as well, just pretend that you are authorized to answer queries for the technibutler NTP servers. As long as there is no DNSSEC or secure NTP involved, everything is fine.

First I need to define the different zones. As there might be other services within the technibutler.de zone, that I still want to use, I will define an extra zone for each hostname of the NTP servers.

;
$TTL    86400
@       IN      SOA     ntp1.technibutler.de. redefined-dns.alteholz.de. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                          86400 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       10.10.10.1
;
$TTL    86400
@       IN      SOA     ntp2.technibutler.de. redefined-dns.alteholz.de. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                          86400 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       10.10.10.1
;
$TTL    86400
@       IN      SOA     ntp3.technibutler.de. redefined-dns.alteholz.de. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                          86400 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       10.10.10.1

I store those configs in /etc/bind/redefined/db.ntp1.technibutler.de, /etc/bind/redefined/db.ntp3.technibutler.de and /etc/bind/redefined/db.ntp3.technibutler.de. The only IP address that is needed in these files are the actual IP address of my local NTP server. As I just have only one, all NTP servers from technibutler.de need to point to this address.

Now I have to tell bind that my zones are the master zone. This is done in /etc/bind/redefined/redefined-zones.conf:

zone "ntp1.technibutler.de" {
   type master;
   file "/etc/bind/redefined/db.ntp1.technibutler.de";
};

zone "ntp2.technibutler.de" {
   type master;
   file "/etc/bind/redefined/db.ntp2.technibutler.de";
};

zone "ntp3.technibutler.de" {
   type master;
   file "/etc/bind/redefined/db.ntp3.technibutler.de";
};

And last but not least I have to tell bind9 to load this config during startup. So I add a line:

include "/etc/bind/redefined/redefined-zones.conf";

at the beginning of /etc/bind/named.conf.local

And voila, before that configuration:

$ nslookup ntp1.technibutler.de
Server:         10.10.10.254
Address:        10.10.10.254#53

Non-authoritative answer:
Name:   ntp1.technibutler.de
Address: 62.138.2.9

and after that configuration:

$ nslookup ntp1.technibutler.de
Server:         10.10.10.254
Address:        10.10.10.254#53

Non-authoritative answer:
Name:   ntp1.technibutler.de
Address: 10.10.10.1

After the configuration of your DNS server is done, you just need to point the set-top boxes or any other device in your home network to your own DNS server. You can either deliver this information via “option domain-name-servers” with DHCP, or manually put your DNS server in the network settings of your device.

My Debian Activities in February 2017

FTP assistant

This month you didn’t hear much of me, as I only marked 97 packages for accept and rejected 17 packages. I only sent one email to maintainers asking questions.

Nevertheless the NEW queue is down to 46 packages at the moment, so my fellows in misery do a really good job :-).

Debian LTS

This was my thirty-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 13.00h. During that time I did uploads of

  • [DLA 832-1] bitlbee security update for three CVEs
  • [DLA 837-1] radare2 security update for one CVE
  • [DLA 839-1] tnef security update for four CVEs
  • [DLA 843-1] bind9 security update for one CVE

Thanks again to all the people who complied with my requests to test a package!

I also prepared the Jessie DSA for tnef which resulted in DSA 3798-1.

At the end of the month I did another week of frontdesk work and among other things I filed some bugs against packages from [1].

[1] https://security-tracker.debian.org/tracker/status/unreported

Other stuff

Reading about openoverlayrouter in the German magazine c’t, I uploaded that software to Debian.

I also uploaded npd6, which helped me to reach github from a IPv6-only-machine.
Further I uploaded pyicloud.

As my DOPOM for this mont I adopted bottlerocket. Though you can’t buy the hardware anymore, there still seem to be some users around.

My Debian Activities in January 2017

FTP assistant

This month I only marked 146 packages for accept and rejected 25 packages. I only sent 3 emails to maintainers asking questions.

Nevertheless I could pass a big mark. All in all I accepted more than 10000 packages now!

Debian LTS

This was my thirty-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 12.75h. During that time I did uploads of

  • [DLA 805-1] bind9 security update for three CVEs
  • [DLA 806-1] zoneminder security update for one CVE

Unfortunately the upload of jasper had to be postponed, as there is no upstream fix for most of the open CVEs yet.
I also suggested to mark th slum-llnl CVE as , as the patch would be too invasive. Further I did another week of frontdesk work.

Last but not least I took care of about 140 items of the TODO list[1]. Ok, it was not that much work, but the enormous number is impressing :-). I also had a look at [2] and filed bugs against two packages. Within hours the maintainers responded to that bugs, clarified everything to mark the CVEs as not-affected and nobody has to care about them anymore. This is a good example of how the knowledge of the maintainer can help the security teams! So, if you have some time left, have a look at [3] and take care of something.

[1] https://security-tracker.debian.org/tracker/status/todo
[2] https://security-tracker.debian.org/tracker/status/unreported
[3] https://security-tracker.debian.org/tracker

Other stuff

This month I sponsored a new round of sidedoor and printrun. After advocating Dara Adib to become Debian Maintainer, I hope my activities as sponsor can be reduced again :-).

Further I uploaded another version of setserial, but as you can see in #850762 it does not seem to satisfy everybody. I also uploaded new upstream versions of duktape and pipexec.

As I didn’t do any DOPOM in December I adopted two packages in January: pescetti and salliere. I dedicate those uploads to my aunt Birgit, who was a passionate bridge player. You will never be forgotten.

My Debian Activities in December 2016

FTP assistant

This month I marked 367 packages for accept and rejected 45 packages. This time I only sent 10 emails to maintainers asking questions.

Debian LTS

This was my thirtieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 13.50h. During that time I did uploads of

  • [DLA 739-1] jasper security update for nine CVEs
  • [DLA 749-1] php5 security update for 14 CVEs
  • [DLA 771-1] hdf5 security update for four CVEs

Other stuff

The Debian Med Advent Calendar was really successful this year. As announced in [1] this year the second highest number of bugs has been closed during tht bug squashing:

year number of bugs closed
2011 63
2012 28
2013 73
2014 5
2015 150
2016 95

Well done everybody who participated!

In December I also uploaded new upstream versions of duktape, fixed bugs in openzwave, did a binary upload for mpb on mipsel, sponsored openzwave-controlpanel, sidedoor and printrun.
Thanks to lamby that openzwave-controlpanel and sidedoor even made it into Stretch.

Last but not least I want to wish everybody a Happy New Year.

[1] https://lists.debian.org/debian-med/2016/12/msg00180.html

My Debian Activities in November 2016

FTP assistant

This month I marked 377 packages for accept and rejected 36 packages. I also sent 13 emails to maintainers asking questions.

Debian LTS

This was my twenty-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 11h. During that time I did uploads of

  • [DLA 696-1] bind9 security update for one CVE
  • [DLA 711-1] curl security update for nine CVEs

The upload of curl started as an embargoed one but the discussion about one fix took some time and the upload was a bit delayed.

I also prepared a test package for jasper which takes care of nine CVEs and is available here. If you are interested in jasper, please download it and check whether everything is working in your environment. As upstream only takes care of CVEs/bugs at the moment, maybe we should not upload the old version with patches but the new version with all fixes. Any comments?

Other stuff

As it is again this time of the year, I would also like to draw some attention to the Debian Med Advent Calendar. Like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don’t hestitate, start to squash :-).

In November I also uploaded new versions of libmatthew-java, node-array-find-index, node-ejs, node-querystringify, node-require-dir, node-setimmediate, libkeepalive,
Further I added node-json5, node-emojis-list, node-big.js, node-eslint-plugin-flowtype to the NEW queue, sponsored an upload of node-lodash, adopted gnupg-pkcs11-scd, reverted the -fPIC-patch in libctl and fixed RC bugs in alljoyn-core-1504, alljoyn-core-1509, alljoyn-core-1604.

DOPOM: gnupg-pkcs11-scd – GnuPG smart-card daemon with PKCS#11 support

According to the Work-Needing and Prospective Packages page 1002 packages are ophaned at the moment. Why is this number always tending upwards?

Anyway, this month I adopted gnupg-pkcs11-scd. It did not migrate to testing for 1881 days and meanwhile got an RC bug for the openssl transition. So this was an ideal victim for DOPOM (Debian Orphaned Package Of the Month).

My Debian Activities in October 2016

FTP assistant

This month I caught up from last month and marked 317 packages for accept and rejected 23 packages. I also sent 5 emails to maintainers asking questions.

Debian LTS

This was my twenty-eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 13h. During that time I did uploads of

  • [DLA 645-1] bind9 security update
  • [DLA 646-1] zendframework security update
  • [DLA 665-1] libgd2 security update
  • [DLA 671-1] libxvmc security update
  • [DLA 672-1] bind9 security update
  • [DLA 691-1] libxml2 security update

The second upload of bind was an embargoed one.

Other stuff

I uploaded a new version of greylistd and fixed RC bug #837501. A new version of highlight.js fixed RC bug #830189. With a new upstream version of chktex I could close bugs #782342, #782343 and #819885. I also uploaded the new package node-random-bytes and new upstream versions of alljoyn-core-1604 and duktape

Finally, after about 4 years, I managed to upload entropybroker and instantly had to deal with #840018, #840019 and #840020. One cannot overemphasize the importance of our QA stuff!

I also uploaded a new version of libctl to solve the -fPIC issue but was asked short time after to revert that again :-(.

As already mentioned some days ago I adopted libmatthew-java. At that time about 956 package were orphaned and I asked everybody to adopt one of these packages. Unfortunately now there are 982 package orphaned. I guess I have to clear up a misunderstanding. You should adopt those packages and not oprhan more of them!