My Debian Activities in July 2021

FTP master

This month I accepted 13 and rejected 2 packages. The overall number of packages that got accepted was 13.

As the Release Team prefers not to have any new package upload to unstable, the numbers are this low. I am afraid there is some discussion needed after the release of Bullseye …

Debian LTS

This was my eighty-fifth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2720-1] aspell security update for two CVEs
  • [DLA 2722-1] libsndfile security update for one CVE
  • [DLA 2723-1] linuxptp security update for one CVE
  • prepared aspell update in Buster, which resulted in DSA 4948-1

I also made further progress on gpac and started to test the package now.

Last but not least I did some days of frontdesk duties. I am not sure whether it is just me, but I got the impression that nowadays lots of CVEs can be marked as not-affected in the corresponding Stretch-version. Most of the remaining CVEs only have a small security impact (if at all) and can be marked as no-dsa. So the number of packages that really need an update decreases steadily. Does that mean that all issues in older versions are fixed now? Or are people more focused on new features in software as it is easier to find issues in more or less unexplored code?

Debian ELTS

This month was the thirty-seventh ELTS month.

During my allocated time I uploaded:

  • ELA-461-1 for jasper
  • ELA-462-1 for aspell
  • ELA-464-1 for libsndfile

Last but not least I did some days of frontdesk duties. In ELTS the decreasing number of uploads, as mentioned above, seems to be even more clearly.

Other stuff

I played a bit with RISC-V and looked after some packages that did not build on that architecture. Generally this looks like fun but building packages with qemu dampens the mood a bit. So if anybody knows some hardware that runs Debian, that is available now and that does not cost more than my car, I would be happy to get some pointer.

This month I uploaded new upstream versions of:

to experimental.

I improved packaging and fixed bugs in:

On my neverending golang challenge I again uploaded some packages either for NEW or as source upload.

My Debian Activities in June 2021

FTP master

This month I accepted 105 and rejected 6 packages. The overall number of packages that got accepted was 111.

Debian LTS

This was my eighty-fourth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been almost 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2691-1] libgcrypt20 security update for one CVE
  • [DLA 2692-1] bluez security update for two CVEs
  • [DLA 2694-1] tiff security update for two CVEs
  • [DLA 2697-1] fluidsynth security update for one CVE
  • [DLA 2698-1] node-bl security update for one CVE
  • [DLA 2699-1] ipmitool security update for one CVE
  • PU bug #989815 ring/buster for one CVE

I also made further progress on gpac.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-sixth ELTS month.

During my allocated time I uploaded:

  • ELA-444-1 for libgcrypt20
  • ELA-445-1 for bluez
  • ELA-447-1 for tiff
  • ELA-450-1 for fluidsynth

Last but not least I did some days of frontdesk duties.

Other stuff

On my neverending golang challenge I again uploaded lots of packages either for NEW or as source upload.

My Debian Activities in April 2021

FTP master

This month I accepted 103 and rejected 10 packages, which is again an increase compared to last month. The overall number of packages that got accepted was only 107.

Debian LTS

This was my eighty-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2629-1] libebml security update for one CVE
  • debdiff for libebml/buster
  • [DLA 2636-1] pjproject security update for one CVE
  • NMU leptonlib/unstable for four CVEs
  • PU bug #987376 leptonlib/buster for four CVEs
  • debdiff for ring/unstable which resulted in upload of version 20210112.2.b757bac~ds1-1 that fixed two CVEs
  • PU bug #987246 tnef/buster for one CVE

I also created debdiffs of tnef and ring for other suites, which did not result in any upload yet. Further I started to work on gpac and struggle with dozens of issues here.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-fourth ELTS month.

Unfortunately my work on python2.7 and python3.4 did not result in an upload before the end of the month.

Last but not least I did some days of frontdesk duties.

Other stuff

On my neverending golang challenge I again uploaded lots of packages either for NEW or as source upload.

Last but not least I voted.

My Debian Activities in March 2021

FTP master

Things never turn out the way you expect, so this month I was only able to accept 38 packages and rejected none. Due to the freeze, the overall number of packages that got accepted was 88.

Debian LTS

This was my eighty-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2606-1] lxml security update for one CVE
  • [DSA 4880-1] lxml security update for one CVE
  • [DLA 2611-1] ldb security update for two CVEs
  • [DLA 2612-1] leptonlib security update for four CVEs

I also prepared debdiffs for unstable and/or buster for leptonlib and libebml, which for one reason or another did not result in an upload yet.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-third ELTS month.

During my allocated time I uploaded:

  • ELA-388-1 for zeromq3
  • ELA-390-1 for lxml
  • ELA-391-1 for jasper
  • ELA-393-1 for ldb
  • ELA-394-1 for leptonlib

Last but not least I did some days of frontdesk duties.

Other stuff

On my neverending golang challenge I uploaded (or sponsored for thola dependencies):
golang-github-tombuildsstuff-giovanni, golang-github-apparentlymart-go-userdirs, golang-github-apparentlymart-go-shquot, golang-github-likexian-gokit, olang-gopkg-mail.v2, golang-gopkg-redis.v5, golang-github-facette-natsort, golang-github-opentracing-contrib-go-grpc, golang-github-felixge-fgprof, golang-ithub-gogo-status, golang-github-leanovate-gopter, golang-github-opentracing-basictracer-go, golang-github-lightstep-lightstep-tracer-common, golang-github-o-sourcemap-sourcemap, golang-github-igm-pubsub, golang-github-igm-sockjs-go, golang-github-centrifugal-protocol, golang-github-mna-redisc, golang-github-fzambia-eagle, golang-github-centrifugal-centrifuge, golang-github-chromedp-sysutil, golang-github-client9-misspell, golang-github-knq-snaker, cdproto-gen, golang-github-mattermost-xml-roundtrip-validator, golang-github-crewjam-saml, ssllabs-scan, golang-uber-automaxprocs, golang-uber-goleak, golang-github-k0kubun-go-ansi, golang-github-schollz-progressbar, golang-github-komkom-toml, golang-github-labstack-echo, golang-github-inexio-go-monitoringplugin

My Debian Activities in February 2021

FTP master

This month I accepted 162 and rejected 28 packages, which is again a small increase compared to last month. The overall number of packages that got accepted was 291.

Debian LTS

This was my eightieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS and normal security uploads of:

  • [DLA 2551-1] slirp security update two CVEs
  • [DLA 2552-1] connman security update two CVEs
  • [DLA 2567-1] unrar-free security update three CVEs
  • [DLA 2566-1] libbsd security update one CVE
  • [DLA 2571-1] openvswitch security update six CVEs
  • [DLA 2572-1] wpa security update for one CVE

I also prepared debdiffs for golang-github-appc-cni, wpa and libbsd, which for one reason or another did not result in a DLA yet.

Moreover I did some NEW processing and other stuff on security-master.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-second ELTS month.

During my allocated time I uploaded:

  • ELA-367-1 for libbsd
  • ELA-368-1 for unrar-free
  • ELA-370-1 for wpa

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of:

My Debian Activities in January 2021

FTP master

This month I could increase my activities in NEW again and accepted 132 packages. Unfortunately I also had to reject 12 packages. The overall number of packages that got accepted was 374.

Debian LTS

This was my seventy-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 26h. During that time I did LTS and normal security uploads of:

  • [DSA 4823-1] influxdb security update for one CVE
  • [DLA 2536-1] libsdl2 security update for nine CVEs

With the buster upload of highlight.js I could finish to fix CVE-2020-26237 in all releases.

I also tried to fix one or the other CVE for golang packages, to be exact: golang-github-russellhaering-goxmldsig, golang-github-tidwall-match, golang-github-tidwall-gjson and golang-github-antchfx-xmlquery. The version in unstable is easily done by uploading a new upstream version after checking with ratt that all reverse-build-dependencies are still working. The next step will be to really upload all reverse-build-dependencies that need a new build. As the number of reverse-build-dependencies might be rather large, this needs to be done automatically somehow. The problem I am struggling with at the moment are packages that need to be rebuilt but the version in git already increased …

Another problem with golang packages are packages that are referenced by a Built-Using: line, but whose sources are not yet available on security-master. If this happens, the uploaded package will be automatically rejected. Unfortunately the rejection-email only contains the first missing package. So in order to reduce the hassle with such uploads, please send me the Built-Using:-line before the upload and I will import everything. In December/January this affected the uploads of influxdb and snapd.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirty-first ELTS month.

During my allocated time I uploaded:

  • ELA-351-1 for sudo
  • ELA-352-1 for dbus
  • ELA-353-1 for libsdl2

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of:

I improved packaging of:

The golang packages here are basically ones with a missing source upload. For whatever reason maintainers tend to forget about this …

My Debian Activities in December 2020

FTP master

This month I only accepted 8 packages and like last month rejected 0. Despite the holidays 293 packages got accepted.

Debian LTS

This was my seventy-eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 26h. During that time I did LTS uploads of:

  • [DLA 2489-1] minidlna security update for two CVEs
  • [DLA 2490-1] x11vnc security update for one CVE
  • [DLA 2501-1] influxdb security update for one CVE
  • [DLA 2511-1] highlight.js security update for one CVE

Unfortunately package slirp has the same version in Stretch and Buster. So I first had to upload slirp/1:1.0.17-11 to unstable, in order to be allowed to fix the CVE in Buster and to finally upload a new version to Stretch. Meanwhile the fix for Buster has been approved by the Release Team and I am waiting for the next point release now.

I also prepared a debdiff for influxdb, which will result in DSA-4823-1 in January.

As there appeared new CVEs for openjpeg2, I did not do an upload yet. This is planned for January now.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the thirtieth ELTS month.

During my allocated time I uploaded:

  • ELA-341-1 for highlight.js

As well as for LTS, I did not finish work on all CVEs of openjpeg2, so the upload is postponed to January.

Last but not least I did some days of frontdesk duties.

Unfortunately I also had to give back some hours.

Other stuff

This month I uploaded new upstream versions of:

I fixed one or two bugs in:

I improved packaging of:

Some packages just needed a source upload:

… and there have been even some new packages:

With these uploads I finished the libosmocom- and libctl-transitions.

The Debian Med Advent Calendar was again really successful this year. There was no new record, but with 109, the second most number of bugs has been closed.

year number of bugs closed
2011 63
2012 28
2013 73
2014 5
2015 150
2016 95
2017 105
2018 81
2019 104
2020 109

Well done everybody who participated. It is really nice to see that Andreas is no longer a lone wolf.

My Debian Activities in November 2020

FTP master

Unfortunately a day only has 24h. As the freeze is approaching, I had to concentrate a bit more on keeping my packages in shape. So this month I only accepted nine packages. The good news, I rejected no package. The overall number of packages that got accepted was 328.

Debian LTS

This was my seventy-seventh month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 22.75h. During that time I did LTS uploads of:

  • [DLA 2446-1] moin security update for two CVEs
  • [DLA 2451-1] libvncserver security update for one CVE
  • [DLA 2459-1] golang-1.7 security update for two CVEs
  • [DLA 2460-1] golang-1.8 security update for three CVEs
  • [DLA 2468-1] tcpflow security update for one CVE
  • [DLA 2469-1] qemu security update for five CVEs

I also started to work on x11vnc and slirp.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the twenty ninth ELTS month.

During my allocated time I uploaded:

  • ELA-319-1 for libass
  • ELA-320-1 for tcpflow
  • ELA-321-1 for qemu

Unfortunately I also had to give back some hours.

Last but not least I did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of:

I fixed one or two bugs in:

I improved packaging of:

… and there have been even some new packages:

As it is again this time of the year, I would also like to draw some attention to the Debian Med Advent Calendar. Like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don’t hesitate, start to squash :-).

The announcement on the mailing list can be found here.

My Debian Activities in October 2020

FTP master

This month I accepted 208 packages and rejected 29. The overall number of packages that got accepted was 563, so yeah, I was not alone this month :-).

Anyway, this month marked another milestone in my NEW package handling. My overall number of ACCEPTed package exceeded the magic number of 20000 packages. This is almost 30% of all packages accepted in Debian. I am a bit proud of this achievement.

Debian LTS

This was my seventy-sixth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 20.75h. During that time I did LTS uploads of:

  • [DLA 2415-1] freetype security update for one CVE
  • [DLA 2419-1] dompurify.js security update for two CVEs
  • [DLA 2418-1] libsndfile security update for eight CVEs
  • [DLA 2421-1] cimg security update for eight CVEs

I also started to work on golang-1.7 and golang-1.8

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the twenty eighth ELTS month.

During my allocated time I uploaded:

  • ELA-289-2 for python3.4
  • ELA-304-1 for freetype
  • ELA-305-1 for libsndfile

The first upload of python3.4, last month, did not build on armel, so I had to reupload an improved package this month. For amd64 and i386 the ELTS packages are built in native mode, whereas the packages on armel are cross-built. There is some magic in debian/rules of python to detect in which mode the package is built. This is important as some tests of the testsuite are not really working in cross-build-mode. Unfortunately I had to learn this the hard way …

The upload of libsndfile now aligns the number of fixed CVEs in all releases.

Last but not least I did some days of frontdesk duties.

Other stuff

Despite my NEW-handling and LTS/ELTS stuff I hadn’t much fun with Debian packages this month. Given the approaching freeze, I hope this will change again in November.

My Debian Activities in September 2020

FTP master

This month I accepted 278 packages and rejected 58. The overall number of packages that got accepted was 304.

Debian LTS

This was my seventy-fifth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 19.75h. During that time I did LTS uploads of:

  • [DLA 2382-1] curl security update for one CVE
  • [DLA 2383-1] nfdump security update for two CVEs
  • [DLA 2384-1] yaws security update for two CVEs

I also started to work on new issues of qemu but had to learn that most of the patches I found have not yet been approved by upstream. So I moved on to python3.5 and cimg. The latter is basically just a header file and I had to find its reverse dependencies to check whether all of them can still be built with the new cimg package. This is still WIP and I hope to upload new versions soon.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the twenty seventh ELTS month.

During my allocated time I uploaded:

  • ELA-284-1 for curl
  • ELA-288-1 for libxrender
  • ELA-289-1 for python3.4

Like in LTS, I also started to work on qemu and encountered the same problems as in LTS above.
When building the new python packages for ELTS and LTS, I used the same VM and encountered memory problems that resulted in random tests failing. This was really annoying as I spent some time just chasing the wind. So up to now only the LTS package got an update and the ELTS one has to wait for October.

Last but not least I did some days of frontdesk duties.

Other stuff

This month I only uploaded some packages to fix bugs: