Posted on

My Debian Activities in November 2018

FTP master

This month I accepted 486 packages, which is twice as much as last month. On the other side I was a bit reluctant and rejected only 38 uploads. The overall number of packages that got accepted this month was 556.

Debian LTS

This was my fifty third month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS uploads or prepared security uploads of:

  • [DLA 1574-1] imagemagick security update for one CVE
  • [DLA 1586-1] openssl security update for two CVEs
  • [DLA 1587-1] pixman security update for one CVE
  • [DLA 1594-1] xml-security-c security update for one (temporary) CVE
  • [DLA 1595-1] gnuplot5 security update for three CVEs
  • [DLA 1597-1] gnuplot security update for three CVEs
  • [DLA 1602-1] nsis security update two CVEs

Thanks to Markus Koschany for testing my openssl package. It is really having a calming effect when a different pair of eyes has a quick look and does not start to scream.

I also started to work on the new CVEs of wireshark.

My debdiff of tiff was used by Moritz to doublecheck his and Lazlos work, and finally resulted in DSA 4349-1. Though not every debdiff will result in its own DSA , they are still useful for the security team. So always think of Stretch when you do a DLA.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the sixth ELTS month.

During my allocated time I uploaded:

  • ELA-58-1 for tiff3
  • ELA-59-1 for openssl
  • ELA-60-1 for pixman

I also started to work on the new CVEs of wireshark.

As like in LTS, I also did some days of frontdesk duties.

Other stuff

I improved packaging of …

  • libctl by finally moving to guile-2.2. Though guile-2.0 might not disappear completely in Buster, this is my first step to make it happen
  • mdns-scan
  • libjwt

I uploaded new upstream versions of …

Again I to sponsored some packages for Nicolas Mora. This time it were some dependencies for his new project taliesin, a lightweight audio media server with a REST API interface and a React JS client application. I am already anxious to give it a try :-).

As it is again this time of the year, I would also like to draw some attention to the Debian Med Advent Calendar. Like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don’t hestitate, start to squash :-).

Posted on

My Debian Activities in October 2018

FTP master

This month I accepted 211 packages, which is almost the same amount as last month. On the other side I was a bit reluctant and rejected only 36 uploads. The overall number of packages that got accepted this month was 370.

Debian LTS

This was my fifty second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30h. During that time I did LTS uploads or prepared security uploads of:

  • [DLA 1555-1] libmspack security update for two CVEs
  • [DLA 1556-1] paramiko security update for two CVEs
  • [DLA 1557-1] tiff security update for three CVEs
  • [DLA 1558-1] ruby2.1 security update for two CVEs
  • [DSA 4325-1] mosquitto security update for four CVEs
  • #912159 for libmspack and two CVEs in Stretch

I could also mark all emerging CVEs of wireshark as not affected for Jessie. I prepared a debdiff for ten CVEs affecting tiff in Stretch and sent it to the security team and the maintainer. Unfortunately it did not result in an upload yet.

I also worked on imagemagick and expect an upload soon.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the fifth ELTS month.

During my allocated time I uploaded:

  • ELA-52-1 for net-snmp

There was also one CVE for the python package requests, that could be marked as not-affected. The version in Wheezy did contain the correct code, whereas later versions contained the issue.

As like in LTS, I worked on wireshark (marking all CVEs as not-affected for Wheezy) and tiff3, but did not do an upload yet.

Moreover this was a strange month related to the packages I selected for work. So please everybody check twice whether to add an entry to ela-needed.txt.

As like in LTS, I also did some days of frontdesk duties.

Other stuff

I uploaded new upstream versions of …

Further I continued to sponsor some glewlwyd packages for Nicolas Mora. From my point of view he should become a DM now, so he started his NM process.

Posted on

My Debian Activities in September 2018

FTP master

As promised in an earlier post, I raised the number of accepted packages to 215, as well as the number of rejects to 69 this month. The overall number of packages that got accepted this month was 314.

Debian LTS

This was my fifty first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 29.25h. During that time I did LTS uploads or prepared security uploads of:

    [DLA 1508-1] suricata security update for one CVE
    [DLA 1515-1] hylafax security update for one CVE
    [DLA 1516-1] okular security update for one CVE
    [DSA 4303-1] okular security update for one CVE
    [DLA 1524-1] libxml2 security update for four CVEs
    [DLA 1525-1] mosquitto security update for three CVEs

I also sent a debdiff for wireshark in Stretch to the security team. They decided to use a newer version in Wireshark for Stretch. Maybe it would be a good idea to upload that version to Jessie as well.

Further I worked on an update for symfony, where I could mark most CVE as not-affected for Jessie. Still four CVEs are remaining and I am going to create patches for them. As opposed to this the CVEs for radare2 could be all marked as not-affected for Jessie.

Last but not least I did some days of frontdesk duties.

I am not sure whether this is a general trend or whether this is just related to the packages I choose. Compared with LTS for Wheezy more packages in Jessie have some kind of software test. Generally speaking this is a very good trend as one can feel more certain that any kind of patch does not break the software. On the other hand this also doubles the effort to backport patches for older versions of the software. One has to backport not only the patch itself but also the corresponding tests. Especially as the test framework develops as fast as the software and everybody wants to use their own invention.

Debian ELTS

This month was the fourth ELTS month.

During my allocated time I uploaded:

  • ELA-44-1 for suricata
  • ELA-46-1 for libxml2
  • ELA-47-1 for python2.7
  • ELA-48-1 for python2.6

As like in LTS, I also did some days of frontdesk duties.

Other stuff

I improved packaging of …

The DOPOM (Debian Orphaned Package Of the Month) of this month has been arpalert.

I also became member of the varnish-team and will try to help packaging varnish

Further I continued to sponsor some glewlwyd packages for Nicolas Mora.

Posted on

My Debian Activities in August 2018

FTP master

This month was again dominated by warm weather and spending time outside is more enjoyable than spending time in NEW. So I only accepted 177 packages and rejected 2 uploads. The overall number of packages that got accepted this month was 400. Unfortunately it is becoming cold outside, so expect more REJECTS!

Debian LTS

This was my fiftieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 23.75h. During that time I did LTS uploads of:

    [DLA 1468-1] fuse security update one CVE
    [DLA 1471-1] kamailio security update one CVE
    [DLA 1477-1] libgit2 security update three CVEs
    [DLA 1485-1] bind9 security update one CVE
    [DLA 1487-1] libtirpc security update one CVE

I also sent a debdiff for libgit2 in Stretch to the security team, which was not yet processed.

This month it was not that hard to understand the patches, but I had to struggle with different testing frameworks. One always crashed due to API changes and one made funny things when run as root. Nevertheless I am still glad about software that does at least some kind of testing!

Anyway, I also started looking at the CVEs of suricata and symfony and I am afraid it is not going to be easier …

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the third ELTS month.

During my allocated time I uploaded:

  • ELA-25-1 for libcgroup
  • ELA-26-1 for libxcursor
  • ELA-31-1 for bind9
  • ELA-33-1 for libtirpc

As like in LTS, I also did some days of frontdesk duties.

Other stuff

I uploaded a new upstream version of …

.. and fixed a lot of bugs.

I improved packaging of …

The DOPOM (Debian Orphaned Package Of the Month) of this month has been mdns-scan. As it was abandoned by upstream, I intend to become that as well.

Posted on

My Debian Activities in July 2018

FTP master

This month was dominated by warm weather and I spent more time in a swimming pool than in the NEW queue. So I only accepted 149 packages and rejected 5 uploads. The overall number of packages that got accepted this month was 380.

Debian LTS

This was my forty ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30.00h. During that time I did LTS uploads of:

    [DLA 1428-1] 389-ds-base security update for 5 CVEs
    [DLA 1430-1] taglib security update for one CVE
    [DLA 1433-1] openjpeg2 security update for two CVEs
    [DLA 1437-1] slurm-llnl security update for two CVEs
    [DLA 1438-1] opencv security update for 17 CVEs
    [DLA 1439-1] resiprocate security update for two CVEs
    [DLA 1444-1] vim-syntastic security update for one CVE
    [DLA 1451-1] wireshark security update for 7 CVEs

Further I started to work on libgit and fuse. Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the second ELTS month.

During my allocated time I uploaded:

  • ELA-23-1 for wireshark
  • ELA-24-1 for fuse

I also tried to work on qemu but had to confess that those CVEs are far beyond my capabilities. Luckily qemu is no longer on the list of supported packages for ELTS. As there seemed to be some scheduling difficulties I stepped in and did 1.5 weeks of frontdesk duties.

Other stuff

This month I uploaded new packages of

  • pywws, a software to obtain data from some wheather stations
  • osmo-msc, a software from Osmocom

Further I continued to sponsor some glewlwyd packages for Nicolas Mora.

I also uploaded a new upstream version of …

I improved packaging of …

and fixed some bugs in …

The DOPOM (Debian Orphaned Package Of the Month) of this month has been sockstat. As there was a BUG about IPv6 support and upstream doesn’t seem to be active anymore, I revived it on github.

Posted on

My Debian Activities in June 2018

FTP master

This month I accepted 166 packages and rejected only 7 uploads. The overall number of packages that got accepted this month was 216.

Debian LTS

This was my forty eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 23.75h. During that time I did LTS uploads of:

  • [DLA 1404-1] lava-server security update for one CVE
  • [DLA 1403-1] zendframework security update for one CVE
  • [DLA 1409-1] mosquitto security update for two CVE
  • [DLA 1408-1] simplesamlphp security update for two CVE

I also prepared a test package for slurm-llnl but got no feadback yet *hint* *hint*.

This month has been the end of Wheezy LTS and the beginning of Jessie LTS. After asking Ansgar, I did the reconfiguration of the upload queues on seger to remove the embargoed queue for Jessie and reduce the number of supported architectures.

Further I started to work on opencv.

Unfortunately the normal locking mechanism for work on packages by claiming the package in dla-needed.txt did not really work during the transition. As a result I worked on libidn and mercurial parallel to others. There seems to be room for improvement for the next transition.

Last but not least I did one week of frontdesk duties.

Debian ELTS

This month was the first ELTS month.

During my allocated time I made the first CVE triage in my week of frontdesk duties, extended the check-syntax part in the ELTS security tracker and uploaded:

  • ELA-3-1 for file
  • ELA-4-1 for openssl

Other stuff

During June I continued the libosmocore transition but could not finish it. I hope I can upload all missing packages in July.

Further I continued to sponsor some glewlwyd packages for Nicolas Mora.

The DOPOM package for this month was dvbstream.

I also upload a new upstream version of …

Posted on

My Debian Activities in May 2018

FTP master

This month I accepted 304 packages and rejected 20 uploads. The overall number of packages that got accepted this month was 420.

Debian LTS

This was my forty seventh month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 24.25h. During that time I did LTS uploads of:

    [DLA 1387-1] cups security update for one CVE
    [DLA 1388-1] wireshark security update for 9 CVEs

I continued to work on the bunch of wireshark CVEs and sorted all out that did not affect Jessie or Stretch. At the end I sent my dediff with patches for 20 Jessie CVEs and 38 CVES for Stretch to Moritz so that he could compare them with his own work. Unfortunately he didn’t use all of them.

The CVEs for krb5 were marked as no-dsa by the security team, so there was no upload for Wheezy. Building the package for cups was a bit annoying as the test suite didn’t want to run in the beginning.

I also tested the apache2 package from Roberto twice and let the package do a second round before the final upload.

Last but not least I did a week of frontdesk duties and prepared my new working environment for Jessie LTS and Wheezy ELTS.

Other stuff

During May I did uploads of …

  • libmatthew-java to fix a FTBFS with Java 9 due to a disappearing javah. In the end it resulted in a new upstream version.

I also prepared the next libosmocore transistion by uploading several osmocom packages to experimental. This has to continue in June.

Further I sponsored some glewlwyd packages for Nicolas Mora. He is right on his way to become a Debian Maintainer.

Last but not least I uploaded the new package libterm-readline-ttytter-per, which is needed to bring readline functionality to oysttyer, a command line twitter client.

Posted on

My Debian Activities in May 2018

FTP master

This month I accepted 304 packages and rejected 20 uploads. The overall number of packages that got accepted this month was 420.

Debian LTS

This was my forty seventh month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 24.25h. During that time I did LTS uploads of:

    [DLA 1387-1] cups security update for one CVE
    [DLA 1388-1] wireshark security update for 9 CVEs

I continued to work on the bunch of wireshark CVEs and sorted all out that did not affect Jessie or Stretch. At the end I sent my dediff with patches for 20 Jessie CVEs and 38 CVES for Stretch to Moritz so that he could compare them with his own work. Unfortunately he didn’t use all of them.

The CVEs for krb5 were marked as no-dsa by the security team, so there was no upload for Wheezy. Building the package for cups was a bit annoying as the test suite didn’t want to run in the beginning.

I also tested the apache2 package from Roberto twice and let the package do a second round before the final upload.

Last but not least I did a week of frontdesk duties and prepared my new working environment for Jessie LTS and Wheezy ELTS.

Other stuff

During May I did uploads of …

  • libmatthew-java to fix a FTBFS with Java 9 due to a disappearing javah. In the end it resulted in a new upstream version.

I also prepared the next libosmocore transistion by uploading several osmocom packages to experimental. This has to continue in June.

Further I sponsored some glewlwyd packages for Nicolas Mora. He is right on his way to become a Debian Maintainer.

Last but not least I uploaded the new package libterm-readline-ttytter-per, which is needed to bring readline functionality to oysttyer, a command line twitter client.

Posted on

My Debian Activities in April 2018

FTP master

This month I accepted 145 packages and rejected 5 uploads. The overall number of packages that got accepted this month was 260.

Debian LTS

This was my forty sixth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 16.25h. During that time I did LTS uploads of:

    [DLA 1353-1] wireshark security update for 12 CVEs
    [DLA 1364-1] openslp-dfsg security update for one CVE
    [DLA 1367-1] slurm-llnl security update for one CVE

I also started to work on the next bunch of wireshark CVEs and I intend to upload packages for Jessie and Stretch as well.
Other packages I started are krb5 and cups.

Last but not least I did a week of frontdesk duties, where I check lots of CVEs for their impact on Wheezy.

Other stuff

During April I did uploads of …

  • pescetti to fix a FTBFS with Java 9 due to -source/-target only
  • salliere to fix a FTBFS with Java 9 due to -source/-target only
  • libb64 to fix a FTCBFS
  • chktex to fix a FTBFS with TeX Live 2018

Thanks to all the people who sent patches!

I also finished the libosmocore transistion this month by uploading the following osmocom packages to unstable and alongside fixing some bugs that our tireless QA tools detected:

Further I uploaded osmo-fl2k already two days after release. It is a nice software that enables an USB-VGA converter to be used as transmitter for all kind of signals. Of course just use it in a shielded room!

As Nicolas Mora, the upstream author of the oauth2 server glewlwyd, wanted to be more involved in Debian packaging, I sponsored some of his first packages. They are all new versions of his software:

I also uploaded a new upstream version of dateutils.

Last but not least I worked on some apcupsd bugs and I am down to 16 bugs now.

Posted on

Fun with broken harddisks

Today I needed to replace a faulty harddisk, which had a GPT, in a software RAID1. A GPT is a Guid Partition Table and is normally needed for partitions > 2TB. But wait, my external harddisk has 4TB and it uses an MBR (Master Boot Record)!?

In an MBR the partition size is stored in four bytes, which could have 0xFFFFFFFF as a maximum value. This would be 4294967295 in decimal. But the partition size is not given in bytes but in sectors. On Linux systems the sector size of an attached harddisk can be found in /sys/block/sd[X]/queue/hw_sector_size.

root@server:~ # cat /sys/block/sdd/queue/hw_sector_size
512

This is the normal sector size of a harddisk, so 4294967295 sectors of 512 bytes result in 2TB.

Luckily some external harddisks have a sector size of 4096 bytes.

root@server:~ # cat /sys/block/sda/queue/hw_sector_size
4096

This results in a partition size of 16TB.

Anyway, my disk had a GPT and after installing the new harddisk, it had to get a copy of the GPT of the first one. This can be done with sgdisk, that is part of package gdisk on Debian systems. So after doing apt-get install gdisk one can:

sgdisk --replicate=/dev/sdb /dev/sda

In this case /dev/sda is the source disk and /dev/sdb is the new one.

You can see the GPT with:

sgdisk -p /dev/sda
sgdisk -p /dev/sdb

Due to the cloning, both disks have the same GUID and to avoid hassle, the new one needs a new GUID. This is done with:

sgdisk -G /dev/sdb

The structure of the software raid can be seen in /proc/mdstat. In my case I have three md devices: md0, md1 and md2
On my system md0 currently has only one active member /dev/sda2. So /dev/sdb2 has to be added:

mdadm /dev/md0 --manage --add /dev/sdb2

As this is just a small partition, it took only a few seconds and syslog showed:

[ 5881.551829] md: bind
[ 5881.581014] RAID1 conf printout:
[ 5881.581020] --- wd:1 rd:2
[ 5881.581026] disk 0, wo:0, o:1, dev:sda2
[ 5881.581030] disk 1, wo:1, o:1, dev:sdb2
[ 5881.581174] md: recovery of RAID array md0
[ 5881.581180] md: minimum _guaranteed_ speed: 1000 KB/sec/disk.
[ 5881.581186] md: using maximum available idle IO bandwidth (but not more than 200000 KB/sec) for recovery.
[ 5881.581195] md: using 128k window, over a total of 499988k.
[ 5889.511049] md: md0: recovery done.
[ 5889.614014] RAID1 conf printout:
[ 5889.614020] --- wd:2 rd:2
[ 5889.614026] disk 0, wo:0, o:1, dev:sda2
[ 5889.614031] disk 1, wo:0, o:1, dev:sdb2

The same needs to be done for the other partitions:
mdadm /dev/md1 --manage --add /dev/sdb3
mdadm /dev/md2 --manage --add /dev/sdb4

They are way bigger and recovery of the RAID lasts a bit longer. But finally everything is done and nagios switches back from red to green. Mission accomplished!