My Debian Activities in March 2018

FTP master

This month I accepted 252 packages and rejected 23 uploads. The overall number of packages that got accepted this month was 308.

I also took care of #890944.

Debian LTS

This was my forty fifth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 23.25h. During that time I did LTS uploads of:

    [DLA 1313-1] isc-dhcp security update for two CVEs
    [DLA 1312-1] libvorbisidec security update for one CVE
    [DLA 1333-1] dovecot security update for three CVEs
    [DLA 1334-1] mosquitto security update two CVEs
    [DSA 4152-1] mupdf security update for two Jessie CVEs and two Stretch CVEs

I also prepared a test package for wireshark, fixing 12 CVEs. I am still waiting for feedback :-).

The issues for mupdf did not affect Wheezy, so there has been no DLA. Instead the security team accepted my debdiff for Jessie and Stretch and published a DSA. Thanks to Luciano for doing this.
As it turned out, the patch I found for icu last month had been the correct one. But as it did not affect Wheezy, there has been no DLA as well.

Last but not least I did one week of frontdesk duties.

Other stuff

During march I did uploads of …

  • libctl to fix a FTBFS during binary-indep-only build

I also moved all oauth2 related packages as well as cd5 to salsa.

Last but not least I took care of some old bugs in apcupsd that no longer seem to be relevant.

My Debian Activities in February 2018

FTP master

This month everything came back to normal and I accepted 272 packages and rejected 30 uploads. The overall number of packages that got accepted this month was 423.

Debian LTS

This was my forty fourth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 23.75h. During that time I did LTS uploads of:

  • [DLA 1279-1] clamav security update for two CVEs
  • [DLA 1286-1] quagga security update for three CVEs
  • [DLA 1290-1] libvpx security update for one CVE
  • [DSA 4125-1] wavpack security update for three Jessie CVEs and three Stretch CVEs

The issues for wavpack did not affect Wheezy, so there has been no DLA. Instead the security team accepted my debdiff for Jessie and Stretch and published a DSA. Thanks to Sebastien for doing this.
I also started to work on a fix for ICU. Unfortunately Moritz did not agree with me on the correct patch for this. As upstream did not respond to my query yet, I did not do an upload.
I also did not finish my work on opencv, I am still searching for the correct C++ template. On the other hand I finished work on 12 of 22 CVEs for wireshark. The rest will be done in March.

Other stuff

During February I uploaded new upstream versions of …

I also moved all alljoyn packages as well as a56 to salsa.

My Debian Activities in January 2018

FTP master

This month I was distracted from NEW by private stuff, so I only accepted 141 packages and rejected 4 uploads. The overall number of packages that got accepted this month was 361.

Almost two years ago Moritz filed #817286. After some time of inactivity, this bug draw CIP’s attention. Civil Infrastructure Platform is a project under the umbrella of the Linux Foundation. Their basic goal is to provide security support for a very long time (10 years for software and 15 years for the kernel).

As this bugs meets one of their goals, they would like to support Debian and are going to sponsor my work on this bug. So hopefully in the near future staging repositories will be available in Debian.

Debian LTS

This was my forty third month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 18.25h. During that time I did LTS uploads of:

  • [DLA 1235-1] opencv security update for two CVEs
  • [DLA 1252-1] couchdb security update for two CVEs
  • [DLA 1255-1] bind9 security update one CVE
  • [DLA 1258-1] wireshark security update for three CVEs
  • [DSA 4101-1] wireshark security update for three Jessie CVEs and three Stretch CVEs
  • [DLA 1263-1] curl security update one CVE

Unfortunately my debdiffs for opencv have not yet been processed by the security team. But as I also started to work on another round of CVEs for opencv, there will be another chance …

Last but not least I did one week of frontdesk duties.

Other stuff

During January I uploaded new upstream versions of …

First steps with arm64

As it was Christmas time recently, I wanted to allow oneself something special. So I ordered a Macchiatobin from SolidRun. Unfortunately they don’t exaggerate with their delivery times and I had to wait about two months for my device. I couldn’t celebrate Christmas time with it, but fortunately New Year.

Anyway, first I tried to use the included U-Boot to start the Debian installer on an USB stick. Oh boy, that was a bad idea and in retrospect just a waste of time. But there is debian-arm@l.d.o and Steve McIntyre was so kind to help me out of my vale of tears.

First I put the EDK2 flash image from Leif on an SD card, set the jumper on the board to boot from it (for the SD card boot, the right most jumper has to be set!) and off we go. Afterwards I put the debian-testing-arm64-netinst.iso on an USB stick and tried to start this. Unfortunately I was hit by #887110 and had to use a mini installer from here. Installation went smooth and as a last step I had to start the rescue mode and install grub to the removable media path. It is an extra point in the installer, so no need to enter cryptic commands :-).

Voila, rebooted and my Macchiatobin is up and running.

My Debian Activities in December 2017

FTP master

This month I accepted 222 packages and rejected 39 uploads. The overall number of packages that got accepted this month was 348.

According to the statistic I now passed the mark of 12000 accepted packages.

Debian LTS

This was my forty second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 14h. During that time I did LTS uploads of:

  • [DLA 1211-1] libxml2 security update for one CVE
  • [DLA 1213-1] openafs security update for one CVE
  • [DLA 1218-1] rsync security update for three CVEs
  • [DLA 1226-1] wireshark security update for four CVEs

I also started to work on opencv.

Last but not least I did one week of frontdesk duties.

Other stuff

During December I uploaded new upstream versions of …

I also did uploads of …

  • libosmocore to reintroduce the correct version of the library
  • gnupg-pkcs11-scd to finally depend on libssl-dev and libgcrypt20-dev
  • openbsc to fix a bug with libdbi
  • libsmpp34 to move the package to debian-mobcom
  • osmo-mgw to introduce the package to Debian
  • osmo-pcu to introduce the package to Debian
  • osmo-hlr to introduce the package to Debian
  • osmo-libasn1c to introduce the package to Debian
  • osmo-ggsn to introduce the package to Debian
  • libmatthew-java to fix a bug with java9 (thanks to Markus Koschany for the patch)

I also sponsored …

  • printrun, which really is a new upstream version!

My Debian Activities in November 2017

FTP master

As you might have read elsewhere, I am no longer an FTP assistant. I am very delighted about my new delegation as FTP master.

So this month I almost doubled the number of accepted packages to 385 packages and rejected 60 uploads. The overall number of packages that got accepted this month was 448.

Debian LTS

This was my forty first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 13h. During that time I did LTS uploads of:

  • [DLA 1188-1] libxml2 security update one CVE
  • [DLA 1191-1] python-werkzeug security update one CVE
  • [DLA 1192-1] libofx security update two CVEs
  • [DLA 1195-1] curl security update one CVE
  • [DLA 1194-1] libxml2 security update two CVEs

I also took care of an rsync issue and continued to work on wireshark.

Other stuff

During November I uploaded new upstream versions of …

I also did uploads of …

  • openoverlayrouter to change the source package Section: and fix some problems in Ubuntu
  • duktape to not only provide a shared library but also a pkg-config file
  • astronomical-almanac to make Helmut happy and fix a FTCBFS where he also provided the patch

Last month I wrote about apcupsd as the DOPOM of October. Unfortunately in November was the next power outage due to some malfunction in a transformer station. I never would have guessed that such a malfunction can do so much harm within the power grid. Anyway, the power was back after 31 minutes and my batteries would have lasted 34 minutes before turning off all computer. At least my spec was correct :-).

The DOPOM for this month has been dateutils.

As it is again this time of the year, I would also like to draw some attention to the Debian Med Advent Calendar. Like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don’t hestitate, start to squash :-).

Last but not least I sponsored the upload of evqueue-core.

My Debian Activities in October 2017

FTP assistant

Again, this month almost the same numbers as last month appeared in the statistics. I accepted 214 packages and rejected 22 uploads. The overall number of packages that got accepted this month was only 339.

Debian LTS

This was my fortieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 20.75h. During that time I did LTS uploads of:

  • [DLA 1125-1] botan1.10 security update for one CVE
  • [DLA 1127-1] sam2p security update for 6 CVEs
  • [DLA 1143-1] curl security update for one CVE
  • [DLA 1149-1] wget security update for two CVEs

I also took care of radare2 twice and marked all four CVEs as not-affected for Wheezy and Jessie. As nobody else wanted to address the issues in wireshark yet, I now started to work on this package.

Last but not least I did one week of frontdesk duties.

Other stuff

During October I took care of some bugs and at one go uploaded new upstream versions of hoel and duktape (this had to be done twice as I introduced an new bug with the first upload :-(). I only fixed bugs in glewlwyd and smstools. This month I also sponsored an upload of printrun.

After about ten years of living without any power outage, some construction worker decided to cut a cable near my place. Unfortunately one of my computers used for recording TV shows did not boot after the cable had been repaired and I had to switch some timers to other boxes. All in all this was too much stress and I purchased some USVs from APC. As apcupsd was orphaned, I took the opportunity to adopt it as DOPOM for this month.

My license pasting project now contains 31 license templates for your debian/copyright. The list of available texts can be obtained with:

curl http://licapi.debian.net/template

The license text itself is available under the given links, for example with

curl http://licapi.debian.net/template/Apache-2

  • http://licapi.debian.net/template/Apache-2
  • http://licapi.debian.net/template/Artistic-2.0
  • http://licapi.debian.net/template/BSL-1.0
  • http://licapi.debian.net/template/CC0
  • http://licapi.debian.net/template/CC-BY-3.0
  • http://licapi.debian.net/template/CC-BY-4.0
  • http://licapi.debian.net/template/CC-BY-SA-3.0
  • http://licapi.debian.net/template/CC-BY-SA-4.0
  • http://licapi.debian.net/template/Cygwin
  • http://licapi.debian.net/template/EPL-1.0
  • http://licapi.debian.net/template/Expat
  • http://licapi.debian.net/template/GPL-2
  • http://licapi.debian.net/template/GPL-2+
  • http://licapi.debian.net/template/GPL-3
  • http://licapi.debian.net/template/GPL-3+
  • http://licapi.debian.net/template/ISC
  • http://licapi.debian.net/template/LGPL-2
  • http://licapi.debian.net/template/LGPL-2+
  • http://licapi.debian.net/template/LGPL-2.1
  • http://licapi.debian.net/template/LGPL-2.1+
  • http://licapi.debian.net/template/LGPL-3
  • http://licapi.debian.net/template/LGPL-3+
  • http://licapi.debian.net/template/LPPL-1.2
  • http://licapi.debian.net/template/LPPL-1.3a
  • http://licapi.debian.net/template/LPPL-1.3c
  • http://licapi.debian.net/template/MPL-1.0
  • http://licapi.debian.net/template/MPL-1.1
  • http://licapi.debian.net/template/MPL-2.0
  • http://licapi.debian.net/template/OFL-1.0
  • http://licapi.debian.net/template/OFL-1.1
  • http://licapi.debian.net/template/Zlib

My Debian Activities in September 2017

FTP assistant

This month almost the same numbers as last month appeared in the statistics. I accepted 213 packages and rejected 15 uploads. The overall number of packages that got accepted this month was 425.

Debian LTS

This was my thirty-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 15.75h. During that time I did LTS uploads of:

  • [DLA 1109-1] libraw security update for one CVE
  • [DLA 1117-1] opencv security update for 13 CVEs

I also took care of libstrusts1.2-java and marked all CVEs as not-affected and I marked all CVEs for jasper as no-dsa. I also started to work on sam2p.

Just as I wanted to upload a new version of libofx, a new CVE was discovered that was not closed in time. I tried to find a patch on my own but had difficulties in reproducing this issue.

Other stuff

This month I made myself familiar with glewlwyd and according to upstream, the Debian packages work out-of-the box. However upstream does not stop working on that software, so I uploaded new versions of hoel, ulfius and glewlwyd.

As libjwt needs libb64, which was orphanded, I used it as DOPOM and adopted it.

Does anybody still know the Mayhem-bugs? I could close one by uploading an updated version of siggen.

I also went through my packages and looked for patches that piled up in the BTS. As a result i uploaded updated versions of radlib, te923con, node-starttls, harminv and uucp.

New upstream versions of openoverlayrouter and fasttree also made it into the archive.

Last but not least I moved several packages to the debian-mobcom group.

My Debian Activities in August 2017

FTP assistant

This month I accepted 217 packages and rejected 16 uploads. Though this might seem to be a low number this month, I am very pleased about the total number of packages that have been accepted: 558.

Debian LTS

This was my thirty-eight month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 20.25h. During that time I did LTS uploads of:

  • [DLA 1055-1] libgd2 security update for one CVE
  • [DLA 1060-1] libxml2 security update for two CVEs
  • [DLA 1062-1] curl security update for one CVE
  • [DLA 1063-1] extplorer security update for one CVE
  • [DLA 1065-1] fontforge security update for 8 CVEs
  • [DLA 1082-1] graphicsmagick security update for 8 CVEs

I also did the upload and sent the DLA for [DLA 1061-1] newsbeuter security update

Last but not least I also spent some time for frontdesk duties.

Other stuff

As announced last month I finished uploading all dependencies of glewlwyd and now we have an oauth2 server available in Debian. This month I am trying to really use it and will tell you about my experiences.

As the severity of the gcc-7 bugs have been raised, I took care of: #853501, #853304, #853305, #853306, #853307, #853308 and #871088

I also uploaded a new version of duktape and now try to also provide a library that can be used in other packages.

Last but not least my DOPOM of this month has been oysttyer. Actually it is a new package, but as ttytter has been abandonded upstream, this is the replacement. It is a fork so you should only get a new authorization key and simply use it as ttytter before.