Posted on

My Debian Activities in June 2023

FTP master

This month I accepted 221 and rejected 33 packages. The overall number of packages that got accepted was 221.

Yeah, Bookworm was released this month. Thanks a lot to everybody who was involved in doing this.

Debian LTS

This was my hundred-eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. 

This month my all in all workload has been 14h.

During that time I uploaded:

  • [DLA 3440-1] cups security update for one CVE (as the CVE was embargoed, most of the work was done in May but the upload happened in June)
  • [unstable] upload of cups 2.4.2-4 to fix CVE-2023-32324
  • [DLA 3461-1] libfastjson security update for one CVE
  • [DLA 3465-1] minidlna security update for one CVE
  • [DLA 3476-1] cups security update for one CVE
  • [unstable] upload of cups 2.4.2-5 to fix CVE-2023-34241
  • [#1039026] pu-bug for cups to fix CVE-2023-32324 and CVE-2023-34241 in Bookworm; upload was done as well
  • [#1039040] pu-bug for cups to fix CVE-2023-32324 and CVE-2023-34241 in Bullseye; upload was done as well

I also did some work on security-master to inject missing dependencies for some packages and processed NEW.

Last but not least I did some days on frontdesk duties and took part in the LTS meeting.

Debian ELTS

This month was the fifty ninth ELTS month.

  • [ELA-860-1] cups security update in Jessie and Stretch for one CVE
  • [ELA-872-1] libfastjson security update in Stretch for one CVE
  • [ELA-887-1]cups security update in Jessie and Stretch for one CVE

I also made some progress with the openssl1.0 update.

Last but not least I did some days on frontdesk duties.

Debian Astro

This month I uploaded some packages to fix one or the other issue:

This month I even uploaded a new package c-munipack, which is more or less the successor of munipack, and can be used for example to analyse light curves of variable stars.
Another new package is virtualgps, where the name says it all.

Debian Printing

This month I did a security upload of cpdb-libs to fix a CVE in Unstable, Bookworm and Bullseye.
This work is generously funded by Freexian!

Debian Mobcom

This month I could upload a new version of:

Other stuff

This month I restarted DOPOM (Debian Orphaned Package Of the Month) and adopted:

Hopefully this will result in a new upload of vdr-plugin-live. I would like to have this package for my personal VDR.

I also did an upload of:

Posted on

My Debian Activities in August 2019

FTP master

This month the numbers went up again and I accepted 389 packages and rejected 43. The overall number of packages that got accepted was 460.

Debian LTS

This was my sixty second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 21.75h. During that time I did LTS uploads of:

  • [DLA 1887-1] freetype security update for one CVE
  • [DLA 1889-1] python3.4 security update for one CVE
  • [DLA 1893-1] cups security update for two CVEs
  • [DLA 1895-1] libmspack security update for one CVE
  • [DLA 1894-1] libapache2-mod-auth-openidc security update for one CVE
  • [DLA 1897-1] tiff security update for one CVE
  • [DLA 1902-1] djvulibre security update for four CVEs
  • [DLA 1904-1] libextractor security update for one CVE
  • [DLA 1906-1] python2.7 security update for one CVE

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the fifteenth ELTS month.

During my allocated time I uploaded:

  • ELA-155-1 of cups
  • ELA-157-1 of djvulibre
  • ELA-158-1 of python2.7

I spent some time to work on tiff3 only to find that the affected features are not yet available.

I also did some days of frontdesk duties.

Other stuff

This month I uploaded new packages of …

I also uploaded new upstream versions of …

I improved packaging of …

On my Go challenge I uploaded golang-github-gin-contrib-static, golang-github-gin-contrib-cors, golang-github-yourbasic-graph, golang-github-cnf-structhash, golang-github-deanthompson-ginpprof, golang-github-jarcoal-httpmock, golang-github-gin-contrib-gzip, golang-github-mcuadros-go-gin-prometheus, golang-github-abdullin-seq, golang-github-centurylinkcloud-clc-sdk, golang-github-ziutek-mymysql, golang-github-terra-farm-udnssdk, golang-github-ensighten-udnssdk, golang-github-sethvargo-go-fastly.

I again reuploaded some go packages (golang-github-go-xorm-core, golang-github-jarcoal-httpmock, golang-github-mcuadros-go-gin-prometheus, golang-github-deanthompson-ginpprof, golang-github-gin-contrib-cors, golang-github-gin-contrib-gzip, golang-github-gin-contrib-static, golang-github-cyberdelia-heroku-go, golang-github-corpix-uarand, golang-github-cnf-structhash, golang-github-rs-zerolog, golang-gopkg-ldap.v3, golang-github-yourbasic-graph, golang-github-ovh-go-ovh, , that would not migrate due to being binary uploads before.

I also sponsored the following packages: golang-github-jesseduffield-gocui, printrun, cura-engine, theme-d, theme-d-gnome.

The DOPOM package for this month was gengetopt.

Posted on

My Debian Activities in September 2018

FTP master

As promised in an earlier post, I raised the number of accepted packages to 215, as well as the number of rejects to 69 this month. The overall number of packages that got accepted this month was 314.

Debian LTS

This was my fifty first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 29.25h. During that time I did LTS uploads or prepared security uploads of:

    [DLA 1508-1] suricata security update for one CVE
    [DLA 1515-1] hylafax security update for one CVE
    [DLA 1516-1] okular security update for one CVE
    [DSA 4303-1] okular security update for one CVE
    [DLA 1524-1] libxml2 security update for four CVEs
    [DLA 1525-1] mosquitto security update for three CVEs

I also sent a debdiff for wireshark in Stretch to the security team. They decided to use a newer version in Wireshark for Stretch. Maybe it would be a good idea to upload that version to Jessie as well.

Further I worked on an update for symfony, where I could mark most CVE as not-affected for Jessie. Still four CVEs are remaining and I am going to create patches for them. As opposed to this the CVEs for radare2 could be all marked as not-affected for Jessie.

Last but not least I did some days of frontdesk duties.

I am not sure whether this is a general trend or whether this is just related to the packages I choose. Compared with LTS for Wheezy more packages in Jessie have some kind of software test. Generally speaking this is a very good trend as one can feel more certain that any kind of patch does not break the software. On the other hand this also doubles the effort to backport patches for older versions of the software. One has to backport not only the patch itself but also the corresponding tests. Especially as the test framework develops as fast as the software and everybody wants to use their own invention.

Debian ELTS

This month was the fourth ELTS month.

During my allocated time I uploaded:

  • ELA-44-1 for suricata
  • ELA-46-1 for libxml2
  • ELA-47-1 for python2.7
  • ELA-48-1 for python2.6

As like in LTS, I also did some days of frontdesk duties.

Other stuff

I improved packaging of …

The DOPOM (Debian Orphaned Package Of the Month) of this month has been arpalert.

I also became member of the varnish-team and will try to help packaging varnish

Further I continued to sponsor some glewlwyd packages for Nicolas Mora.

Posted on

My Debian Activities in August 2018

FTP master

This month was again dominated by warm weather and spending time outside is more enjoyable than spending time in NEW. So I only accepted 177 packages and rejected 2 uploads. The overall number of packages that got accepted this month was 400. Unfortunately it is becoming cold outside, so expect more REJECTS!

Debian LTS

This was my fiftieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 23.75h. During that time I did LTS uploads of:

    [DLA 1468-1] fuse security update one CVE
    [DLA 1471-1] kamailio security update one CVE
    [DLA 1477-1] libgit2 security update three CVEs
    [DLA 1485-1] bind9 security update one CVE
    [DLA 1487-1] libtirpc security update one CVE

I also sent a debdiff for libgit2 in Stretch to the security team, which was not yet processed.

This month it was not that hard to understand the patches, but I had to struggle with different testing frameworks. One always crashed due to API changes and one made funny things when run as root. Nevertheless I am still glad about software that does at least some kind of testing!

Anyway, I also started looking at the CVEs of suricata and symfony and I am afraid it is not going to be easier …

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the third ELTS month.

During my allocated time I uploaded:

  • ELA-25-1 for libcgroup
  • ELA-26-1 for libxcursor
  • ELA-31-1 for bind9
  • ELA-33-1 for libtirpc

As like in LTS, I also did some days of frontdesk duties.

Other stuff

I uploaded a new upstream version of …

.. and fixed a lot of bugs.

I improved packaging of …

The DOPOM (Debian Orphaned Package Of the Month) of this month has been mdns-scan. As it was abandoned by upstream, I intend to become that as well.

Posted on

My Debian Activities in July 2018

FTP master

This month was dominated by warm weather and I spent more time in a swimming pool than in the NEW queue. So I only accepted 149 packages and rejected 5 uploads. The overall number of packages that got accepted this month was 380.

Debian LTS

This was my forty ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 30.00h. During that time I did LTS uploads of:

    [DLA 1428-1] 389-ds-base security update for 5 CVEs
    [DLA 1430-1] taglib security update for one CVE
    [DLA 1433-1] openjpeg2 security update for two CVEs
    [DLA 1437-1] slurm-llnl security update for two CVEs
    [DLA 1438-1] opencv security update for 17 CVEs
    [DLA 1439-1] resiprocate security update for two CVEs
    [DLA 1444-1] vim-syntastic security update for one CVE
    [DLA 1451-1] wireshark security update for 7 CVEs

Further I started to work on libgit and fuse. Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the second ELTS month.

During my allocated time I uploaded:

  • ELA-23-1 for wireshark
  • ELA-24-1 for fuse

I also tried to work on qemu but had to confess that those CVEs are far beyond my capabilities. Luckily qemu is no longer on the list of supported packages for ELTS. As there seemed to be some scheduling difficulties I stepped in and did 1.5 weeks of frontdesk duties.

Other stuff

This month I uploaded new packages of

  • pywws, a software to obtain data from some wheather stations
  • osmo-msc, a software from Osmocom

Further I continued to sponsor some glewlwyd packages for Nicolas Mora.

I also uploaded a new upstream version of …

I improved packaging of …

and fixed some bugs in …

The DOPOM (Debian Orphaned Package Of the Month) of this month has been sockstat. As there was a BUG about IPv6 support and upstream doesn’t seem to be active anymore, I revived it on github.

Posted on

My Debian Activities in June 2018

FTP master

This month I accepted 166 packages and rejected only 7 uploads. The overall number of packages that got accepted this month was 216.

Debian LTS

This was my forty eighth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 23.75h. During that time I did LTS uploads of:

  • [DLA 1404-1] lava-server security update for one CVE
  • [DLA 1403-1] zendframework security update for one CVE
  • [DLA 1409-1] mosquitto security update for two CVE
  • [DLA 1408-1] simplesamlphp security update for two CVE

I also prepared a test package for slurm-llnl but got no feadback yet *hint* *hint*.

This month has been the end of Wheezy LTS and the beginning of Jessie LTS. After asking Ansgar, I did the reconfiguration of the upload queues on seger to remove the embargoed queue for Jessie and reduce the number of supported architectures.

Further I started to work on opencv.

Unfortunately the normal locking mechanism for work on packages by claiming the package in dla-needed.txt did not really work during the transition. As a result I worked on libidn and mercurial parallel to others. There seems to be room for improvement for the next transition.

Last but not least I did one week of frontdesk duties.

Debian ELTS

This month was the first ELTS month.

During my allocated time I made the first CVE triage in my week of frontdesk duties, extended the check-syntax part in the ELTS security tracker and uploaded:

  • ELA-3-1 for file
  • ELA-4-1 for openssl

Other stuff

During June I continued the libosmocore transition but could not finish it. I hope I can upload all missing packages in July.

Further I continued to sponsor some glewlwyd packages for Nicolas Mora.

The DOPOM package for this month was dvbstream.

I also upload a new upstream version of …

Posted on

My Debian Activities in November 2017

FTP master

As you might have read elsewhere, I am no longer an FTP assistant. I am very delighted about my new delegation as FTP master.

So this month I almost doubled the number of accepted packages to 385 packages and rejected 60 uploads. The overall number of packages that got accepted this month was 448.

Debian LTS

This was my forty first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 13h. During that time I did LTS uploads of:

  • [DLA 1188-1] libxml2 security update one CVE
  • [DLA 1191-1] python-werkzeug security update one CVE
  • [DLA 1192-1] libofx security update two CVEs
  • [DLA 1195-1] curl security update one CVE
  • [DLA 1194-1] libxml2 security update two CVEs

I also took care of an rsync issue and continued to work on wireshark.

Other stuff

During November I uploaded new upstream versions of …

I also did uploads of …

  • openoverlayrouter to change the source package Section: and fix some problems in Ubuntu
  • duktape to not only provide a shared library but also a pkg-config file
  • astronomical-almanac to make Helmut happy and fix a FTCBFS where he also provided the patch

Last month I wrote about apcupsd as the DOPOM of October. Unfortunately in November was the next power outage due to some malfunction in a transformer station. I never would have guessed that such a malfunction can do so much harm within the power grid. Anyway, the power was back after 31 minutes and my batteries would have lasted 34 minutes before turning off all computer. At least my spec was correct :-).

The DOPOM for this month has been dateutils.

As it is again this time of the year, I would also like to draw some attention to the Debian Med Advent Calendar. Like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don’t hestitate, start to squash :-).

Last but not least I sponsored the upload of evqueue-core.

Posted on

My Debian Activities in October 2017

FTP assistant

Again, this month almost the same numbers as last month appeared in the statistics. I accepted 214 packages and rejected 22 uploads. The overall number of packages that got accepted this month was only 339.

Debian LTS

This was my fortieth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 20.75h. During that time I did LTS uploads of:

  • [DLA 1125-1] botan1.10 security update for one CVE
  • [DLA 1127-1] sam2p security update for 6 CVEs
  • [DLA 1143-1] curl security update for one CVE
  • [DLA 1149-1] wget security update for two CVEs

I also took care of radare2 twice and marked all four CVEs as not-affected for Wheezy and Jessie. As nobody else wanted to address the issues in wireshark yet, I now started to work on this package.

Last but not least I did one week of frontdesk duties.

Other stuff

During October I took care of some bugs and at one go uploaded new upstream versions of hoel and duktape (this had to be done twice as I introduced an new bug with the first upload :-(). I only fixed bugs in glewlwyd and smstools. This month I also sponsored an upload of printrun.

After about ten years of living without any power outage, some construction worker decided to cut a cable near my place. Unfortunately one of my computers used for recording TV shows did not boot after the cable had been repaired and I had to switch some timers to other boxes. All in all this was too much stress and I purchased some USVs from APC. As apcupsd was orphaned, I took the opportunity to adopt it as DOPOM for this month.

My license pasting project now contains 31 license templates for your debian/copyright. The list of available texts can be obtained with:

curl http://licapi.debian.net/template

The license text itself is available under the given links, for example with

curl http://licapi.debian.net/template/Apache-2

  • http://licapi.debian.net/template/Apache-2
  • http://licapi.debian.net/template/Artistic-2.0
  • http://licapi.debian.net/template/BSL-1.0
  • http://licapi.debian.net/template/CC0
  • http://licapi.debian.net/template/CC-BY-3.0
  • http://licapi.debian.net/template/CC-BY-4.0
  • http://licapi.debian.net/template/CC-BY-SA-3.0
  • http://licapi.debian.net/template/CC-BY-SA-4.0
  • http://licapi.debian.net/template/Cygwin
  • http://licapi.debian.net/template/EPL-1.0
  • http://licapi.debian.net/template/Expat
  • http://licapi.debian.net/template/GPL-2
  • http://licapi.debian.net/template/GPL-2+
  • http://licapi.debian.net/template/GPL-3
  • http://licapi.debian.net/template/GPL-3+
  • http://licapi.debian.net/template/ISC
  • http://licapi.debian.net/template/LGPL-2
  • http://licapi.debian.net/template/LGPL-2+
  • http://licapi.debian.net/template/LGPL-2.1
  • http://licapi.debian.net/template/LGPL-2.1+
  • http://licapi.debian.net/template/LGPL-3
  • http://licapi.debian.net/template/LGPL-3+
  • http://licapi.debian.net/template/LPPL-1.2
  • http://licapi.debian.net/template/LPPL-1.3a
  • http://licapi.debian.net/template/LPPL-1.3c
  • http://licapi.debian.net/template/MPL-1.0
  • http://licapi.debian.net/template/MPL-1.1
  • http://licapi.debian.net/template/MPL-2.0
  • http://licapi.debian.net/template/OFL-1.0
  • http://licapi.debian.net/template/OFL-1.1
  • http://licapi.debian.net/template/Zlib
Posted on

My Debian Activities in September 2017

FTP assistant

This month almost the same numbers as last month appeared in the statistics. I accepted 213 packages and rejected 15 uploads. The overall number of packages that got accepted this month was 425.

Debian LTS

This was my thirty-ninth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 15.75h. During that time I did LTS uploads of:

  • [DLA 1109-1] libraw security update for one CVE
  • [DLA 1117-1] opencv security update for 13 CVEs

I also took care of libstrusts1.2-java and marked all CVEs as not-affected and I marked all CVEs for jasper as no-dsa. I also started to work on sam2p.

Just as I wanted to upload a new version of libofx, a new CVE was discovered that was not closed in time. I tried to find a patch on my own but had difficulties in reproducing this issue.

Other stuff

This month I made myself familiar with glewlwyd and according to upstream, the Debian packages work out-of-the box. However upstream does not stop working on that software, so I uploaded new versions of hoel, ulfius and glewlwyd.

As libjwt needs libb64, which was orphanded, I used it as DOPOM and adopted it.

Does anybody still know the Mayhem-bugs? I could close one by uploading an updated version of siggen.

I also went through my packages and looked for patches that piled up in the BTS. As a result i uploaded updated versions of radlib, te923con, node-starttls, harminv and uucp.

New upstream versions of openoverlayrouter and fasttree also made it into the archive.

Last but not least I moved several packages to the debian-mobcom group.

Posted on

My Debian Activities in August 2017

FTP assistant

This month I accepted 217 packages and rejected 16 uploads. Though this might seem to be a low number this month, I am very pleased about the total number of packages that have been accepted: 558.

Debian LTS

This was my thirty-eight month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 20.25h. During that time I did LTS uploads of:

  • [DLA 1055-1] libgd2 security update for one CVE
  • [DLA 1060-1] libxml2 security update for two CVEs
  • [DLA 1062-1] curl security update for one CVE
  • [DLA 1063-1] extplorer security update for one CVE
  • [DLA 1065-1] fontforge security update for 8 CVEs
  • [DLA 1082-1] graphicsmagick security update for 8 CVEs

I also did the upload and sent the DLA for [DLA 1061-1] newsbeuter security update

Last but not least I also spent some time for frontdesk duties.

Other stuff

As announced last month I finished uploading all dependencies of glewlwyd and now we have an oauth2 server available in Debian. This month I am trying to really use it and will tell you about my experiences.

As the severity of the gcc-7 bugs have been raised, I took care of: #853501, #853304, #853305, #853306, #853307, #853308 and #871088

I also uploaded a new version of duktape and now try to also provide a library that can be used in other packages.

Last but not least my DOPOM of this month has been oysttyer. Actually it is a new package, but as ttytter has been abandonded upstream, this is the replacement. It is a fork so you should only get a new authorization key and simply use it as ttytter before.