My Debian Activities in January 2024

FTP master

This month I accepted 333 and rejected 31 packages. The overall number of packages that got accepted was 342.

Hooray, I already accepted package number 30000.

The statistic, where I get my numbers from, started in February 2002. Up to now 81694 packages got accepted. Given that I accepted package 20000 in October 2020, would I be able to accept half of the packages that made it through NEW?

Debian LTS

This was my hundred-fifteenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

During my allocated time I uploaded:

  • [DLA 3726-1] bind9 security update for one CVEs to fix stack exhaustion
  • [#1060186] Bookworm PU-bug for libde265; yes, this is a new one.
  • [#1056935] Bullseye PU-bug for libde; yes, this is a new one as well

This month I was finally able to really run the test suite of bind9. I already wanted to give up with this package, but Santiago encouraged me to proceed. So, here you are fixed-Buster-version. Jessie and Stretch have to wait a bit until the dust has settled.

Last but not least I also did a few days of frontdesk duties.

Debian ELTS

This month was the sixty-sixth ELTS month. During my allocated time I uploaded:

  • [ELA-1031-1]xerces-c security update for one CVE to fix an out-of-bound access in Jessie and Stretch
  • [ELA-1036-1] jasper security update for one CVE to fix an invalid memory write

This month I also worked on the Jessie and Stretch updates for bind9. The uploads should happen soon. I also started to work on an update for exim4. Last but not least I did a few days of frontdesk duties.

Debian Printing

This month I adopted:

At the moment these packages are the last adoptions to preserve the old printing protocol within Debian. If you know of other packages that should be retained, please don’t hesitate to ask me. But don’t wait for too long, I have fun to process RM-bugs :-).

This work is generously funded by Freexian!

Debian Astro

This month I uploaded a new upstream version of:

Debian IoT

This month I uploaded new upstream versions of:

  • pyicloud to remove the deprecated dependency python3-future

Other stuff

This month I uploaded new upstream version of packages, did a source upload for the transition or uploaded it to fix one or the other issue:

My Debian Activities in November 2023

FTP master

This month I accepted 276 and rejected 25 packages. The overall number of packages that got accepted was 276. I also handled several RM bugs, so the archive did not grow that much :-).

Debian LTS

This was my hundred-thirteenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

During my allocated time I uploaded:

  • [DLA 3670-1] minizip security update for one CVE to fix an integer overflow
  • [DLA 3673-1] gst-plugins-bad1.0 security update for one CVEs to fix an use-after-free
  • [#1056934] Bookworm PU-bug for libde265
  • [#1056935] Bullseye PU-bug for libde265
  • [#1056737] Bookworm PU-bug for minizip
  • [#1056738] Bullseye PU-bug for minizip
  • [libde265] sponsor upload to unstable
  • [zlib] all CVEs could be marked as not-affected

The update of libde265 was a bit unusual this time. The security tracker had three CVEs listed for it and the maintainer was looking for a sponsor to fix them in Unstable. So far, so good! I sponsored the upload and suddenly a fourth CVE appeared in the security tracker. As the debian/changelog mentioned a different CVE, it was automatically added. Indeed upstreams changelog contained a patch for a CVE that was reserved but not yet published (hence the security tracker could not connect it to libde265). I informed upstream and as things turned out marking the CVE as public was just forgotten. Luckily there was some time left for the upcoming point release and all four patches finally arrived in Bookworm.

Debian ELTS

This month was the sixty-fourth ELTS month. During my allocated time I uploaded:

  • [ELA-1004-1] libde265 update in Jessie and Stretch for three CVEs. The issues are related to segmentation faults and bufferf overflows in different functions, which might result in DoS.
  • [ELA-1006-1] libde265 update in Jessie and Stretch for one CVE. This issue is related to an buffer over read which might result in an information leak or denial of service when processing crafted H.265 files
  • [ELA-1010-1 ]minizip update in Stretch for one CVE. This issue was related to a heap-based buffer overflow.
  • [ELA-1015-1] gst-plugins-bad1.0 update in Jessie and Stretch for one CVEs to fix a use-after-free of some pointers within the MXF demuxer.

In order to check whether the patch for the standalone version of minizip was ok, I used a test from the embedded minizip version in chromium and it worked.

Debian Printing

This month I uploaded a new upstream version of:

Within the context of preserving old printing packages, I adopted:

If you know of any other package that is also needed and still maintained by the QA team, please tell me.

This work is generously funded by Freexian!

Debian Astro

This month I uploaded a new upstream version of:

Debian IoT

This month I uploaded a new upstream version of:

Debian Mobcom

This month I uploaded a package to fix one or the other issue:

Other stuff

This month I uploaded new upstream version of packages, did a source upload for the transition or uploaded it to fix one or the other issue:

My Debian Activities in September 2023

FTP master

This month I accepted 437 and rejected 36 packages. The overall number of packages that got accepted was 437.

Debian LTS

This was my hundred-eleventh month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. 

During my allocated time I uploaded:

  • [DLA 3579-1] elfutils security update for one CVE
  • [DLA 3594-1] cups security update for two CVEs
  • [1052361]bookworm-pu: cups/2.4.2-3+deb12u2
  • [1052363]bullseye-pu: cups/2.3.3op2-3+deb11u4

I also started to work on bind9.

Last but not least I did some days of frontdesk duties and took part in the LTS meeting.

Debian ELTS

This month was the sixty-second ELTS month. During my allocated time I uploaded:

  • [ELA-956-1]libssh2 update in Jessie and Stretch for one CVE
  • [ELA-962-1]elfutils update in Jessie and Stretch for one CVE
  • [ELA-966-1]openssl1.0 update in Stretch for two CVEs

I also prepared updates for cups but problems with the buildd delayed the release a few days until October. I also started to work on bind9.

Last but not least I did some days of frontdesk duties .

debian-astro

Finally I managed to upload a new upstream version of openvlbi.

debian-iot

I uploaded a new upstream version (1.16.0) of libjwt to experimental. Unfortunately one test failed and upstream is trying to fix this now. So you can try to build your packages with the version in experimental, but only the next release of libjwt will make it to unstable.

debian-printing

This month I uploaded new upstream versions or bug fixing versions of:

In an email to debian-devel I asked whether anybody is still using lpr/lpd. Oddly enough, these old packages are still useful:

  • Within a small network it is easier to distribute a printcap file, than to properly config cups clients.
  • One of the biggest manufacturers of WLAN router and DSL boxes only supports raw queues when attaching an USB printer to their hardware. Admittedly the CPDB still has problems with such raw queues.
  • The Pharos printing system at MIT is still lpd based.

As a result, the lpr/lpd stuff is not yet ready to be abandoned and I will adopt the relevant packages and move them under the umbrella of the debian-printing team. Though it is not planned to develop new features, those packages should at least have a maintainer. The first adopted package has been rlpr, an utility for lpd printing without using /etc/printcap. The next one in October will be lprng, a lpr/lpd printer spooling system. If you know of any other package that is also needed and still maintained by the QA team, please tell me.

This work is generously funded by Freexian!

My Debian Activities in January 2023

FTP master

This month I accepted 419 and rejected 46 packages. The overall number of packages that got accepted was 429. Looking at these numbers and comparing them to the previous month, one can see: the freeze is near. Everybody wants to get some packages into the archive and I hope nobody is disappointed.

Debian LTS

This was my hundred-third month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. 

This month my all in all workload has been 14h.

During that time I uploaded:

  • [DLA 3272-1] sudo (embargoed) security update for one CVE
  • [DLA 3286-1] tor security update for one CVE
  • [DLA 3290-1] libzen security update for one CVE
  • [libzen Bullseye] debdiff sent to maintainer
  • [DLA 3294-1] libarchive security update for one CVE

I also attended the monthly LTS meeting and did some days of frontdesk duties.

Debian ELTS

This month was the fifty fourth ELTS month.

  • [ELA-772-1] sudo security update of Jessie and Stretch for one CVE
  • [ELA-781-1] libzen security update of Stretch for one CVE
  • [ELA-782-1] xorg-server security update of Jessie and Stretch for six CVEs
  • [ELA-790-1] libarchive security update of Jessie and Stretch for one CVEs

Last but not least I did some days of frontdesk duties.

Debian Astro

This month I uploaded improved packages or new versions of:

I also uploaded new packages:

Debian IoT

This month I uploaded improved packages of:

Debian Printing

This month I uploaded new versions or improved packages of:

I also uploaded new packages:

My Debian Activities in December 2022

FTP master

This month I accepted 276 and rejected 27 packages. The overall number of packages that got accepted was 288.

Debian LTS

This was my hundred-second month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. 

This month my all in all workload has been 14h but due to Christmas I managed only to do 10h.

During that time I uploaded:

  • [DLA 3256-1] xorg-server security update for six CVEs
  • [DLA 3255-1] mplayer security update for ten CVEs

Debian ELTS

This month was the fifty third ELTS month.

During my allocated time I marked all CVEs of the multipath-tools as not-affected and started to work on another snapd update. As I spend more time than expected with my family, I also failed to accomplish my ELTS workload.

Last but not least I did some days of frontdesk duties.

Debian Astro

This month I uploaded improved packages or new versions of:

I also updated almost all of the about 50 indi-3rdparty packages.

Debian Mobcom

This month I uploaded improved packages of:

Debian IoT

This month I uploaded improved packages of:

Debian Printing

This month I uploaded improved packages of:

Other stuff

This month I uploaded improved packages of:

Further I uploaded new versions of a bunch of golang packages.