Utkarsh Gupta: FOSS Activites in October 2020
Here s my (thirteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 22nd month of contributing to Debian.
I became a DM in late March last year and a DD last Christmas! \o/
Whilst busy with my undergrad, I could still take some time out for contributing to Debian (I always do!).
Here are the following things I did in Debian this month:
Debian
This was my 22nd month of contributing to Debian.
I became a DM in late March last year and a DD last Christmas! \o/
Whilst busy with my undergrad, I could still take some time out for contributing to Debian (I always do!).
Here are the following things I did in Debian this month:
Uploads and bug fixes:
- ruby-mini-magick (4.10.1-1) - Fixing FTBFS, bug #966936.
- ruby2.7 (2.7.1-4) - Fixing CVE-2020-25613.
- net-tools (1.60+git20181103.0eebece-1) - Fixing bug #812886, #653117, #621752, and #549397.
- libgit2 (1.0.1+dfsg.1-1) - New upstream version, v1.0.1.
- rails (2:6.0.3.4+dfsg-1) - Fixing CVE-2020-8264/bug #971988.
- ruby2.7 (2.7.2-1) - New upstream version, v2.7.2.
- bundler (2.1.4-3) - Fixing bug #962463.
- ruby2.5 (2.5.5-3+deb10u3) - Fixing CVE-2020-25613.
- ruby2.7 (2.7.2-2) - Fixing bug #970469, #969130, and #968203.
- ruby3.0 (3.0.0~preview1-1) - Introducing ruby3.0, FTW!
- ruby-mysql2 (0.5.3-1) - Fixing FTBFS, bug #923727.
- ruby-rubocop-packaging (0.5.1-1) - Make it compatible with RuboCop v1.0.
Other $things:
- Attended the Debian Ruby team meeting. Logs here.
- Mentoring for newcomers.
- FTP Trainee reviewing.
- Moderation of -project mailing list.
- Sponsored
phpmyadmin
, php-bacon-baconqrcode
, twig
, php-dasprid-enum
, sql-parser
, and mariadb-mysql-kbs
for William.
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my thirteenth month as a Debian LTS and fourth month as a Debian ELTS paid contributor.
I was assigned 20.75 hours for LTS and 30.00 hours for ELTS and worked on the following things:
(for ELTS, I worked for 5.25 hours extra, so my total hours this month for ELTS were 35.25!)
LTS CVE Fixes and Announcements:
- Issued DLA 2389-1, fixing CVE-2019-18978, for ruby-rack-cors.
For Debian 9 Stretch, these problems have been fixed in version 0.4.0-1+deb9u2.
- Issued DLA 2390-1, fixing CVE-2019-18848, for ruby-json-jwt.
For Debian 9 Stretch, these problems have been fixed in version 1.6.2-1+deb9u2.
- Issued DLA 2391-1, fixing CVE-2020-25613, for ruby2.3.
For Debian 9 Stretch, these problems have been fixed in version 2.3.3-1+deb9u9.
- Issued DLA 2392-1, fixing CVE-2020-25613, for jruby.
For Debian 9 Stretch, these problems have been fixed in version 1.7.26-1+deb9u3.
- Uploaded ruby2.5 to buster, fixing CVE-2020-25613.
For Debian 10 Buster, these problems have been fixed in version 2.5.5-3+deb10u3.
- Uploaded ruby2.7 to unstable, fixing CVE-2020-25613.
For Debian Sid, these problems have been fixed in version 2.7.1-4.
- Uploaded rails to unstable, fixing CVE-2020-8264.
For Debian Sid, these problems have been fixed in version 2:6.0.3.4+dfsg-1.
ELTS CVE Fixes and Announcements:
- Issued ELA 290-1, fixing CVE-2020-25613, for ruby2.1.
For Debian 8 Jessie, these problems have been fixed in version 2.1.5-2+deb8u11.
- Issued ELA 292-1, fixing CVE-2020-26159, for libonig.
For Debian 8 Jessie, these problems have been fixed in version 5.9.5-3.2+deb8u5.
- Issued ELA 297-1, fixing CVE-2020-16121 and CVE-2020-16122, for packagekit.
For Debian 8 Jessie, these problems have been fixed in version 1.0.1-2+deb8u1.
- Issued ELA 298-1, fixing CVE-2020-14355, for spice.
For Debian 8 Jessie, these problems have been fixed in version 0.12.5-1+deb8u8.
- Issued ELA 299-1, fixing CVE-2020-14355, for spice-gtk.
For Debian 8 Jessie, these problems have been fixed in version 0.25-1+deb8u2.
- Started working on openldap vulnerabilities, CVEs are yet to be assigned.
Other (E)LTS Work:
- Front-desk duty from 28-09 to 04-10 and from 26-10 until 01-10 for both LTS and ELTS.
- Triaged libproxy,
libvirt,
libonig,
ant,
erlang,
ruby2.3,
jruby,
dpdk,
php7.0,
spice,
spice-gtk,
wireshark,
djangorestframework,
python-urllib3,
python-cryptography,
qtsvg-opensource-src, and
open-build-service.
- Marked CVE-2020-26137/python-urllib3 as no-dsa for Stretch and Jessie.
- Marked CVE-2020-1437 4,5,6,7,8 /dpdk as no-dsa for Stretch.
- Marked CVE-2020-2586 2,3 /wireshark as postponed for Stretch.
- Marked CVE-2020-25626/djangorestframework as no-dsa for Stretch.
- Marked CVE-2020-11979/ant as not-affected for Jessie.
- Marked CVE-2020-25623/erlang as not-affected for Jessie.
- Marked CVE-2020-25659/python-cryptography as no-dsa for Stretch and Jessie.
- Auto EOL ed jruby, libjs-handlebars, linux, pluxml, mupdf, and djangorestframework for Jessie.
- [E/LTS] Worked on putting survey online, deployed LTS Team Pages \o/
- [ELTS] Fix suite-name in ela-needed file and fix other tags and ordering of triages to fix errors in the security tracker.
- [LTS] Sent out invitations for the meeting.
- Attended the sixth private LTS meeting.
- General discussion on LTS private and public mailing list.
Until next time.
:wq
for today.
- ruby-mini-magick (4.10.1-1) - Fixing FTBFS, bug #966936.
- ruby2.7 (2.7.1-4) - Fixing CVE-2020-25613.
- net-tools (1.60+git20181103.0eebece-1) - Fixing bug #812886, #653117, #621752, and #549397.
- libgit2 (1.0.1+dfsg.1-1) - New upstream version, v1.0.1.
- rails (2:6.0.3.4+dfsg-1) - Fixing CVE-2020-8264/bug #971988.
- ruby2.7 (2.7.2-1) - New upstream version, v2.7.2.
- bundler (2.1.4-3) - Fixing bug #962463.
- ruby2.5 (2.5.5-3+deb10u3) - Fixing CVE-2020-25613.
- ruby2.7 (2.7.2-2) - Fixing bug #970469, #969130, and #968203.
- ruby3.0 (3.0.0~preview1-1) - Introducing ruby3.0, FTW!
- ruby-mysql2 (0.5.3-1) - Fixing FTBFS, bug #923727.
- ruby-rubocop-packaging (0.5.1-1) - Make it compatible with RuboCop v1.0.
Other $things:
- Attended the Debian Ruby team meeting. Logs here.
- Mentoring for newcomers.
- FTP Trainee reviewing.
- Moderation of -project mailing list.
- Sponsored
phpmyadmin
, php-bacon-baconqrcode
, twig
, php-dasprid-enum
, sql-parser
, and mariadb-mysql-kbs
for William.
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my thirteenth month as a Debian LTS and fourth month as a Debian ELTS paid contributor.
I was assigned 20.75 hours for LTS and 30.00 hours for ELTS and worked on the following things:
(for ELTS, I worked for 5.25 hours extra, so my total hours this month for ELTS were 35.25!)
LTS CVE Fixes and Announcements:
- Issued DLA 2389-1, fixing CVE-2019-18978, for ruby-rack-cors.
For Debian 9 Stretch, these problems have been fixed in version 0.4.0-1+deb9u2.
- Issued DLA 2390-1, fixing CVE-2019-18848, for ruby-json-jwt.
For Debian 9 Stretch, these problems have been fixed in version 1.6.2-1+deb9u2.
- Issued DLA 2391-1, fixing CVE-2020-25613, for ruby2.3.
For Debian 9 Stretch, these problems have been fixed in version 2.3.3-1+deb9u9.
- Issued DLA 2392-1, fixing CVE-2020-25613, for jruby.
For Debian 9 Stretch, these problems have been fixed in version 1.7.26-1+deb9u3.
- Uploaded ruby2.5 to buster, fixing CVE-2020-25613.
For Debian 10 Buster, these problems have been fixed in version 2.5.5-3+deb10u3.
- Uploaded ruby2.7 to unstable, fixing CVE-2020-25613.
For Debian Sid, these problems have been fixed in version 2.7.1-4.
- Uploaded rails to unstable, fixing CVE-2020-8264.
For Debian Sid, these problems have been fixed in version 2:6.0.3.4+dfsg-1.
ELTS CVE Fixes and Announcements:
- Issued ELA 290-1, fixing CVE-2020-25613, for ruby2.1.
For Debian 8 Jessie, these problems have been fixed in version 2.1.5-2+deb8u11.
- Issued ELA 292-1, fixing CVE-2020-26159, for libonig.
For Debian 8 Jessie, these problems have been fixed in version 5.9.5-3.2+deb8u5.
- Issued ELA 297-1, fixing CVE-2020-16121 and CVE-2020-16122, for packagekit.
For Debian 8 Jessie, these problems have been fixed in version 1.0.1-2+deb8u1.
- Issued ELA 298-1, fixing CVE-2020-14355, for spice.
For Debian 8 Jessie, these problems have been fixed in version 0.12.5-1+deb8u8.
- Issued ELA 299-1, fixing CVE-2020-14355, for spice-gtk.
For Debian 8 Jessie, these problems have been fixed in version 0.25-1+deb8u2.
- Started working on openldap vulnerabilities, CVEs are yet to be assigned.
Other (E)LTS Work:
- Front-desk duty from 28-09 to 04-10 and from 26-10 until 01-10 for both LTS and ELTS.
- Triaged libproxy,
libvirt,
libonig,
ant,
erlang,
ruby2.3,
jruby,
dpdk,
php7.0,
spice,
spice-gtk,
wireshark,
djangorestframework,
python-urllib3,
python-cryptography,
qtsvg-opensource-src, and
open-build-service.
- Marked CVE-2020-26137/python-urllib3 as no-dsa for Stretch and Jessie.
- Marked CVE-2020-1437 4,5,6,7,8 /dpdk as no-dsa for Stretch.
- Marked CVE-2020-2586 2,3 /wireshark as postponed for Stretch.
- Marked CVE-2020-25626/djangorestframework as no-dsa for Stretch.
- Marked CVE-2020-11979/ant as not-affected for Jessie.
- Marked CVE-2020-25623/erlang as not-affected for Jessie.
- Marked CVE-2020-25659/python-cryptography as no-dsa for Stretch and Jessie.
- Auto EOL ed jruby, libjs-handlebars, linux, pluxml, mupdf, and djangorestframework for Jessie.
- [E/LTS] Worked on putting survey online, deployed LTS Team Pages \o/
- [ELTS] Fix suite-name in ela-needed file and fix other tags and ordering of triages to fix errors in the security tracker.
- [LTS] Sent out invitations for the meeting.
- Attended the sixth private LTS meeting.
- General discussion on LTS private and public mailing list.
Until next time.
:wq
for today.
phpmyadmin
, php-bacon-baconqrcode
, twig
, php-dasprid-enum
, sql-parser
, and mariadb-mysql-kbs
for William.I was assigned 20.75 hours for LTS and 30.00 hours for ELTS and worked on the following things:
(for ELTS, I worked for 5.25 hours extra, so my total hours this month for ELTS were 35.25!)
LTS CVE Fixes and Announcements:
- Issued DLA 2389-1, fixing CVE-2019-18978, for ruby-rack-cors.
For Debian 9 Stretch, these problems have been fixed in version 0.4.0-1+deb9u2.
- Issued DLA 2390-1, fixing CVE-2019-18848, for ruby-json-jwt.
For Debian 9 Stretch, these problems have been fixed in version 1.6.2-1+deb9u2.
- Issued DLA 2391-1, fixing CVE-2020-25613, for ruby2.3.
For Debian 9 Stretch, these problems have been fixed in version 2.3.3-1+deb9u9.
- Issued DLA 2392-1, fixing CVE-2020-25613, for jruby.
For Debian 9 Stretch, these problems have been fixed in version 1.7.26-1+deb9u3.
- Uploaded ruby2.5 to buster, fixing CVE-2020-25613.
For Debian 10 Buster, these problems have been fixed in version 2.5.5-3+deb10u3.
- Uploaded ruby2.7 to unstable, fixing CVE-2020-25613.
For Debian Sid, these problems have been fixed in version 2.7.1-4.
- Uploaded rails to unstable, fixing CVE-2020-8264.
For Debian Sid, these problems have been fixed in version 2:6.0.3.4+dfsg-1.
ELTS CVE Fixes and Announcements:
- Issued ELA 290-1, fixing CVE-2020-25613, for ruby2.1.
For Debian 8 Jessie, these problems have been fixed in version 2.1.5-2+deb8u11.
- Issued ELA 292-1, fixing CVE-2020-26159, for libonig.
For Debian 8 Jessie, these problems have been fixed in version 5.9.5-3.2+deb8u5.
- Issued ELA 297-1, fixing CVE-2020-16121 and CVE-2020-16122, for packagekit.
For Debian 8 Jessie, these problems have been fixed in version 1.0.1-2+deb8u1.
- Issued ELA 298-1, fixing CVE-2020-14355, for spice.
For Debian 8 Jessie, these problems have been fixed in version 0.12.5-1+deb8u8.
- Issued ELA 299-1, fixing CVE-2020-14355, for spice-gtk.
For Debian 8 Jessie, these problems have been fixed in version 0.25-1+deb8u2.
- Started working on openldap vulnerabilities, CVEs are yet to be assigned.
Other (E)LTS Work:
- Front-desk duty from 28-09 to 04-10 and from 26-10 until 01-10 for both LTS and ELTS.
- Triaged libproxy,
libvirt,
libonig,
ant,
erlang,
ruby2.3,
jruby,
dpdk,
php7.0,
spice,
spice-gtk,
wireshark,
djangorestframework,
python-urllib3,
python-cryptography,
qtsvg-opensource-src, and
open-build-service.
- Marked CVE-2020-26137/python-urllib3 as no-dsa for Stretch and Jessie.
- Marked CVE-2020-1437 4,5,6,7,8 /dpdk as no-dsa for Stretch.
- Marked CVE-2020-2586 2,3 /wireshark as postponed for Stretch.
- Marked CVE-2020-25626/djangorestframework as no-dsa for Stretch.
- Marked CVE-2020-11979/ant as not-affected for Jessie.
- Marked CVE-2020-25623/erlang as not-affected for Jessie.
- Marked CVE-2020-25659/python-cryptography as no-dsa for Stretch and Jessie.
- Auto EOL ed jruby, libjs-handlebars, linux, pluxml, mupdf, and djangorestframework for Jessie.
- [E/LTS] Worked on putting survey online, deployed LTS Team Pages \o/
- [ELTS] Fix suite-name in ela-needed file and fix other tags and ordering of triages to fix errors in the security tracker.
- [LTS] Sent out invitations for the meeting.
- Attended the sixth private LTS meeting.
- General discussion on LTS private and public mailing list.
Until next time.
:wq
for today.
For Debian 9 Stretch, these problems have been fixed in version 0.4.0-1+deb9u2.
For Debian 9 Stretch, these problems have been fixed in version 1.6.2-1+deb9u2.
For Debian 9 Stretch, these problems have been fixed in version 2.3.3-1+deb9u9.
For Debian 9 Stretch, these problems have been fixed in version 1.7.26-1+deb9u3.
- Issued ELA 290-1, fixing CVE-2020-25613, for ruby2.1.
For Debian 8 Jessie, these problems have been fixed in version 2.1.5-2+deb8u11. - Issued ELA 292-1, fixing CVE-2020-26159, for libonig.
For Debian 8 Jessie, these problems have been fixed in version 5.9.5-3.2+deb8u5. - Issued ELA 297-1, fixing CVE-2020-16121 and CVE-2020-16122, for packagekit.
For Debian 8 Jessie, these problems have been fixed in version 1.0.1-2+deb8u1. - Issued ELA 298-1, fixing CVE-2020-14355, for spice.
For Debian 8 Jessie, these problems have been fixed in version 0.12.5-1+deb8u8. - Issued ELA 299-1, fixing CVE-2020-14355, for spice-gtk.
For Debian 8 Jessie, these problems have been fixed in version 0.25-1+deb8u2. - Started working on openldap vulnerabilities, CVEs are yet to be assigned.