Raphaël Hertzog: My Free Software Activities in July 2015
My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it s one of the best ways to find volunteers to work with me on projects that matter to me.
Debian LTS
This month I have been paid to work 15 hours on Debian LTS. In that time I did the following:
- Finished the work on tracker.debian.org to make it display detailed security status on each supported release (example).
- Prepared and released DLA-261-2 fixing a regression in the aptdaemon security update (happening only when you have python 2.5 installed).
- Prepared and released DLA-272-1 fixing 3 CVE in python-django.
- Prepared and released DLA-286-1 fixing 1 CVE in squid3. The patch was rather hard to backport. Thankfully upstream was very helpful, he reviewed and tested my patch.
- Did one week of LTS Frontdesk with CVE triaging. I pushed 19 commits to the security tracker.
- Reported #791588 on texinfo. It was missing a versioned dependency on tex-common and migrated too early. The package was uninstallable in testing for a few days.
- Reported #791591 on pinba-engine-mysql-5.5: package was uninstallable (had to be rebuilt). It appeared on output files of our britney instance.
- I made a non-maintainer upload (NMU) of chkrootkit to fix two RC bugs so that the package can go back to testing. The package is installed by our metapackages.
- Reported #791647: debtags no longer supports debtags update local (a feature that went away but that is used by Kali).
- I made a NMU of debtags to fix a release critical bug (#791561 debtags: Missing dependency on python3-apt and python3-debian). kali-debtags was uninstallable because it calls debtags in its postinst.
- Reported #791874 on python-guess-language: Please add a python 2 library package. We have that package in Kali and when I tried to sync it from Debian I broke something else in Kali which depends on the Python 2 version of the package.
- I made a NMU of tcpick to fix a build failure with GCC5 so that the package could go back to testing (it s part of our metapackages).
- I requested a bin-NMU of jemalloc and a give-back of hiredis on powerpc in #792246 to fix #788591 (hiredis build failure on powerpc). I also downgraded the severity of #784768 to important so that the package could go back to testing. Hiredis is a dependency of OpenVAS and we need the package in testing.
how-can-i-help -s testing-autorm --old
I just submitted #794238 as a wishlist against how-can-i-help.
At the same time, there are bugs that make it into testing and that I fix / work around on the Kali side. But those fixes / work around might be more useful if they were pushed to testing via testing-proposed-updates. I tried to see whether other derivatives had similar needs to see if derivatives could join their efforts at this level but it does not look like so for now.
Last but not least, bugs reported on the Kali side also resulted in Debian improvements:
- I reported #793360 on apt: APT::Never-MarkAuto-Sections not working as advertised. And I submitted a patch.
- I orphaned dnswalk and made a QA upload to fix its only bug.
- We wanted a newer version of the nvidia drivers. I filed #793079 requesting the new upstream release and the maintainer quickly uploaded it to experimental. I imported it on the Kali side but discovered that it was not working on i386 so I submitted #793160 with a patch.
- I noticed that Kali build daemons tend to accumulate many /dev/shm mounts and tracked this down to schroot. I reported it as #793081.
2 comments Liked this article? Click here. My blog is Flattr-enabled.