Search Results: "Andrej Shadura"

28 April 2025

Freexian Collaborators: Monthly report about Debian Long Term Support, March 2025 (by Roberto C. S nchez)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In March, 20 contributors have been paid to work on Debian LTS, their reports are available:

Adrian Bunk did 51.5h (out of 0.0h assigned and 51.5h from previous period).

Andreas Henriksson did 20.0h (out of 20.0h assigned).

Andrej Shadura did 6.0h (out of 10.0h assigned), thus carrying over 4.0h to the next month.

Bastien Roucari s did 20.0h (out of 20.0h assigned).

Ben Hutchings did 12.0h (out of 12.0h assigned and 12.0h from previous period), thus carrying over 12.0h to the next month.

Chris Lamb did 18.0h (out of 18.0h assigned).

Daniel Leidert did 26.0h (out of 23.0h assigned and 3.0h from previous period).

Emilio Pozuelo Monfort did 37.0h (out of 36.5h assigned and 0.75h from previous period), thus carrying over 0.25h to the next month.

Guilhem Moulin did 8.25h (out of 11.0h assigned and 9.0h from previous period), thus carrying over 11.75h to the next month.

Jochen Sprickerhof did 18.0h (out of 24.25h assigned and 3.0h from previous period), thus carrying over 9.25h to the next month.

Lee Garrett did 10.25h (out of 0.0h assigned and 42.0h from previous period), thus carrying over 31.75h to the next month.

Lucas Kanashiro did 4.0h (out of 0.0h assigned and 56.0h from previous period), thus carrying over 52.0h to the next month.

Markus Koschany did 27.25h (out of 27.25h assigned).

Roberto C. S nchez did 8.25h (out of 7.0h assigned and 17.0h from previous period), thus carrying over 15.75h to the next month.

Santiago Ruano Rinc n did 17.5h (out of 19.75h assigned and 5.25h from previous period), thus carrying over 7.5h to the next month.

Sean Whitton did 7.0h (out of 7.0h assigned).

Sylvain Beucler did 32.0h (out of 31.0h assigned and 1.25h from previous period), thus carrying over 0.25h to the next month.

Thorsten Alteholz did 11.0h (out of 11.0h assigned).

Tobias Frost did 7.75h (out of 12.0h assigned), thus carrying over 4.25h to the next month.

Utkarsh Gupta did 15.0h (out of 15.0h assigned).

Evolution of the situation In March, we have released 31 DLAs.

Notable security updates:

linux-6.1 (1 2)and linux, prepared by Ben Hutchings, fixed an extensive list of vulnerabilities

firefox-esr, prepared by Emilio Pozuelo Monfort, fixed a variety of vulnerabilities

intel-microcode, prepared by Tobias Frost, fixed several local privilege escalation, denial of service, and information disclosure vulnerabilities

vim, prepared by Sean Whitton, fixed a multitude of vulnerabilities, including many application crashes, buffer overflows, and out-of-bounds reads

The recent trend of contributions from contributors external to the formal LTS team has continued. LTS contributor Sylvain Beucler reviewed and facilitated an update to openvpn proposed by Aquila Macedo, resulting in the publication of DLA 4079-1. Thanks a lot to Aquila for preparing the update. The LTS Team continues to make contributions to the current stable Debian release, Debian 12 (codename bookworm ). LTS contributor Bastien Roucari s prepared a stable upload of krb5 to ensure that fixes made in the LTS release, Debian 11 (codename bullseye ) were also made available to stable users. Additional stable updates, for tomcat10 and jetty9, were prepared by LTS contributor Markus Koschany. And, finally, LTS contributor Utkarsh Gupta prepared stable updates for rails and ruby-rack. LTS contributor Emilio Pozuelo Monfort has continued his ongoing improvements to the Debian security tracker and its associated tooling, making the data contained in the tracker more reliable and easing interaction with it. The ckeditor3 package, which has been EOL by upstream for some time, is still depended upon by the PHP Horde packages in Debian. Sylvain, along with Bastien, did monumental work in coordinating with maintainers, security team fellows, and other Debian teams, to formally declare the EOL of the ckeditor3 package in Debian 11 and in Debian 12. Additionally, as a result of this work Sylvain has worked towards the removal of ckeditor3 as a dependency by other packages in order to facilitate the complete removal of ckeditor3 from all future Debian releases.

Thanks to our sponsors Sponsors that joined recently are in bold.

Platinum sponsors:

Toshiba Corporation (for 114 months)

Civil Infrastructure Platform (CIP) (for 82 months)

VyOS Inc (for 47 months)

Gold sponsors:

Roche Diagnostics International AG (for 125 months)

Akamai - Linode (for 119 months)

Babiel GmbH (for 108 months)

Plat Home (for 108 months)

University of Oxford (for 65 months)

Deveryware (for 52 months)

EDF SA (for 36 months)

Dataport A R (for 12 months)

CERN (for 9 months)

Silver sponsors:

Domeneshop AS (for 129 months)

Nantes M tropole (for 123 months)

Univention GmbH (for 115 months)

Universit Jean Monnet de St Etienne (for 115 months)

Ribbon Communications, Inc. (for 109 months)

Exonet B.V. (for 99 months)

Leibniz Rechenzentrum (for 93 months)

Minist re de l Europe et des Affaires trang res (for 77 months)

Cloudways by DigitalOcean (for 66 months)

Dinahosting SL (for 64 months)

Bauer Xcel Media Deutschland KG (for 59 months)

Platform.sh SAS (for 59 months)

Moxa Inc. (for 53 months)

sipgate GmbH (for 50 months)

OVH US LLC (for 48 months)

Tilburg University (for 48 months)

GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 40 months)

Soliton Systems K.K. (for 37 months)

THINline s.r.o. (for 13 months)

Copenhagen Airports A/S (for 6 months)

Bronze sponsors:

Evolix (for 130 months)

Seznam.cz, a.s. (for 130 months)

Linuxhotel GmbH (for 127 months)

Intevation GmbH (for 126 months)

Daevel SARL (for 125 months)

Bitfolk LTD (for 124 months)

Megaspace Internet Services GmbH (for 124 months)

Greenbone AG (for 123 months)

NUMLOG (for 123 months)

WinGo AG (for 123 months)

Entr ouvert (for 114 months)

Adfinis AG (for 112 months)

Laboratoire LEGI - UMR 5519 / CNRS (for 106 months)

Tesorion (for 106 months)

Bearstech (for 98 months)

LiHAS (for 98 months)

Catalyst IT Ltd (for 92 months)

Supagro (for 88 months)

Demarcq SAS (for 86 months)

Universit Grenoble Alpes (for 72 months)

TouchWeb SAS (for 65 months)

SPiN AG (for 61 months)

CoreFiling (for 57 months)

Institut des sciences cognitives Marc Jeannerod (for 52 months)

Observatoire des Sciences de l Univers de Grenoble (for 49 months)

Tem Innovations GmbH (for 44 months)

WordFinder.pro (for 43 months)

CNRS DT INSU R sif (for 42 months)

Alter Way (for 35 months)

Institut Camille Jordan (for 25 months)

SOBIS Software GmbH (for 9 months)

Tuxera Inc.

28 March 2025

Freexian Collaborators: Monthly report about Debian Long Term Support, February 2025 (by Roberto C. S nchez)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In February, 18 contributors have been paid to work on Debian LTS, their reports are available:

Abhijith PA did 10.0h (out of 8.0h assigned and 6.0h from previous period), thus carrying over 4.0h to the next month.

Adrian Bunk did 12.0h (out of 0.0h assigned and 63.5h from previous period), thus carrying over 51.5h to the next month.

Andrej Shadura did 10.0h (out of 6.0h assigned and 4.0h from previous period).

Bastien Roucari s did 20.0h (out of 20.0h assigned).

Ben Hutchings did 12.0h (out of 8.0h assigned and 16.0h from previous period), thus carrying over 12.0h to the next month.

Chris Lamb did 18.0h (out of 18.0h assigned).

Daniel Leidert did 23.0h (out of 20.0h assigned and 6.0h from previous period), thus carrying over 3.0h to the next month.

Emilio Pozuelo Monfort did 53.0h (out of 53.0h assigned and 0.75h from previous period), thus carrying over 0.75h to the next month.

Guilhem Moulin did 11.0h (out of 3.25h assigned and 16.75h from previous period), thus carrying over 9.0h to the next month.

Jochen Sprickerhof did 27.0h (out of 30.0h assigned), thus carrying over 3.0h to the next month.

Lee Garrett did 11.75h (out of 9.5h assigned and 44.25h from previous period), thus carrying over 42.0h to the next month.

Markus Koschany did 40.0h (out of 40.0h assigned).

Roberto C. S nchez did 7.0h (out of 14.75h assigned and 9.25h from previous period), thus carrying over 17.0h to the next month.

Santiago Ruano Rinc n did 19.75h (out of 21.75h assigned and 3.25h from previous period), thus carrying over 5.25h to the next month.

Sean Whitton did 6.0h (out of 6.0h assigned).

Sylvain Beucler did 52.5h (out of 14.75h assigned and 39.0h from previous period), thus carrying over 1.25h to the next month.

Thorsten Alteholz did 11.0h (out of 11.0h assigned).

Tobias Frost did 17.0h (out of 17.0h assigned).

Evolution of the situation In February, we have released 38 DLAs.

Notable security updates:

pam-u2f, prepared by Patrick Winnertz, fixed an authentication bypass vulnerability

openjdk-17, prepared by Emilio Pozuelo Monfort, fixed an authorization bypass/information disclosure vulnerability

firefox-esr, prepared by Emilio Pozuelo Monfort, fixed several vulnerabilities

thunderbird, prepared by Emilio Pozuelo Monfort, fixed several vulnerabilities

postgresql-13, prepared by Christoph Berg, fixed an SQL injection vulnerability

freerdp2, prepared by Tobias Frost, fixed several vulnerabilities

openssh, prepared by Colin Watson, fixed a machine-in-the-middle vulnerability

LTS contributors Emilio Pozuelo Monfort and Santiago Ruano Rinc n coordinated the administrative aspects of LTS updates of postgresql-13 and pam-u2f, which were prepared by the respective maintainers, to whom we are most grateful. As has become the custom of the LTS team, work is under way on a number of package updates targeting Debian 12 (codename bookworm ) with fixes for a variety of vulnerabilities. In February, Guilhem Moulin prepared an upload of sssd, while several other updates are still in progress. Bastien Roucari s prepared an upload of krb5 for unstable as well. Given the importance of the Debian Security Tracker to the work of the LTS Team, we regularly contribute improvements to it. LTS contributor Emilio Pozuelo Monfort reviewed and merged a change to improve performance, and then dealt with unexpected issues that arose as a result. He also made improvements in the processing of CVEs which are not applicable to Debian. Looking to the future (the release of Debian 13, codename trixie , and beyond), LTS contributor Santiago Ruano Rinc n has initiated a conversation among the broader community involved in the development of Debian. The purpose of the discussion is to explore ways to improve the long term supportability of packages in Debian, specifically by focusing effort on ensuring that each Debian release contains the best supported upstream version of packages with a history of security issues.

Thanks to our sponsors Sponsors that joined recently are in bold.

Platinum sponsors:

Toshiba Corporation (for 113 months)

Civil Infrastructure Platform (CIP) (for 81 months)

VyOS Inc (for 46 months)

Gold sponsors:

Roche Diagnostics International AG (for 124 months)

Akamai - Linode (for 118 months)

Babiel GmbH (for 107 months)

Plat Home (for 107 months)

University of Oxford (for 64 months)

Deveryware (for 51 months)

EDF SA (for 35 months)

Dataport A R (for 11 months)

CERN (for 8 months)

Silver sponsors:

Domeneshop AS (for 128 months)

Nantes M tropole (for 122 months)

Univention GmbH (for 114 months)

Universit Jean Monnet de St Etienne (for 114 months)

Ribbon Communications, Inc. (for 108 months)

Exonet B.V. (for 98 months)

Leibniz Rechenzentrum (for 92 months)

Minist re de l Europe et des Affaires trang res (for 76 months)

Cloudways by DigitalOcean (for 65 months)

Dinahosting SL (for 63 months)

Bauer Xcel Media Deutschland KG (for 58 months)

Platform.sh SAS (for 58 months)

Moxa Inc. (for 52 months)

sipgate GmbH (for 49 months)

OVH US LLC (for 47 months)

Tilburg University (for 47 months)

GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 39 months)

Soliton Systems K.K. (for 36 months)

THINline s.r.o. (for 12 months)

Copenhagen Airports A/S (for 5 months)

Bronze sponsors:

Evolix (for 129 months)

Seznam.cz, a.s. (for 129 months)

Linuxhotel GmbH (for 126 months)

Intevation GmbH (for 125 months)

Daevel SARL (for 124 months)

Bitfolk LTD (for 123 months)

Megaspace Internet Services GmbH (for 123 months)

Greenbone AG (for 122 months)

NUMLOG (for 122 months)

WinGo AG (for 122 months)

Entr ouvert (for 113 months)

Adfinis AG (for 111 months)

GNI MEDIA (for 105 months)

Laboratoire LEGI - UMR 5519 / CNRS (for 105 months)

Tesorion (for 105 months)

Bearstech (for 97 months)

LiHAS (for 97 months)

Catalyst IT Ltd (for 91 months)

Supagro (for 87 months)

Demarcq SAS (for 85 months)

Universit Grenoble Alpes (for 71 months)

TouchWeb SAS (for 64 months)

SPiN AG (for 60 months)

CoreFiling (for 56 months)

Institut des sciences cognitives Marc Jeannerod (for 51 months)

Observatoire des Sciences de l Univers de Grenoble (for 48 months)

Tem Innovations GmbH (for 43 months)

WordFinder.pro (for 42 months)

CNRS DT INSU R sif (for 41 months)

Alter Way (for 34 months)

Institut Camille Jordan (for 24 months)

SOBIS Software GmbH (for 8 months)

Tuxera Inc.

14 February 2025

Freexian Collaborators: Monthly report about Debian Long Term Support, January 2025 (by Roberto C. S nchez)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In January, 20 contributors have been paid to work on Debian LTS, their reports are available:

Abhijith PA did 8.0h (out of 14.0h assigned), thus carrying over 6.0h to the next month.

Adrian Bunk did 36.5h (out of 47.75h assigned and 52.25h from previous period), thus carrying over 63.5h to the next month.

Andrej Shadura did 11.0h (out of 11.0h assigned and 4.0h from previous period), thus carrying over 4.0h to the next month.

Arturo Borrero Gonzalez did 9.0h (out of 10.0h assigned), thus carrying over 1.0h to the next month.

Bastien Roucari s did 22.0h (out of 22.0h assigned).

Ben Hutchings did 8.0h (out of 21.0h assigned and 3.0h from previous period), thus carrying over 16.0h to the next month.

Chris Lamb did 18.0h (out of 18.0h assigned).

Daniel Leidert did 20.0h (out of 23.0h assigned and 3.0h from previous period), thus carrying over 6.0h to the next month.

Emilio Pozuelo Monfort did 34.0h (out of 7.0h assigned and 27.75h from previous period), thus carrying over 0.75h to the next month.

Guilhem Moulin did 3.25h (out of 20.0h assigned), thus carrying over 16.75h to the next month.

Jochen Sprickerhof did 23.0h (out of 15.0h assigned and 8.0h from previous period).

Lee Garrett did 15.75h (out of 8.5h assigned and 51.5h from previous period), thus carrying over 44.25h to the next month.

Lucas Kanashiro did 8.0h (out of 32.0h assigned and 32.0h from previous period), thus carrying over 56.0h to the next month.

Markus Koschany did 40.0h (out of 40.0h assigned).

Roberto C. S nchez did 14.75h (out of 13.5h assigned and 10.5h from previous period), thus carrying over 9.25h to the next month.

Santiago Ruano Rinc n did 21.75h (out of 18.75h assigned and 6.25h from previous period), thus carrying over 3.25h to the next month.

Sean Whitton did 8.5h (out of 8.5h assigned).

Sylvain Beucler did 10.5h (out of 0.0h assigned and 49.5h from previous period), thus carrying over 39.0h to the next month.

Thorsten Alteholz did 11.0h (out of 11.0h assigned).

Tobias Frost did 12.0h (out of 12.0h assigned).

Evolution of the situation In January, we have released 33 DLAs. There were numerous security and non-security updates to Debian 11 (codename bullseye ) during January.

Notable security updates:

rsync, prepared by Thorsten Alteholz, fixed several CVEs (including information leak and path traversal vulnerabilities)

tomcat9, prepared by Markus Koschany, fixed several CVEs (including denial of service and information disclosure vulnerabilities)

ruby2.7, prepared by Bastien Roucari s, fixed several CVEs (including denial of service vulnerabilities)

tiff, prepared by Adrian Bunk, fixed several CVEs (including NULL ptr, buffer overflow, use-after-free, and segfault vulnerabilities)

Notable non-security updates:

linux-6.1, prepared by Ben Hutchings, has been packaged for bullseye (this was done specifically to provide a supported upgrade path for systems that currently use kernel packages from the bullseye-backports suite)

debian-security-support, prepared by Santiago Ruano Rinc n, which formalized the EOL of intel-mediasdk and node-matrix-js-sdk

In addition to the security and non-security updates targeting bullseye , various LTS contributors have prepared uploads targeting Debian 12 (codename bookworm ) with fixes for a variety of vulnerabilities. Abhijith PA prepared an upload of puma; Bastien Roucari s prepared an upload of node-postcss with fixes for data processing and denial of service vulnerabilities; Daniel Leidert prepared updates for setuptools, python-asyncssh, and python-tornado; Lee Garrett prepared an upload of ansible-core; and Guilhem Moulin prepared updates for python-urllib3, sqlparse, and opensc. Santiago Ruano Rinc n also worked on tracking and filing some issues about packages that need an update in recent releases to avoid regressions on upgrade. This relates to CVEs that were fixed in buster or bullseye, but remain open in bookworm. These updates, along with Santiago s work on identifying and tracking similar issues, underscore the LTS Team s commitment to ensuring that the work we do as part of LTS also benefits the current Debian stable release. LTS contributor Sean Whitton also prepared an upload of jinja2 and Santiago Ruano Rinc n prepared an upload of openjpeg2 for Debian unstable (codename sid ), as part of the LTS Team effort to assist with package uploads to unstable.

Thanks to our sponsors Sponsors that joined recently are in bold.

Platinum sponsors:

Toshiba Corporation (for 112 months)

Civil Infrastructure Platform (CIP) (for 80 months)

VyOS Inc (for 44 months)

Gold sponsors:

Roche Diagnostics International AG (for 122 months)

Akamai - Linode (for 116 months)

Babiel GmbH (for 106 months)

Plat Home (for 105 months)

University of Oxford (for 62 months)

Deveryware (for 49 months)

EDF SA (for 34 months)

Dataport A R (for 9 months)

CERN (for 7 months)

Silver sponsors:

Domeneshop AS (for 127 months)

Nantes M tropole (for 121 months)

Univention GmbH (for 113 months)

Universit Jean Monnet de St Etienne (for 113 months)

Ribbon Communications, Inc. (for 107 months)

Exonet B.V. (for 97 months)

Leibniz Rechenzentrum (for 91 months)

Minist re de l Europe et des Affaires trang res (for 75 months)

Cloudways by DigitalOcean (for 64 months)

Dinahosting SL (for 62 months)

Bauer Xcel Media Deutschland KG (for 56 months)

Platform.sh SAS (for 56 months)

Moxa Inc. (for 50 months)

sipgate GmbH (for 48 months)

OVH US LLC (for 46 months)

Tilburg University (for 46 months)

GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 37 months)

Soliton Systems K.K. (for 34 months)

THINline s.r.o. (for 10 months)

Copenhagen Airports A/S (for 4 months)

Bronze sponsors:

Evolix (for 127 months)

Seznam.cz, a.s. (for 127 months)

Intevation GmbH (for 124 months)

Linuxhotel GmbH (for 124 months)

Daevel SARL (for 123 months)

Bitfolk LTD (for 122 months)

Megaspace Internet Services GmbH (for 122 months)

Greenbone AG (for 121 months)

NUMLOG (for 121 months)

WinGo AG (for 120 months)

Entr ouvert (for 111 months)

Adfinis AG (for 109 months)

Tesorion (for 104 months)

GNI MEDIA (for 103 months)

Laboratoire LEGI - UMR 5519 / CNRS (for 103 months)

Bearstech (for 95 months)

LiHAS (for 95 months)

Catalyst IT Ltd (for 90 months)

Supagro (for 85 months)

Demarcq SAS (for 84 months)

Universit Grenoble Alpes (for 70 months)

TouchWeb SAS (for 62 months)

SPiN AG (for 59 months)

CoreFiling (for 55 months)

Institut des sciences cognitives Marc Jeannerod (for 50 months)

Observatoire des Sciences de l Univers de Grenoble (for 46 months)

Tem Innovations GmbH (for 41 months)

WordFinder.pro (for 40 months)

CNRS DT INSU R sif (for 39 months)

Alter Way (for 32 months)

Institut Camille Jordan (for 22 months)

SOBIS Software GmbH (for 7 months)

13 January 2025

Freexian Collaborators: Monthly report about Debian Long Term Support, December 2024 (by Roberto C. S nchez)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In December, 19 contributors have been paid to work on Debian LTS, their reports are available:

Abhijith PA did 14.0h (out of 14.0h assigned).

Adrian Bunk did 47.75h (out of 53.0h assigned and 47.0h from previous period), thus carrying over 52.25h to the next month.

Andrej Shadura did 6.0h (out of 17.0h assigned and -7.0h from previous period after hours given back), thus carrying over 4.0h to the next month.

Bastien Roucari s did 22.0h (out of 22.0h assigned).

Ben Hutchings did 15.0h (out of 0.0h assigned and 18.0h from previous period), thus carrying over 3.0h to the next month.

Chris Lamb did 18.0h (out of 18.0h assigned).

Daniel Leidert did 23.0h (out of 17.0h assigned and 9.0h from previous period), thus carrying over 3.0h to the next month.

Emilio Pozuelo Monfort did 32.25h (out of 40.5h assigned and 19.5h from previous period), thus carrying over 27.75h to the next month.

Guilhem Moulin did 22.5h (out of 9.75h assigned and 12.75h from previous period).

Jochen Sprickerhof did 2.0h (out of 3.5h assigned and 6.5h from previous period), thus carrying over 8.0h to the next month.

Lee Garrett did 8.5h (out of 14.75h assigned and 45.25h from previous period), thus carrying over 51.5h to the next month.

Lucas Kanashiro did 32.0h (out of 10.0h assigned and 54.0h from previous period), thus carrying over 32.0h to the next month.

Markus Koschany did 40.0h (out of 20.0h assigned and 20.0h from previous period).

Roberto C. S nchez did 13.5h (out of 6.75h assigned and 17.25h from previous period), thus carrying over 10.5h to the next month.

Santiago Ruano Rinc n did 18.75h (out of 24.75h assigned and 0.25h from previous period), thus carrying over 6.25h to the next month.

Sean Whitton did 6.0h (out of 2.0h assigned and 4.0h from previous period).

Sylvain Beucler did 10.5h (out of 21.5h assigned and 38.5h from previous period), thus carrying over 49.5h to the next month.

Thorsten Alteholz did 11.0h (out of 11.0h assigned).

Tobias Frost did 12.0h (out of 12.0h assigned).

Evolution of the situation In December, we have released 29 DLAs. The LTS Team has published updates to several notable packages. Contributor Guilhem Moulin published an update of php7.4, a widely-used open source general purpose scripting language, which addressed denial of service, authorization bypass, and information disclosure vulnerabilities. Contributor Lucas Kanashiro published an update of clamav, an antivirus toolkit for Unix and Linux, which addressed denial of service and authorization bypass vulnerabilities. Finally, contributor Tobias Frost published an update of intel-microcode, the microcode for Intel microprocessors, which well help to ensure that processor hardware is protected against several local privilege escalation and local denial of service vulnerabilities. Beyond our customary LTS package updates, the LTS Team has made contributions to Debian s stable bookworm release and its experimental section. Notably, contributor Lee Garrett published a stable update of dnsmasq. The LTS update was previously published in November and in December Lee continued working to bring the same fixes (addressing the high profile KeyTrap and NSEC3 vulnerabilities) to the dnsmasq package in Debian bookworm. This package was accepted for inclusion in the Debian 12.9 point release scheduled for January 2025. Addititionally, contributor Sean Whitton provided assistance, via upload sponsorships, to the Debian maintainers of xen. This assistance resulted in two uploads of xen into Debian s experimental section, which will contribute to the next Debian stable release having a version of xen with better longterm support from the upstream development team.

Thanks to our sponsors Sponsors that joined recently are in bold.

Platinum sponsors:

Toshiba Corporation (for 111 months)

Civil Infrastructure Platform (CIP) (for 79 months)

VyOS Inc (for 43 months)

Gold sponsors:

Roche Diagnostics International AG (for 121 months)

Akamai - Linode (for 115 months)

Babiel GmbH (for 105 months)

Plat Home (for 104 months)

University of Oxford (for 61 months)

Deveryware (for 48 months)

EDF SA (for 33 months)

Dataport A R (for 8 months)

CERN (for 6 months)

Silver sponsors:

Domeneshop AS (for 126 months)

Nantes M tropole (for 120 months)

Univention GmbH (for 112 months)

Universit Jean Monnet de St Etienne (for 112 months)

Ribbon Communications, Inc. (for 106 months)

Exonet B.V. (for 96 months)

Leibniz Rechenzentrum (for 90 months)

Minist re de l Europe et des Affaires trang res (for 74 months)

Cloudways by DigitalOcean (for 63 months)

Dinahosting SL (for 61 months)

Bauer Xcel Media Deutschland KG (for 55 months)

Platform.sh SAS (for 55 months)

Moxa Inc. (for 49 months)

sipgate GmbH (for 47 months)

OVH US LLC (for 45 months)

Tilburg University (for 45 months)

GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 36 months)

Soliton Systems K.K. (for 33 months)

THINline s.r.o. (for 9 months)

Copenhagen Airports A/S (for 3 months)

Bronze sponsors:

Evolix (for 126 months)

Seznam.cz, a.s. (for 126 months)

Intevation GmbH (for 123 months)

Linuxhotel GmbH (for 123 months)

Daevel SARL (for 122 months)

Bitfolk LTD (for 121 months)

Megaspace Internet Services GmbH (for 121 months)

Greenbone AG (for 120 months)

NUMLOG (for 120 months)

WinGo AG (for 119 months)

Entr ouvert (for 111 months)

Adfinis AG (for 108 months)

Laboratoire LEGI - UMR 5519 / CNRS (for 103 months)

Tesorion (for 103 months)

GNI MEDIA (for 102 months)

Bearstech (for 94 months)

LiHAS (for 94 months)

Catalyst IT Ltd (for 89 months)

Supagro (for 84 months)

Demarcq SAS (for 83 months)

Universit Grenoble Alpes (for 69 months)

TouchWeb SAS (for 61 months)

SPiN AG (for 58 months)

CoreFiling (for 54 months)

Institut des sciences cognitives Marc Jeannerod (for 49 months)

Observatoire des Sciences de l Univers de Grenoble (for 45 months)

Tem Innovations GmbH (for 40 months)

WordFinder.pro (for 39 months)

CNRS DT INSU R sif (for 38 months)

Alter Way (for 31 months)

Institut Camille Jordan (for 21 months)

SOBIS Software GmbH (for 6 months)

9 January 2025

Freexian Collaborators: Debian Contributions: Tracker.debian.org updates, Salsa CI improvements, Coinstallable build-essential, Python 3.13 transition, Ruby 3.3 transition and more! (by Anupa Ann Joseph, Stefano Rivera)

Debian Contributions: 2024-12 Contributing to Debian is part of Freexian s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services.

Tracker.debian.org updates, by Rapha l Hertzog Profiting from end-of-year vacations, Rapha l prepared for tracker.debian.org to be upgraded to Debian 12 bookworm by getting rid of the remnants of `python3-django-jsonfield` in the code (it was superseded by a Django-native field). Thanks to Philipp Kern from the Debian System Administrators team, the upgrade happened on December 23rd. Rapha l also improved distro-tracker to better deal with invalid `Maintainer` fields which recently caused multiples issues in the regular data updates (#1089985, MR 105). While working on this, he filed #1089648 asking dpkg tools to error out early when maintainers make such mistakes. Finally he provided feedback to multiple issues and merge requests (MR 106, issues #21, #76, #77), there seems to be a surge of interest in distro-tracker lately. It would be nice if those new contributors could stick around and help out with the significant backlog of issues (in the Debian BTS, in Salsa).

Salsa CI improvements, by Santiago Ruano Rinc n Given that the Debian buildd network now relies on sbuild using the unshare backend, and that Salsa CI s reproducibility testing needs to be reworked (#399), Santiago resumed the work for moving the build job to use sbuild. There was some related work a few months ago that was focused on sbuild with the schroot and the sudo backends, but those attempts were stalled for different reasons, including discussions around the convenience of the move (#296). However, using sbuild and unshare avoids all of the drawbacks that have been identified so far. Santiago is preparing two merge requests: !568 to introduce a new build image, and !569 that moves all the extract-source related tasks to the build job. As mentioned in the previous reports, this change will make it possible for more projects to use the pipeline to build the packages (See #195). Additional advantages of this change include a more optimal way to test if a package builds twice in a row: instead of actually building it twice, the Salsa CI pipeline will configure sbuild to check if the clean target of debian/rules correctly restores the source tree, saving some CPU cycles by avoiding one build. Also, the images related to Ubuntu won t be needed anymore, since the build job will create chroots for different distributions and vendors from a single common build image. This will save space in the container registry. More changes are to come, especially those related to handling projects that customize the pipeline and make use of the extract-source job.

Coinstallable `build-essential`, by Helmut Grohne Building on the `gcc-for-host` work of last December, a notable patch turning `build-essential` `Multi-Arch: same` became feasible. Whilst the change is small, its implications and foundations are not. We still install `crossbuild-essential-$ARCH` for cross building and due to a `britney2` limitation, we cannot have it depend on the host s C library. As a result, there are workarounds in place for sbuild and pbuilder. In turning `build-essential` `Multi-Arch: same`, we may actually express these dependencies directly as we install `build-essential:$ARCH` instead. The `crossbuild-essential-$ARCH` packages will continue to be available as transitional dummy packages.

Python 3.13 transition, by Colin Watson and Stefano Rivera Building on last month s work, Colin, Stefano, and other members of the Debian Python team fixed 3.13 compatibility bugs in many more packages, allowing 3.13 to now be a supported but non-default version in testing. The next stage will be to switch to it as the default version, which will start soon. Stefano did some test-rebuilds of packages that only build for the default Python 3 version, to find issues that will block the transition. The default version transition typically shakes out some more issues in applications that (unlike libraries) only test with the default Python version. Colin also fixed Sphinx 8.0 compatibility issues in many packages, which otherwise threatened to get in the way of this transition.

Ruby 3.3 transition, by Lucas Kanashiro The Debian Ruby team decided to ship Ruby 3.3 in the next Debian release, and Lucas took the lead of the interpreter transition with the assistance of the rest of the team. In order to understand the impact of the new interpreter in the ruby ecosystem, ruby-defaults was uploaded to experimental adding ruby3.3 as an alternative interpreter, and a mass rebuild of reverse dependencies was done here. Initially, a couple of hundred packages were failing to build, after many rounds of rebuilds, adjustments, and many uploads we are down to 30 package build failures, of those, 21 packages were asked to be removed from testing and for the other 9, bugs were filled. All the information to track this transition can be found here. Now, we are waiting for PHP 8.4 to finish to avoid any collision. Once it is done the Ruby 3.3 transition will start in unstable.

Miscellaneous contributions

Enrico Zini redesigned the way nm.debian.org stores historical audit logs and personal data backups.

Carles Pina submitted a new package (python-firebase-messaging) and prepared updates for python3-ring-doorbell.

Carles Pina developed further po-debconf-manager: better state transition, fixed bugs, automated assigning translators and reviewers on edit, updating po header files automatically, fixed bugs, etc.

Carles Pina reviewed, submitted and followed up the debconf templates translation (more than 20 packages) and translated some packages (about 5).

Santiago continued to work on DebConf 25 organization related tasks, including handling the logo survey and results. Stefano spent time on DebConf 25 too.

Santiago continued the exploratory work about linux livepatching with Emmanuel Arias. Santiago and Emmanuel found a challenge since kpatch won t fully support linux in trixie and newer, so they are exploring alternatives such as klp-build.

Helmut maintained the /usr-move transition filing bugs in e.g. `bubblewrap`, `e2fsprogs`, `libvpd-2.2-3`, and `pam-tmpdir` and corresponding on related issues such as `kexec-tools` and `live-build`. The removal of the `usrmerge` package unfortunately broke `debootstrap` and was quickly reverted. Continued fallout is expected and will continue until `trixie` is released.

Helmut sent patches for 10 cross build failures and worked with Sandro Knau on stuck Qt/KDE patches related to cross building.

Helmut continued to maintain rebootstrap removing the need to build `gnu-efi` in the process.

Helmut collaborated with Emanuele Rocca and Jochen Sprickerhof on an interesting adventure in diagnosing why gcc would FTBFS in recent sbuild.

Helmut proposed supporting build concurrency limits in coreutils s nproc. As it turns out `nproc` is not a good place for this functionality.

Colin worked with Sandro Tosi and Andrej Shadura to finish resolving the multipart vs. python-multipart name conflict, as mentioned last month.

Colin upgraded 48 Python packages to new upstream versions, fixing four CVEs and a number of compatibility bugs with recent Python versions.

Colin issued an openssh bookworm update with a number of fixes that had accumulated over the last year, especially fixing GSS-API key exchange which had been quite broken in bookworm.

Stefano fixed a minor bug in debian-reimbursements that was disallowing combination PDFs containing JAL tickets, encoded in UTF-16.

Stefano uploaded a stable update to PyPy3 in bookworm, catching up with security issues resolved in cPython.

Stefano fixed a regression in the eventlet from his Python 3.13 porting patch.

Stefano continued discussing a forwarded patch (renaming the sysconfigdata module) with cPython upstream, ending in a decision to drop the patch from Debian. This will need some continued work.

Anupa participated in the Debian Publicity team meeting in December, which discussed the team activities done in 2024 and projects for 2025.

2 January 2025

Colin Watson: Free software activity in December 2024

Most of my Debian contributions this month were sponsored by Freexian, as well as one direct donation via Liberapay (thanks!). OpenSSH I issued a bookworm update with a number of fixes that had accumulated over the last year, especially fixing GSS-API key exchange which was quite broken in bookworm. base-passwd A few months ago, the adduser maintainer started a discussion with me (as the base-passwd maintainer) and the shadow maintainer about bringing all three source packages under one team, since they often need to cooperate on things like user and group names. I agreed, but hadn t got round to doing anything about it until recently. I ve now officially moved it under team maintenance. debconf Gioele Barabucci has been working on eliminating duplicated code between debconf and cdebconf, ultimately with the goal of migrating to cdebconf (which I m not sure I m convinced of as a goal, but if we can make improvements to both packages as part of working towards it then there s no harm in that). I finally got round to reviewing and merging confmodule changes in each of debconf and cdebconf. This caused an installer regression due to a weirdness in cdebconf-udeb s packaging, which I fixed - sorry about that! I ve also been dealing with a few patch submissions that had been in my queue for a long time, but more on that next month if all goes well. CI issues I noticed and fixed a problem with

Restrictions:
needs-sudo

in autopkgtest. I fixed broken aptly images in the Salsa CI pipeline. Python team Last month, I mentioned some progress on sorting out the multipart vs. python-multipart name conflict in Debian (#1085728), and said that I thought we d be able to finish it soon. I was right! We got it all done this month:

The Python 3.13 transition continues, and last month we were able to add it to the supported Python versions in testing. (The next step will be to make it the default.) I fixed lots of problems in aid of this, including:

audioread
celery
cloud-sptheme
djangorestframework
dominate
fenics-basix (investigated and suggested a fix, although it hasn t yet been uploaded)
ipykernel
ipython
jupyter-server (contributed upstream)
mdp (contributed upstream)
pastescript (contributed upstream)
pypandoc (contributed upstream)
python-aiosmtpd
python-cheroot
python-hjson
python-miio
python-pyramid
python-trustme (uploaded by Robie Basak)
rich (investigated and tested; uploaded by Sandro Tosi)
supervisor
tomopy

Sphinx 8.0 removed some old intersphinx_mapping syntax which turned out to still be in use by many packages in Debian. The fixes for this were individually trivial, but there were a lot of them:

I found that twisted 24.11.0 broke tests in buildbot and wokkel, and fixed those. I packaged python-flatdict, needed for a new upstream version of python-semantic-release. I tracked down a test failure in vdirsyncer (which I ve been using for some years, but had never previously needed to modify) and contributed a fix upstream. I fixed some packages to tolerate future versions of dh-python that will drop their dependency on python3-setuptools:

I fixed django-cte to remove a build-dependency on the obsolete python3-nose package. I added Django 5.1 support to django-polymorphic. (There are a number of other packages that still need work here.) I fixed various other build/test failures:

black
datalad-next: #1080969 and #1088038 (contributed upstream)
dipy (uploaded by Andreas Tille)
pyfribidi
pylibmc, fixing a build failure in cachelib
pympress
pytest-forked (contributed upstream)
python-mongomock: c03f91b51048 and c485fb8fef23
python-nox

I upgraded these packages to new upstream versions:

aioftp
alot
astroid
buildbot
cloudpickle (fixing a Python 3.13 failure)
django-countries
django-sass-processor
djoser (fixing CVE-2024-21543)
ipython
jsonpickle
lazr.delegates
loguru (fixing a Python 3.13 failure)
netmiko
pydantic
pydantic-core
pydantic-settings
pydoctor
pygresql
pylint (fixing Python 3.13 failures #1089758 and #1091029)
pypandoc (fixing a Python 3.12 warning)
python-aiohttp (fixing CVE-2024-52303 and CVE-2024-52304
python-aiohttp-security
python-argcomplete
python-asyncssh
python-click
python-cytoolz
python-jira (fixing a Python 3.13 failure)
python-limits
python-line-profiler
python-mkdocs
python-model-bakery
python-pgspecial
python-pyramid (fixing CVE-2023-40587)
python-pythonjsonlogger
python-semantic-release
python-utils
python-venusian
pyupgrade
pyzmq
quart
six
sqlparse
twisted
vcr.py
vulture
yoyo
zope.configuration
zope.testrunner

I updated the team s library style guide to remove material related to Python 2 and early versions of Python 3, which is no longer relevant to any current Python packaging work. Other Python upstream work I happened to notice a Twisted upstream issue requesting the removal of the deprecated twisted.internet.defer.returnValue, realized it was still used in many places in Debian, and went on a PR-filing spree informed by codesearch to try to reduce the future impact of such a change on Debian:

Other small fixes Santiago Vila has been building the archive with

make
--shuffle

(also see its author s explanation). I fixed associated bugs in cccc (contributed upstream), groff, and spectemu. I backported an upstream patch to putty to fix undefined behaviour that affected use of the small keypad . I removed groff s Recommends: libpaper1 (#1091375, #1091376), since it isn t currently all that useful and was getting in the way of a transition to libpaper2. I filed an upstream bug suggesting better integration in this area.

13 December 2024

Freexian Collaborators: Monthly report about Debian Long Term Support, November 2024 (by Roberto C. S nchez)

Like each month, have a look at the work funded by Freexian s Debian LTS offering.

Debian LTS contributors In November, 20 contributors have been paid to work on Debian LTS, their reports are available:

Abhijith PA did 14.0h (out of 6.0h assigned and 8.0h from previous period).

Adrian Bunk did 53.0h (out of 15.0h assigned and 85.0h from previous period), thus carrying over 47.0h to the next month.

Andrej Shadura did 7.0h (out of 7.0h assigned).

Arturo Borrero Gonzalez did 1.0h (out of 10.0h assigned), thus carrying over 9.0h to the next month.

Bastien Roucari s did 20.0h (out of 20.0h assigned).

Ben Hutchings did 0.0h (out of 24.0h assigned), thus carrying over 24.0h to the next month.

Chris Lamb did 18.0h (out of 18.0h assigned).

Daniel Leidert did 17.0h (out of 26.0h assigned), thus carrying over 9.0h to the next month.

Emilio Pozuelo Monfort did 40.5h (out of 60.0h assigned), thus carrying over 19.5h to the next month.

Guilhem Moulin did 7.25h (out of 7.5h assigned and 12.5h from previous period), thus carrying over 12.75h to the next month.

Jochen Sprickerhof did 3.5h (out of 10.0h assigned), thus carrying over 6.5h to the next month.

Lee Garrett did 14.75h (out of 15.25h assigned and 44.75h from previous period), thus carrying over 45.25h to the next month.

Lucas Kanashiro did 10.0h (out of 54.0h assigned and 10.0h from previous period), thus carrying over 54.0h to the next month.

Markus Koschany did 20.0h (out of 40.0h assigned), thus carrying over 20.0h to the next month.

Roberto C. S nchez did 6.75h (out of 9.75h assigned and 14.25h from previous period), thus carrying over 17.25h to the next month.

Santiago Ruano Rinc n did 24.75h (out of 23.5h assigned and 1.5h from previous period), thus carrying over 0.25h to the next month.

Sean Whitton did 2.0h (out of 6.0h assigned), thus carrying over 4.0h to the next month.

Sylvain Beucler did 21.5h (out of 9.5h assigned and 50.5h from previous period), thus carrying over 38.5h to the next month.

Thorsten Alteholz did 11.0h (out of 11.0h assigned).

Tobias Frost did 12.0h (out of 10.5h assigned and 1.5h from previous period).

Evolution of the situation In November, we have released 38 DLAs. The LTS coordinators, Roberto and Santiago, delivered a talk at the Mini-DebConf event in Toulouse, France. The title of the talk was How LTS goes beyond LTS . The talk covered work done by the LTS Team during the past year. This included contributions related to individual packages in Debian (such as tomcat, jetty, radius, samba, apache2, ruby, and many others); improvements to tooling and documentation useful to the Debian project as a whole; and contributions to upstream work (apache2, freeimage, node-dompurify, samba, and more). Additionally, several contributors external to the LTS Team were highlighted for their contributions to LTS. Readers are encouraged to watch the video of the presentation for a more detailed review of various ways in which the LTS team has contributed more broadly to the Debian project and to the free software community during the past year. We wish to specifically thank Salvatore (of the Debian Security Team) for swiftly handling during November the updates of needrestart and libmodule-scandeps-perl, both of which involved arbitrary code execution vulnerabilities. We are happy to see increased involvement in LTS work by contributors from outside the formal LTS Team. The work of the LTS Team in November was otherwise unremarkable, encompassing the customary triage, development, testing, and release of numerous DLAs, along with some associated contributions to related packages in stable and unstable.

Thanks to our sponsors Sponsors that joined recently are in bold.

Platinum sponsors:

Toshiba Corporation (for 110 months)

Civil Infrastructure Platform (CIP) (for 78 months)

VyOS Inc (for 42 months)

Gold sponsors:

Roche Diagnostics International AG (for 120 months)

Akamai - Linode (for 114 months)

Babiel GmbH (for 104 months)

Plat Home (for 103 months)

CINECA (for 78 months)

University of Oxford (for 60 months)

Deveryware (for 47 months)

EDF SA (for 32 months)

Dataport A R (for 7 months)

CERN (for 5 months)

Silver sponsors:

Domeneshop AS (for 125 months)

Nantes M tropole (for 119 months)

Univention GmbH (for 111 months)

Universit Jean Monnet de St Etienne (for 111 months)

Ribbon Communications, Inc. (for 105 months)

Exonet B.V. (for 95 months)

Leibniz Rechenzentrum (for 89 months)

Minist re de l Europe et des Affaires trang res (for 73 months)

Cloudways by DigitalOcean (for 62 months)

Dinahosting SL (for 60 months)

Bauer Xcel Media Deutschland KG (for 54 months)

Platform.sh SAS (for 54 months)

Moxa Inc. (for 48 months)

sipgate GmbH (for 46 months)

OVH US LLC (for 44 months)

Tilburg University (for 44 months)

GSI Helmholtzzentrum f r Schwerionenforschung GmbH (for 35 months)

Soliton Systems K.K. (for 32 months)

THINline s.r.o. (for 8 months)

Copenhagen Airports A/S

Bronze sponsors:

Evolix (for 125 months)

Seznam.cz, a.s. (for 125 months)

Intevation GmbH (for 122 months)

Linuxhotel GmbH (for 122 months)

Daevel SARL (for 121 months)

Bitfolk LTD (for 120 months)

Megaspace Internet Services GmbH (for 120 months)

Greenbone AG (for 119 months)

NUMLOG (for 119 months)

WinGo AG (for 118 months)

Entr ouvert (for 110 months)

Adfinis AG (for 107 months)

Laboratoire LEGI - UMR 5519 / CNRS (for 102 months)

Tesorion (for 102 months)

GNI MEDIA (for 101 months)

Bearstech (for 93 months)

LiHAS (for 93 months)

Catalyst IT Ltd (for 88 months)

Supagro (for 83 months)

Demarcq SAS (for 82 months)

Universit Grenoble Alpes (for 68 months)

TouchWeb SAS (for 60 months)

SPiN AG (for 57 months)

CoreFiling (for 53 months)

Institut des sciences cognitives Marc Jeannerod (for 48 months)

Observatoire des Sciences de l Univers de Grenoble (for 44 months)

Tem Innovations GmbH (for 39 months)

WordFinder.pro (for 38 months)

CNRS DT INSU R sif (for 37 months)

Alter Way (for 30 months)

Institut Camille Jordan (for 20 months)

SOBIS Software GmbH (for 5 months)

12 April 2023

Andrej Shadura: Connecting lights to a Swytch e-bike kit

Last year I purchased an e-bike upgrade kit for my mother in law. We decided to install it on a bicycle she originally bought back in the 80s, which I fixed and refurbished a couple of years ago and used until September 2022 when I bought myself a Dutch Cortina U4. When I used this bicycle, I installed a lightweight Shutter Precision dynamo hub and compatible lights, XLC at the front, B chel at the back. Unfortunately, since Swytch is a front wheel with a built-in electric motor, these lights don t have a dynamo to connect to anymore, and Swytch doesn t have a dedicated connector for lights. I tried asking the manufacturer for more documentation or schematics, but they refused to do so. Luckily, a Canadian member of the Pedelecs forum managed to reverse-engineer the Swytch connector pinouts, which gave me an idea on how to proceed. Unfortunately, that meant that I had to replace both lights, and by trial and error I found specific models that worked. Before the Axa lights, I also tried B chel s Tivoli e-bike light, but it didn t work because the voltage was too low:

Once I knew what to do, the rest was super easy So, here we go:

Get a 3-pin (yellow) male connector with a cable, e.g. off AliExpress. Only two wires will be used, the white one is +4.2V (4-point-2, not 42!), the black one is earth. This will go into the throttle port. If you actually have a throttle, you need some sort of Y-splitter, but I don t, so this was not an issue for me. (However, I bought both sides (M and F), just to be sure.)
Cable for the throttle port
Purchase an Axa 606 E6-48 front light. The 606 comes in two versions, for dynamos and e-bikes, use the one for e-bikes; despite being officially rated as 6 48V, these lights work quite well off 4.2V too.
Axa 606 E6-48 light
Purchase an Axa Spark Steady rear light. This light works with both AC and DC (just like the 606, the official rating is 6 48V), and works off 4.2V without an issue.
Axa Spark light
Wire lights up. I used tiny wire terminals to join the wires, but I m sure there are better options too. Insulate them well, make sure the red wire from the throttle connector is insulated too. I used a bunch of shrink tubes and black insulation tape. Since the voltage is not wildly different from what the dynamo hub produced (although AC, not DC), I was able to reuse the cable I had already routed to the rear carrier.
Lights go on automatically as soon as you touch the power button on the battery pack, and stay on until the battery pack is switched off completely. I was considering adding a handlebar switch, but since I lost the only one I had, I had to do without.

The side effect of using the Axa Spark at the rear is that it has a capacitor inside and keeps going for a couple more minutes after the battery pack is off I haven t decided whether that s a benefit or a drawback

23 April 2022

Andrej Shadura: To England by train (part 2)

My attempt to travel to the UK by train last year didn t go quite as well as I expected. As I mentioned in that blog post, the NightJet to Brussels was cancelled, forcing me to fly instead. This disappointed me so much that I actually unpublished the blog post minutes after it was originally put online. The timing was nearly perfect: I type make publish and I get an email from BB saying they don t know if my train is going to run. Of course it didn t, as Deutsche Bahn workers went ahead with their strike. The blog post sat in the drafts for more than half a year until yesterday, when I finally updated and published it. The reason I have finally published it is that I m going to the UK by train once again. Now, unless railways decide to hold a strike again, fully by train both ways. Very expensive, especially compared to the price of Ryanair flights to my destination. Unfortunately, even though Eurostar added more daily services, they re still not cheap, especially on a shorter notice. This seems to apply to the BB s NightJet even more: I tried many routes between Vienna and London, and the cheapest still seemed to be the connection through Brussels. While researching the prices of the tickets, it seems all booking systems decided to stop co-operating. The Trainline refused to let me look up any trains at all, even with all tracking and advertisement allowed, SNCF kepts showing me overly generic errors (Sorry, an error has occurred.), while the GWR booking system kept crashing with a 500 Internal Server Error for about two hours.

Error messages at the websites of Trainline, GWR and SNCF

Eventually, having spent a lot of time and money, I ve booked my trains to, within and back from England. This time, Cambridge is among the destinations.

The map of the train route from Bratislava to Cambridge through Brussels and London

Date	Station	Arrival	Departure	Train
26.4	Bratislava hl.st.		18:37	REX 2529
	Wien Hbf	19:44	20:13	NJ 40490
27.4	Bruxelles-Midi	9:54	15:56	EST 9145
	London St Pancras	17:01	17:43	ThamesLink
	Cambridge	18:43

I m not sure about it yet, but I may end up taking an earlier train from Bratislava just to ensure there s enough time for the change in Vienna; similarly, I m not sure how much time I will be spending at St Pancras, so I may take one of the later trains. P.S. The maps in this and other posts were created using uMap; the map data come from OpenStreetMap. The train route visualisation was generated with help of signal.eu.org.

22 April 2022

Andrej Shadura: To England by train (part 1)

This post was written in August 2021. Just as I was going to publish it, I received an email from BB stating that due to a railway strike in Germany my night train would be cancelled. Since the rest of the trip has already been booked well in advance, I had to take a plane to Charleroi and a bus to Brussels to catch my Eurostar. Ultimately, I ended up publishing it in April 2022, just as I m about to leave for a fully train-powered trip to the UK once again. Before the pandemic started, I planned to use the last months of my then-expiring UK visa and go to England by train. I ve completed two train long journeys by that time already, to Brussels and to Belarus and Ukraine, but this would be something quite different, as I wanted to have multiple stops on my way, use night trains where it made sense, and to go through the Channel Tunnel. The Channel Tunnel fascinated me since my childhood; I first read about it in the Soviet Science and Life magazine ( ) when I was seven. I ve never had the chance to use it though, since to board any train going though it I d first need to get to France, Belgium or the Netherlands, making it significantly more expensive than the cheap 30 Ryanair flights to Stansted. As the coronavirus spread across the world, all of my travel plans along with plans for a sabbatical had to be cancelled. During 2020, I only managed to go on two weekend trips to Prague and Budapest, followed by a two-weeks holiday on Crete (we returned just a couple of weeks before the infection numbers rose and lockdowns started). I do realise that a lot of people couldn t even have this much because the situation in their countries was much worse we were lucky to have had at least some travel. Fast forward to August 2021, I m fully vaccinated, I once again have a UK visa for five years, and the UK finally recognises the EU vaccination passports yay! I can finally go to Devon to see my mother and sister again. By train, of course. Compared to my original plan, this journey will be different: about the same or even more expensive than I originally planned, but shorter and with fewer stops on the way. My original plan would be to take multiple trains from Bratislava to France or Belgium and complete this segment of the trip in about three days, enjoying my stay in a couple of cities on the way. Instead, I m taking a direct NightJet from Vienna to Brussels, not stopping anywhere on the way.

Map: train route from Bratislava to Brussels

Since I was booking my trip just two weeks ahead, the price of the ticket is not that I hoped for, but much higher: 109 for the ticket itself and 60 for the berth (advance bookings could be about twice as cheap). Next, to London! Eurostar is still on a very much reduced schedule, running one train only from Amsterdam through Brussels and Lille to London each day. This means, of course, higher ticket prices (I paid about 100 for the ticket) and longer waiting time in Brussels my sleeper arrives about 10 am, but the Eurostar train is scheduled to depart at 3 pm.

Map: train route from Brussels to London

The train makes a stop in Lille, which I initially suspected to be risky as at the time when I booked my tickets, as at the time France was on the amber plus list for the UK, requiring a quarantine upon arrival. However, Eurostar announced that they will assign travellers from Lille to a different carriage to avoid other passengers having to go to quarantine, but recently France was taken off the amber plus list. The train fare system in the UK is something I don t quite understand, as sometimes split tickets are cheaper, sometimes they re expensive, sometimes prices for the same service at different times can be vastly different, off-peak tickets don t say what exactly off-peak means (very few people in the UK are asked were able to tell me when exactly off-peak hours are). Curiously, transfers between train stations using London Underground services can be included into railway tickets, but some last mile connection like Exeter to Honiton cannot (but this used to be possible). Both GWR.com and TrainLine refused to sell me a single ticket from London to Honiton through Exeter, insisting I split the ticket at Exeter St Davids or take the slower South Western train to Honiton via Salisbury and Yeovil. I ended up buying a 57 ticket from Paddington to Exeter St Davids with the first segment being the London Underground from St Pancras, and a separate 7.70 ticket to Honiton.

Map: arrival at St Pancras, the underground, departure from Paddington

Map: arrival at Exeter St Davids, change to a South Western train, arrival at Honiton

Date	Station	Arrival	Departure	Train
12.8	Bratislava-Petr alka		18:15	REX 7756
	Wien Hbf	19:15	19:53	NJ 50490
13.8	Bruxelles-Midi	9:55	15:06	EST 9145
	London St Pancras	16:03	16:34	TfL
	London Paddington	16:49	17:04	GWR 59231
	Exeter St Davids	19:19	19:25	SWR 52706
	Honiton	19:54

Unfortunately, due to the price of the tickets, I m taking a 15 Ryanair flight back Update after the journey Since I flew to Charleroi instead of comfortably sleeping in a night train, I had to put up with inconveniences of airports, including cumbersome connections to the nearby cities. The only reasonable way of getting from Charleroi to Brussels is an overcrowded bus which takes almost an hour to arrive. I used to take this bus when I tried to save money on my way to FOSDEM, and I must admit it s not something I missed. Boarding the Eurostar train went fine, my vaccination passport and Covid test wasn t really checked, just glanced at. The waiting room was a bit of a disappointment, with bars closed and vending machines broken. Since it was underground, I couldn t even see the trains until the very last moment when we were finally allowed on the platform. The train itself, while comfortable, disappointed me with the bistro carriage: standing only, instant coffee, poor selection of food and drinks. I m glad I bought some food at Carrefour at the Midi station! When I arrived in Exeter, I soon found out why the system refused to sell me a through ticket: 6 minutes is not enough to change trains at Exeter St Davids! Or, it might have been if I took the right footbridge but I took the one which led into a very talkative (and slow!) lift. I ended up running to the train just as it closed the doors and departed, leaving me tin Exeter for an hour until. I used this chance and walked to Exeter Central, and had a pint in a conveniently located pub around the corner. P.S. The maps in this and other posts were created using uMap; the map data come from OpenStreetMap. The train route visualisation was generated with help of the Raildar.fr OSRM instance.

12 December 2021

Andrej Shadura: Coffee gear upgrade

Two weeks ago I decided to make myself a combined birthday and Christmas present and upgrade my coffee gear. I ve got my first espresso machine back in 2013, it was a cheap Saeco Philips Poemia, which made reasonably drinkable coffee, but not being able to make good coffee made me increasingly unhappy about it. However, since it worked, I wasn t motivated enough to change anything until it stopped working. One day the nut holding the shower screen broke, and I couldn t replace it. Having no coffee machine is arguably worse than having a mediocre one, so I started looking for a new one in the budget range. Having spent about two months reading reviews for all sorts of manual espresso machines, I realised the best thing I can probably do for the money I was willing to spend at the time was to buy a second-hand Gaggia Classic. Which is what I did: I paid 260 to a person who apparently decided they prefer to press a button to get their espresso rather than have to prepare it themselves. My first attempts at making espresso weren t very much successful, as my hand grinder couldn t produce the right grind for espresso (without using pressurised baskets), so I quickly upgraded it to the 50 De Longhi electric grinder, which was much better for espresso.

Gaggia Classic 2015 and De Longhi grinder

This setup has worked for me for nearly 4 years, but over the time the Gaggia started malfunctioning. See, this particular Gaggia Classic is the 2015 model, which resulted in the overhaul of the design after Gaggia was acquired by Philips. They replaced the boiler, changed the exterior design a bit, and importantly for me replaced the fully metal group head with the metal and plastic version typically found in cheap espresso machines like my old Poemia.

The trouble with this one is that the plastic bit (barely seen on the picture, but it s inserted into the notches on the sides of the group head) is that it gets damaged over the time, especially when the portafilter is inserted very tightly. The more damaged it gets, the tigher it is necessary to insert the portafilter to avoid leakage, the more damaged it gets and so on. At one point, the Gaggia was leaking water every time I was making coffee, affecting the quality of the brew and making a mess in the kitchen. I made a mistake and removed the plastic bit only to realise it cannot be purchased separately and nobody knows how to put it back once it s been removed; I ended up paying more than a hundred euro to replace the group head as a whole. Once I ve got the Gaggia back, I became too conscious of the potential damage I can make by overengaging the portafilter, I decided it s probably the time to get a new coffee machine.

The makers of Gaggia listened to the critics and undid the 2015 changes to the Gaggia Classic design, reverting to the previous one and fixing it they basically merged the fixes many of the owners of the old Gaggia did themselves. The group head is now without any plastic, so I don t have to worry that much about damaging it accidentally. A friend pointed out that my grinder is probably not good enough and recommended a couple of models to me; I checked Kev s Coffee Blog and found a grinder, Sage Dose Control Pro, which was available on sale in my local shop for a reasonable price. I ve also got a portafilter holder to make tamping more comfortable I used to tamp against an edge of the sink:

The final setup:

Gaggia Classic 2019 and Sage BCG600 Dose Control Pro

What I learnt from this is that the grinder does indeed make a huge difference. I am now able to consistently produce brews I would only occasionally get with the old De Longhi grinder. There is one downside to the new grinder. Grinder review at Alza.sk

Happy with my new purchase, I went to read this review and thought to myself: lucky me, my grinder is absolutely quiet! And then I realised that the noise in my kitchen is not, in fact, produced by the fridge, but the grinder. Well, a cheap switched plug solved the issue completely (I wish sockets here each had a switch like they usually to in the UK!)

1 January 2021

Andrej Shadura: Transitioning to a new OpenPGP key

Following dkg s example, I decided to finally transition to my new ed25519/cv25519 key. Unlike Daniel, I m not yet trying to split identities, but I m using this chance to drop old identities I no longer use. My new key only has my main email address and the Debian one, and only those versions of my name I still want around. My old PGP key (at the moment in the Debian keyring) is:

pub   rsa4096/0x6EA4D2311A2D268D 2010-10-13 [SC] [expires: 2021-11-11]
      782130B4C9944247977B82FD6EA4D2311A2D268D
uid                   [ultimate] Andrej Shadura <andrew@shadura.me>
uid                   [ultimate] Andrew Shadura <andrew@shadura.me>
uid                   [ultimate] Andrew Shadura <andrewsh@debian.org>
uid                   [ultimate] Andrew O. Shadoura <Andrew.Shadoura@gmail.com>
uid                   [ultimate] Andrej Shadura <andrewsh@debian.org>
sub   rsa4096/0xB2C0FE967C940749 2010-10-13 [E]
sub   rsa3072/0xC8C5F253DD61FECD 2018-03-02 [S] [expires: 2021-11-11]
sub   rsa2048/0x5E408CD91CD839D2 2018-03-10 [S] [expires: 2021-11-11]

The is the key I ve been using in Debian from the very beginning, and its copies at the SKS keyserver network still have my first DD signature from angdraug:

sig  sig   85EE3E0E 2010-12-03 __________ __________ Dmitry Borodaenko <angdraug@mail.ru>
sig  sig   CB4D38A9 2010-12-03 __________ __________ Dmitry Borodaenko <angdraug@debian.org>

My new PGP key is:

pub   ed25519/0xE8446B4AC8C77261 2016-06-13 [SC] [expires: 2022-06-25]
      83DCD17F44B22CC83656EDA1E8446B4AC8C77261
uid                   [ultimate] Andrej Shadura <andrew@shadura.me>
uid                   [ultimate] Andrew Shadura <andrew@shadura.me>
uid                   [ultimate] Andrej Shadura <andrewsh@debian.org>
uid                   [ultimate] Andrew Shadura <andrewsh@debian.org>
uid                   [ultimate] Andrei Shadura <andrew@shadura.me>
sub   cv25519/0xD5A55606B6539A87 2016-06-13 [E] [expires: 2022-06-25]
sub   ed25519/0x52E0EA6F91F1DB8A 2016-06-13 [A] [expires: 2022-06-25]

If you signed my old key and are reading this, please consider signing my new key; if you feel you need to re-confirm this, feel free to contact me; otherwise, a copy of this statement signed by both the old and new keys is available here. I have uploaded this new key to keys.openpgp.org, and also published it through WKD and the SKS network. Both keys can also be downloaded from my website.

30 December 2020

Andrej Shadura: Making the blog part of the Fediverse and IndieWeb

I ve just made my blog available on the Fediverse, at least partially. Yesterday while browsing Hacker News, I saw Carl Schwan s post Adding comments to your static blog with Mastodon^(m) about him replacing Disqus with replies posted at Mastodon. Just on Monday I was thinking, why can t blogs participate in Fediverse? I tried to use WriteFreely as a replacement for Pelican, only to find it very limited, so I thought I might write a gateway to expose the Atom feed using ActivityPub. Turns out, someone already did that: Bridgy, a service connecting websites to Twitter, Mastodon and other social media, also has a Fediverse counterpart, Fed.brid.gy just what I was looking for! I won t go deeply into the details, but just outline issues I had to deal with:

Bridgy relies on microformats. While I had some microformats and Schema.org microdata already at both blog and the homepage, they were not sufficiently good for Bridgy to use.
Webmention: I had to set up https://webmention.io to act as Webmention host for me.
I ran into an issue with Mastodon being more picky about signatures which the author Ryan Barrett promptly fixed.

The end result is not fully working yet, since posts don t appear yet, but I can be found and followed as @shadura.me@shadura.me. As a bonus I enabled IndieAuth at my website, so I can log into compatible services with just the URL of my website.

22 December 2020

Andrej Shadura: Vendoring Rust dependencies for a Debian derivative

Recently, I needed to package a Rust crate libslirp for a Apertis, a Debian derivative. libslirp is used by the newly release UML backend of debos, our Debian image build tool. Unfortunately, this crate hasn t yet been properly packaged for Debian proper, so I could not simply pull the packaging from Debian. Even worse, its build dependencies haven t all been packaged yet. Most importantly, I have only uploaded zbus to Debian today, and at that time none of its dependencies were in Debian either. Another issue with this were that each crate is packaged for Debian as a separate package, making the process a bit more tricky since I d need to import all of the crates into Apertis separately. Doing that takes time and is further complicated by the CI loop we re using which requires the full build process to complete for a package before a pipeline a dependent package can run. Having all that considered, I took a shortcut: I vendored all the build dependencies with the package itself, and here s how. I started with debcargo-conf, where the not-yet-complete packaging lives. With debcargo, I generated the source package as if I were to upload to Debian. Since I ll be vendoring the dependencies, I have removed most of the Rust dependencies and replaced them with those extra dependencies needed by those crates. So, I replaced this:

Build-Depends: debhelper (>= 12),
 dh-cargo (>= 24),
 cargo:native,
 rustc:native,
 libstd-rust-dev,
 librust-enumflags2-0.6+default-dev (>= 0.6.4-~~),
 librust-ipnetwork-0.17+default-dev,
 librust-lazy-static-1+default-dev (>= 1.4-~~),
 librust-libc-0.2+default-dev,
 librust-libslirp-sys-4+default-dev (>= 4.2.0-~~),
 librust-libsystemd-0.2+default-dev,
 librust-mio-0.6+default-dev,
 librust-mio-extras-2+default-dev (>= 2.0.5-~~),
 librust-nix-0.17+default-dev,
 librust-slab-0.4+default-dev,
 librust-structopt-0.3+default-dev,
 librust-url-2+default-dev (>= 2.1-~~),
 librust-zbus-1+default-dev,
 librust-zvariant-2+default-dev

By this:

Build-Depends: debhelper (>= 12),
 dh-cargo (>= 17),
 cargo:native,
 rustc:native,
 libstd-rust-dev,
 pkg-config,
 libglib2.0-dev,
 libslirp-dev

I wanted to keep the delta to the future Debian package at a bare minimum, so I kept the original dh-cargo build process, only making sure the vendored dependencies are found in the right place. The cleanest approach in my view was to use the fact that the 3.0 (quilt) source format allows multiple original tarballs: the main tarball would be the same orig tarball as in Debian, and an extra tarball would contain the vendored code. When we sync with Debian, the extra tarball would be dropped, just as the adjustments to the debian/rules. To generate the vendor tarball, I added this to the rules file:

include /usr/share/dpkg/pkg-info.mk
vendor:
        -[ -d vendor ] && rm -rf vendor
        rm -rf Cargo.lock
        cargo vendor
        tar Jcf ../$(DEB_SOURCE)_$(DEB_VERSION_UPSTREAM).orig-vendor.tar.xz vendor/
.PHONY: vendor

This target, being run manually and not as part of the build process, download the latest dependencies satisfying the requirements in Cargo.toml and rolls them into a vendor tarball. Now, to make dh-cargo use the vendored code, we need to link it into the right place. dh-cargo creates a Cargo registry tree in a subdirectly under debian/ where it symlinks crates from the Rust development packages. This extra code makes sure the vendored dependencies are available there too:

override_dh_auto_configure:
        dh_auto_configure $@
        for d in vendor/* ; \
        do \
                [ -L debian/cargo_registry/$$(basename $$d) ] && rm debian/cargo_registry/$$(basename $$d) ; \
                ln -rs $$d debian/cargo_registry ; \
        done

An important thing here is that if the build happens on a non-clean system, dh-cargo may have symlinked a system crate already installed so we need to remove that symlink and replace it by ours. We build packages in clean chroots, so this is not that important, otherwise for reproducibility reasons it would be better to create the registry directory from scratch. The final package can be found at the Apertis GitLab.

16 August 2020

Andrej Shadura: Useful FFmpeg commands for video editing

As a response to Antonio Terceiro s blog post, I m publishing some FFmpeg commands I ve been using recently. Embedding subtitles Sometimes you have a video with subtitles in multiple languages and you don t want to clutter the directory with a lot of similarly-named files or maybe you want to be able to easily transfer the video and subtitles at once. In this case, it may be useful to embed to subtitles directly into the video container file.

ffmpeg -i video.mp4 -i video.eng.srt -map 0:v -map 0:a -c copy -map 1 \
        -c:s:0 mov_text -metadata:s:s:0 language="eng" video-out.mp4

This commands recodes the subtitle file into a format appropriate for the MP4 container and embeds it with a metadata element telling the video player what language it is in. You can add multiple subtitles at once, or you can also transcode the audio to AAC while doing so (I found that a lot of Android devices can t play Ogg Vorbis streams):

ffmpeg -i video.mp4 -i video.deu.srt -i video.eng.srt -map 0:v -map 0:a \
        -c:v copy -c:a aac -map 1 -c:s:0 mov_text -metadata:s:s:0 language="deu" \
                           -map 2 -c:s:1 mov_text -metadata:s:s:1 language="eng" video-out.mp4

Hard subtitles Sometimes you need to play the video with subtitles on devices not supporting them. In that case, it may be useful to hardcode the subtitles directly into the video stream:

ffmpeg -i video.mp4 -vf subtitles=video.eng.srt video-out.mp4

Unfortunately, if you also want to apply more transformations to the video, it starts getting tricky, the -vf option is no longer enough:

ffmpeg -i video.mp4 -i overlay.jpg -filter:a "volume=10" \
        -filter_complex '[0:v][1:v]overlay[outv];[outv]subtitles=video.eng.srt' \
                        video-out.mp4

This command adds an overlay to the video stream (in my case I overlaid a full frame over the original video offering some explanations), increases the volume ten times and adds hard subtitles. P.S. You can see the practical application of the above in this video with a head of one of the electoral commissions in Belarus forcing the members of the staff to manipulate the voting results. I transcribed the video in both Russian and English and encoded the English subtitles into the video.