The following contributors got their Debian Developer accounts in the last two months:

• Richard Laager (rlaager)
• Thiago Andrade Marques (andrade)
• Vincent Prat (vivi)
• Michael Robin Crusoe (crusoe)
• Jordan Justen (jljusten)
• Anuradha Weeraman (anuradha)
• Bernelle Verster (indiebio)
• Gabriel F. T. Gomes (gabriel)
• Kurt Kremitzki (kkremitzki)
• Nicolas Mora (babelouest)
• Birger Schacht (birger)
• Sudip Mukherjee (sudip)

The following contributors were added as Debian Maintainers in the last two months:

• Marco Trevisan
• Dennis Braun
• Stephane Neveu
• Seunghun Han
• Alexander Johan Georg Kj ll
• Friedrich Beckmann
• Diego M. Rodriguez
• Nilesh Patra
• Hiroshi Yokota

Congratulations!

Welcome to gambaru.de. Here is my monthly report that covers what I have been doing for Debian. If you re interested in Java, Games and LTS topics, this might be interesting for you. Debian Games

• I backported freeciv, freeorion and minetest to stretch-backports.
• The bug fix (#866378) for 3dchess also landed in Stretch and Jessie.
• I sponsored Lugaru for Vincent Prat and Martin Erik Werner, a really cool 3D fighting game featuring a rabbit. The game is dfsg-free now and will replace openlugaru.
• I uploaded fifechan to unstable and packaged new upstream versions of fife, unknown-horizons, adonthell-data and hyperrogue.
• I fixed bugs in bloboats (#864534), lordsawar (RC #866988), kraptor (#826423), pathogen (#845991), fretsonfire (#866426), blockout2 (#826416), boswars (#827112), kanatest (RC #868315, fix also backported to Stretch), overgod (#827114), morris (#829948, #721834, #862224), mousetrap (#726842), alsoft-conf (#784052, #562898) and nikwi (#835625)
• I uploaded a new revision of clanlib and teg fixing Perl transition bugs. The patches were provided by gregor herrmann. I added myself to Uploaders in case of teg because the package was missing a human maintainer.
• I adopted trackballs after I discovered #868983 where Henrique de Moraes Holschuh called attention to a new fork of Trackballs. The current version was broken and unplayable and it was only a matter of time before the game was removed from Debian. I could fix a couple of bugs, forwarded some issues upstream and I believe a nice game was saved.
• I uploaded Bullet 2.86.1 to unstable and completed another Bullet transition.

Debian Java

• Almost all PDFsam dependencies were accepted into the archive this month. I had to update some of them and removed patches that were needed for the initial bootstrapping. I also uploaded libmetadata-extractor-java to unstable. Now only fontawesomefx is missing to complete the PDFsam update.
• I cleaned up vecmath.
• I prepared a security update for undertow issued as DSA 3906-1.
• New upstream releases: jansi, jansi-native, libpdfbox-java, qdox2.
• Bug fixes: felix-bundlerepository (RC #868074), netbeans (RC #868931, #865715), libnb-platform18-java (RC #868923), easymock (RC #869018).

Debian LTS This was my seventeenth month as a paid contributor and I have been paid to work 23,5 hours on Debian LTS, a project started by Rapha l Hertzog. In that time I did the following:

• From 24. July until 31. July I was in charge of our LTS frontdesk. I triaged bugs in tinyproxy, varnish, freerdp, ghostscript, gcc-4.6, gcc-4.7, fontforge, teamspeak-server, teamspeak-client, qpdf, nvidia-graphics-drivers and sipcrack. I also pinged Diego Biurrun for more information about the next libav update and replied to questions on the debian-lts mailing list and LTS IRC channel.
• DLA 1034-1. Issued a security update for php5 fixing 5 CVE. I discussed CVE-2017-11362 with the security team. We came to the conclusion that it was no security issue but just a normal bug.
• DLA 1036-1. Issued a security update for gsoap fixing 1 CVE.
• DLA 1037-1. Issued a security update for catdoc fixing 1 CVE.
• DLA 613-2. Issued a regression update for roundcube.
• DLA 1045-1. Issued a security update for graphicsmagick fixing 10 CVE.
• DLA 1047-1. Issued a security update for supervisor fixing 1 CVE.
• DLA-1048-1. Issued a security update for ghostscript fixing 8 CVE.

Non-maintainer upload

• I uploaded the security fix for spice to unstable which was already fixed in Stretch and earlier versions.

Thanks for reading and see you next time.

The following contributors got their Debian Developer accounts in the last two months:

• Ulrike Uhlig (ulrike)
• Hanno Wagner (wagner)
• Jose M Calhariz (calharis)
• Bastien Roucari s (rouca)

The following contributors were added as Debian Maintainers in the last two months:

• Dara Adib
• F lix Sipma
• Kunal Mehta
• Valentin Vidic
• Adrian Alves
• William Blough
• Jan Luca Naumann
• Mohanasundaram Devarajulu
• Paulo Henrique de Lima Santana
• Vincent Prat

Congratulations!

What happened in the reproducible builds effort between February 21th and February 27th:

Toolchain fixes Didier Raboud uploaded pyppd/1.0.2-4 which makes PPD generation deterministic. Emmanuel Bourg uploaded plexus-maven-plugin/1.3.8-10 which sorts the components in the components.xml files generated by the plugin. Guillem Jover has implemented stable ordering for members of the control archives in .debs. Chris Lamb submitted another patch to improve reproducibility of files generated by cython.

Packages fixed The following packages have become reproducible due to changes in their build dependencies: dctrl-tools, debian-edu, dvdwizard, dymo-cups-drivers, ekg2, epson-inkjet-printer-escpr, expeyes, fades, foomatic-db, galternatives, gnuradio, gpodder, gutenprint icewm, invesalius, jodconverter-cli latex-mk, libiio, libimobiledevice, libmcrypt, libopendbx, lives, lttnganalyses, m2300w, microdc2, navit, po4a, ptouch-driver, pxljr, tasksel, tilda, vdr-plugin-infosatepg, xaos. The following packages became reproducible after getting fixed:

• afterstep/2.2.12-7 by Robert Luberda.
• arachne-pnr/0~20150927gitefdb026-2 uploaded by Ruben Undheim, patch by Dhole.
• astroquery/0.3.1+dfsg-2 by Vincent Prat.
• compton-conf/0.1.0+20151226-2 uploaded by Alf Gaida, original patch by Dhole.
• disque/1.0~rc1-5 uploaded by Chris Lamb, issue identified by Reiner Herrmann.
• foo2zjs/20151024dfsg0-2 by Didier Raboud.
• gnugo/3.8-9 uploaded by Martin A. Godisch, original patch by Reiner Herrmann.
• hplip/3.16.2+repack0-4 by Didier Raboud.
• ibus-braille/0.1.2.99+git1.a95477d-4 by Samuel Thibault.
• iputils/3:20150815-1 by Noah Meyerhans, original patch by Juan Picca.
• jimtcl/0.76-2 by Didier Raboud.
• jodconverter/2.2.2-8 uploaded by Samuel Thibault, original patch by Reiner Herrmann.
• jts/1.14+ds-1~exp1 by Bas Couwenberg.
• loadlin/1.6f-5 by Samuel Thibault.
• lximage-qt/0.4.0+20160108-3 by ChangZhuo Chen ( ), patch by Dhole.
• modello/1.8.3-2 by Emmanuel Bourg.
• obconf-qt/0.9.0+20151227-2 uploaded by Alf Gaida, original patch by Dhole.
• pcmanfm-qt/0.10.1-2 uploaded by Alf Gaida, original patch by Dhole.
• pnm2ppa/1.13-7 by Didier Raboud.
• screengrab/1.95+20160128-2 uploaded by Alf Gaida, original patch by Dhole.
• sip4/4.17+dfsg-2 uploaded by Scott Kitterman, original patch by Reiner Herrmann.
• spades/3.7.0+dfsg-1 by Sascha Steinbiss.
• sphinxtrain/1.0.8+5prealpha-4 by Samuel Thibault.
• tcsh/6.18.01-5 uploaded by Thomas Lange, original patch by Reiner Herrmann.
• ubertooth/2015.09.R2-4 by Ruben Undheim.
• watchdog/5.15-1 by Michael Meskes.
• xfonts-a12k12/1-12 uploaded by Nobuhiro Iwamatsu, original patch by Chris Lamb.

Some uploads fixed some reproducibility issues, but not all of them:

• gridsite/2.2.6-2 by Mattias Ellert.
• gsoap/2.8.28-2 by Mattias Ellert.
• natbraille/2.0rc3-3 by Samuel Thibault.
• pairs/4:15.04.3-1 uploaded by Maximiliano Curia, original patch by Scarlett Clark.

tests.reproducible-builds.org The reproducibly tests for Debian now vary the provider of /bin/sh between bash and dash. (Reiner Herrmann)

diffoscope development diffoscope version 50 was released on February 27th. It adds a new comparator for PostScript files, makes the directory tests pass on slower hardware, and line ordering variations in .deb md5sums files will not be hidden anymore. Version 51 uploaded the next day re-added test data missing from the previous tarball. diffoscope is looking for a new primary maintainer.

Package reviews 87 reviews have been removed, 61 added and 43 updated in the previous week. New issues: captures_shell_variable_in_autofoo_script, varying_ordering_in_data_tar_gz_or_control_tar_gz. 30 new FTBFS have been reported by Chris Lamb, Antonio Terceiro, Aaron M. Ucko, Michael Tautschnig, and Tobias Frost.

Misc. The release team reported on their discussion about the topic of rebuilding all of Stretch to make it self-contained (in respect to reproducibility). Christian Boltz is hoping someone could talk about reproducible builds at the openSUSE conference happening June 22nd-26th in N rnberg, Germany.

What happened in the reproducible builds effort between February 14th and February 20th 2016:

Toolchain fixes Yaroslav Halchenko uploaded cython/0.23.4+git4-g7eed8d8-1 which makes its output deterministic. Original patch by Chris Lamb. Didier Raboud uploaded pyppd/1.0.2-3 to experimental which now serialize PPD deterministically. Lunar submitted two patches for lcms to add a way for clients to set the creation date/time in profile headers and initialize all bytes when writing named colors.

Packages fixed The following packages have become reproducible due to changes in their build dependencies: dbconfig-common, dctrl-tools, dvdwizard, ekg2, expeyes, galternatives, gpodder, icewm, latex-mk, libiio, lives, navit, po4a, tasksel, tilda, vdr-plugin-infosatepg, xaos. The following packages became reproducible after getting fixed:

• calendarserver/7.0+dfsg-1 uploaded by Rahul Amaram, issue fixed upstream, obsolete patch by Esa Peuha.
• charybdis/3.5.0-1 uploaded by Antoine Beaupr , fixed upstream.
• cpio/2.11+dfsg-5 uploaded by Anibal Monsalve Salazar, patch by Lunar.
• fdroidserver/0.6.0-1 uploaded by Hans-Christoph Steiner, original patch by Reiner Herrmann.
• filter/2.6.3+ds1-2 by Axel Beckert.
• foxyproxy/4.5.5-debian-1 uploaded by David Pr vot, patch by Dhole.
• fpga-icestorm/0~20151006git103e6fd-3 by Ruben Undheim.
• gutenprint/5.2.11~pre1-1 uploaded by Didier Raboud, fixed upstream.
• juce/4.1.0+repack-2 by IOhannes m zm lnig.
• libjxp-java/1.6.1-6 by Emmanuel Bourg.
• libpgm/5.2.122~dfsg-2 uploaded by Laszlo Boszormenyi, patch by Lunar.
• modello/1.8.3-2 by Emmanuel Bourg.
• python-hypothesis/3.0.2-1 by Tristan Seligmann, fixed upstream.
• tcsh/6.18.01-4 uploaded by Thomas Lange, original patch by Reiner Herrmann.

Some uploads fixed some reproducibility issues, but not all of them:

• astroquery/0.3.1+dfsg-1 uploaded by Vincent Prat, original patch by Juan Picca.
• vtk-dicom/0.7.4-1 by Gert Wollny.

Unknown status:

• tomcat7/7.0.68-1 by Emmanuel Bourg (test suite fails in test environment).

Patches submitted which have not made their way to the archive yet:

• #814840 on tor by Petter Reinholdtsen: use the UTC timezone when calling asciidoc.
• #815082 on arachne-pnr by Dhole: use the C locale to format the changelog date.
• #815192 on manpages-de by Reiner Herrmann: tell grep to always treat the input as text so that it works with non-UTF-8 locales.
• #815193 on razorqt by Reiner Herrmann: tell grep to always treat the input as text so that it works with non-UTF-8 locales.
• #815250 on jacal by Reiner Herrmann: use the C locale to format the build date.
• #815252 on colord by Lunar: remove extra timestamps when generating CMF and spectra and implement support for SOURCE_DATE_EPOCH.

reproducible.debian.net Two new package sets have been added: freedombox and freedombox_build-depends. (h01ger)

diffoscope development diffoscope version 49 was released on February 17th. It continues to improve handling of debug symbols for ELF files. Their content will now be compared separately to make them more readable. The search for matching debug packages is more efficient by looking only for .deb files in the same parent directory. Alongside more bug fixes, support for ICC profiles has been added, and libarchive is now also used to read metadata for ar archives.

strip-nondeterminism development Reiner Herrmann added support to normalize Gettext .mo files.

Package reviews 170 reviews have been removed, 172 added and 54 updated in the previous week. 34 new FTBFS bugs have been opened by Chris Lamb, h01ger and Reiner Herrmann. New issues added this week: lxqt_translate_desktop_binary_file_matched_under_certain_locales, timestamps_in_manpages_generated_by_autogen. Improvements to the prebuilder script: avoid ccache, skip disorderfs hook if device nodes cannot be created, compatibility with grsec trusted path execution (Reiner Herrmann), code cleanup (Esa Peuha).

Misc. Steven Chamberlain highlighted reproducibility problems due to differences in how Linux and FreeBSD handle permissions for symlinks. Some possible ways forward have been discussed on the reproducible-builds mailing list. Bernhard M. Wiedemann reported on some reproducibility tests made on OpenSuse mentioning the growing support for SOURCE_DATE_EPOCH. If you are eligible for Outreachy or Google Summer of Code, consider spending the summer working on reproducible builds!