FOSS Activites in April 2020

Here’s my (seventh) monthly update about the activities I’ve done in the F/L/OSS world.

Debian

It’s been 14 months since I’ve started contributing to Debian. And 4 months since I’ve been a Debian Developer. And in this beautiful time, I had this opprotunity to do and learn lots of new and interesting things. And most importantly, meet and interact with lots of lovely people! 💖
Debian is $home.

Uploads:

• libgit2 (0.28.5+dfsg.1-1) - new upstream version.
• ruby-ffi-compiler (1.0.1-1) - NEW (#955497).
• rake (13.0.1-3/4) - using --gem-install layout and fixing autopkgtest.
• mcollective (2.12.5+dfsg-1) - new upstream version.
• ruby-guard (2.16.2-1) - fix regression caused by pry’s upload (#954724).
• ruby-pry-byebug (3.9.0-1) - fix regression caused by pry’s upload (#954572).
• ruby-ahoy-matey (3.0.2-1) - new upstream version.
• ruby-http-parser (1.2.1-1) - NEW (#955589).
• ruby-http-parser.rb (0.6.0-5) - Drop Conflicts field.
• golang-github-awalterschulze-gographviz (2.0.1-1) - new upstream version.
• ruby-ffi-yajl (2.3.1-3) - fix build in ARM $arch.
• ruby-http (4.4.1-1) - new upstream version ((#890075 and #858140).
• ruby-twitter (7.0.0-1) - new upstream version.
• ruby-rack (2.1.1-2) - migration to unstable.
• ruby-rack-oauth2 (1.11.0-1) - fix FTBFS.
• ruby-crb-blast (0.6.9-4) - fix regression caused by ruby-bio (#954536).
• ruby-sassc-rails (2.1.2-5) - Add Breaks+Replaces for ruby-sass-rails (#952682 and #954544).
• libdbd-firebird-perl (1.32-1) - new upstream version.
• ruby-minitest-global-expectations (1.0.1-1) - NEW (#956051).
• golang-github-cheekybits-genny (1.0.0-1) - NEW (#956128).
• node-clipboard (2.0.6+ds-1~bpo10+1) - backporting to buster.
• micro (2.0.2-3) - use cut -d'-' -f1 to just show upstream version.
• golang-github-go-errors-errors (1.0.1-4) - fix build and autopkgtest (#954521).
• micro (2.0.2-3~bpo10+1) - backporting to buster.
• libgit2 (1.0.0+dfsg.1-1) - new upstream version.
• micro (2.0.3-1) - add support for +LINE:COL flag syntax for cursor position (#953427).

Other $things:

• Attended Ruby team meeting. Logs here.
• Attended Perl team LHF. Report here.
• Sponsored a lot of uploads for William Desportes and Adam Cecile.
• Mentoring for newcomers.
• FTP Trainee reviewing.
• Moderation of -project mailing list.
• Applied for DUCI project for Google Summer of Code 2020.

Ruby2.7 Migration:

Ruby2.7 was recently released on 25th December, 2019. Santa’s gift. Believe it or not. We, the Debian Ruby team, have been trying hard to make it migrate to testing. And it finally happened. The default version in testing is ruby2.7. Here’s the news! \o/
Here’s what I worked on this month for this transition.

Upstream:

Opened several issues and proposed patches (in the form of PRs):

• Issue #35 against encryptor for Ruby2.7 test failures.
• Issue #28 against image_science for removing relative paths.
• Issue #106 against ffi-yajl for Ruby2.7 test failures.
• PR #5 against aggregate for simply using require.
• PR #6 against aggregate for modernizing CI and adding Ruby 2.5 and 2.7 support.
• Issue #13 against espeak-ruby for Ruby2.7 test failures.
• Issue #4 against tty-which for test failures in general.
• Issue #11 against packable for Ruby2.7 test failures. PR #12 has been proposed.
• Issue #10 against growl for test failures and proposed an initial patch.

Downstream:

I fixed and uploaded the following packages in Debian:

• puppet-beaker (4.21.0-1) - new upstream version and fix FTBFS (#956595 and #954614).
• ruby-fakeweb (1.3.0+git20170806+dfsg1-2) - fix autopkgtest (#952042).
• puppet-lint (2.4.2-2) - fix FTBFS for Ruby2.7 migration.
• ruby-hoe (3.22.1+dfsg1-1) - new upstream version and fix FTBFS (#952041).
• rake-compiler (1.0.5-2) - fix FTBFS.
• ruby-aggregate (0.2.2-3) - fix autopkgtest.
• facter (3.11.0-4) - fix autopkgtest (#955582).

Debian LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
This was my seventh month as a Debian LTS paid contributor. I was assigned 24.00 hours and worked on the following things:

CVE Fixes and Announcements:

• Issued DLA 2178-1, fixing CVE-2020-11728 and CVE-2020-11729, for awl.
  For Debian 8 “Jessie”, these problems have been fixed in version 0.55-1+deb8u1.

• Issued DLA 2179-1, fixing CVE-2020-10968, CVE-2020-10969, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, and CVE-2020-11620, for jackson-databind.
  For Debian 8 “Jessie”, these problems have been fixed in version 2.4.2-2+deb8u14.

• Issued DLA 2180-1, fixing CVE-2020-11736, for file-roller.
  For Debian 8 “Jessie”, this problem has been fixed in version 3.14.1-1+deb8u2.

• Issued DLA 2190-1, fixing CVE-2020-10663, for ruby-json.
  For Debian 8 “Jessie”, this problem has been fixed in version 1.8.1-1+deb8u1.

Other LTS Work:

• Triaged jackson-databind, libconvert-asn1-perl, file-roller, awl, dom4j, and openvpn.
• Mark CVE-2013-7488/libconvert-asn1-perl as no-dsa for Jessie.
• Mark CVE-2020-11810/openvpn as no-dsa for Jessie.
• Ping ntp’s upstream for relevant commits.
• Mark CVE-2019-16782/ruby-rack as no-dsa for Jessie.
• Attended first LTS meeting. Logs here.
• General discussion on LTS mailing list.

Other(s)

Sometimes it gets hard to categorize work/things into a particular category.
That’s why I am writing all of those things inside this category.
This includes two sub-categories and they are as follows.

Personal:

This month I could get the following things done:

• Most importantly, I finally migrated to a new website. Huge UI imporvement! \o/
  From Jekyll to Hugo, it was not easy. But it was worth it! Many thanks to Luiz for writing hugo-coder, Clement, and Samyak! 🔥
  If you find any flaws, issues and pull requests are welcomed at utkarsh2102/utkarsh2102.org
• Wrote battery-alert, a mini-project of my own to show battery alerts at <10% and >90%.
  Written in shell, it brings me all the satisfaction as it has saved my life on many occasions.
  And guess what? It has more users than just myself! 😉
  Reviews and patches are welcomed \o/
• Mentored in HackOn Hackathon. Thanks to Manvi for reaching out! 🤗
  It was fun to see people developing some really nice projects.
• Thanks to Ray and John, I became a GitLab Hero! 🥳
  (I am yet to figure out my role and responibility though)
• Atteneded Intro Sec Con and had the most fun!
  Heard Ian’s keynote and attended other talks and learned how to use WireShark! 🦈

Open Source:

Again, this contains all the things that I couldn’t categorize earlier.
Opened several issues and pull requests:

• Issue #297 against hugo-coder, asking to enable RSS feed for blogs.
• PR #316 for hugo-coder for fixing the above issue myself.
• Issue #173 against arbre for requesting a release.
• Issue #104 against combustion, asking to relax dependency on rubocop. Fixed in this commit.
• Issue #16 against ffi-compiler for requesting to fix homepage and license.
• Issue #57 against gographviz for requesting a release.
• Issue #14 against crb-blast, suggesting compatability with bio 2.0.x.
• Issue #58 against uniform_notifier for asking to drop the use of ruby-growl.
• PR #2072 for polybar, adding installation instructions on Debian systems.

Until next time.
:wq for today.