FOSS Activites in December 2020

Here’s my (fifteenth) monthly update about the activities I’ve done in the F/L/OSS world.

Debian

This was my 24th month of contributing to Debian. I became a DM in late March last year and a DD last Christmas! \o/

Amongs a lot of things, this was month was crazy, hectic, adventerous, and the last of 2020 – more on some parts later this month.
I finally finished my 7th semester (FTW!) and moved onto my last one! That said, I had been busy with other things™ but still did a bunch of Debian stuff

Here are the following things I did this month:

Uploads and bug fixes:

• leiningen-clojure (2.9.1-3) - Fixing FTBFS, bug #973094.
• ruby-gh (0.18.0-2) - Fixing FTBFS, bug #976163.
• libgit2 (1.0.1+dfsg.1-3) - libgit2 transition; cf: bug #971571.
• libgit-raw-perl (0.87+ds-1) - Transition upload for bug #971567.
• python-pygit2 (1.3.0+dfsg1-2) - Transition upload for bug #971564.
• golang-gopkg-libgit2-git2go.v30 (30.3.2-1) - Transition upload for bug #976522.
• libgit2 (1.1.0+dfsg.1-1) - New upstream version, v1.1.0.
• golang-gopkg-libgit2-git2go.v31 (31.4.3-1) - Transition upload for bug #976522.
• libgit2 (1.1.0+dfsg.1-2) - libgit2 transition; cf: bug #971571.
• python-pygit2 (1.4.0+dfsg1-1) - New upstream version, v1.4.0.
• ruby-rugged (1.1.0+ds-1) - Transition upload for bug #971565.
• rails (2:6.0.3.4+dfsg-2) - Fixes for bug #976291 and 974065. Thanks, Praveen!
• ruby3.0 (3.0.0~preview2-1) - New upstream version, v3.0.0~preview2.
• golang-github-robertkrimen-otto (0.0~git20200922.ef014fd-1) - Fixing FTBFS, bug #976549.
• bidi-clojure (2.1.3-2) - Fixing FTBFS, bug #975224.
• comidi-clojure (0.3.2-2) - Fixing FTBFS, bug #975218.
• ruby3.0 (3.0.0~rc1-1) - New upstream version, v3.0.0~rc1.
• polybar (3.5.3-1) - New upstream version, v3.5.3.
• ruby3.0 (3.0.0-1) - New upstream version, v3.0.0. Merry Christmas! \o/
• pathetic-clojure (0.5.1-2) - Source-only upload for migration.
• url-clojure (0.1.1-2) - Source-only upload for migration.
• libgit2 (1.1.0+dfsg.1-3) - Fix for bug #972574. Thanks, Cedric!
• ruby-paper-trail (11.1.0-1) - New upstream version, 11.1.0.

Other $things:

• Attended the Debian Ruby team meeting.
• Mentoring for newcomers.
• FTP Trainee reviewing.
• Moderation of -project mailing list.
• Sponsored golang-github-gorilla-css for Fedrico.

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

This was my fifteenth month as a Debian LTS and sixth month as a Debian ELTS paid contributor.
I was assigned 26.00 hours for LTS and 38.25 hours for ELTS and worked on the following things:

LTS CVE Fixes and Announcements:

• Issued DLA 2474-1, fixing CVE-2020-28928, for musl.
  For Debian 9 Stretch, these problems have been fixed in version 1.1.16-3+deb9u1.
• Issued DLA 2481-1, fixing CVE-2020-25709 and CVE-2020-25710, for openldap.
  For Debian 9 Stretch, these problems have been fixed in version 2.4.44+dfsg-5+deb9u6.
• Issued DLA 2484-1, fixing #969126, for python-certbot.
  For Debian 9 Stretch, these problems have been fixed in version 0.28.0-1~deb9u3.
• Issued DLA 2487-1, fixing CVE-2020-27350, for apt.
  For Debian 9 Stretch, these problems have been fixed in version 1.4.11. The update was prepared by the maintainer, Julian.
• Issued DLA 2488-1, fixing CVE-2020-27351, for python-apt.
  For Debian 9 Stretch, these problems have been fixed in version 1.4.2. The update was prepared by the maintainer, Julian.
• Issued DLA 2495-1, fixing CVE-2020-17527, for tomcat8.
  For Debian 9 Stretch, these problems have been fixed in version 8.5.54-0+deb9u5.
• Issued DLA 2488-2, for python-apt.
  For Debian 9 Stretch, these problems have been fixed in version 1.4.3. The update was prepared by the maintainer, Julian.
• Issued DLA 2508-1, fixing CVE-2020-35730, for roundcube.
  For Debian 9 Stretch, these problems have been fixed in version 1.2.3+dfsg.1-4+deb9u8. The update was prepared by the maintainer, Guilhem.

ELTS CVE Fixes and Announcements:

• Issued ELA 324-1, fixing CVE-2020-28928, for musl.
  For Debian 8 Jessie, these problems have been fixed in version 1.1.5-2+deb8u2.
• Issued ELA 325-1, fixing CVE-2020-28896, for mutt.
  For Debian 8 Jessie, these problems have been fixed in version 1.5.23-3+deb8u4.
• Issued ELA 327-1, fixing CVE-2020-25709 and CVE-2020-25710, for openldap.
  For Debian 8 Jessie, these problems have been fixed in version 2.4.40+dfsg-1+deb8u8.
• Issued ELA 335-1, fixing CVE-2020-0499, for flac.
  For Debian 8 Jessie, these problems have been fixed in version 1.3.0-3+deb8u1.
• Issued ELA 340-1, fixing CVE-2020-35492, for cairo.
  For Debian 8 Jessie, these problems have been fixed in version 1.14.0-2.1+deb8u3.

Other (E)LTS Work:

• Front-desk duty from 21-12 until 27-12 and from 28-12 until 03-01 for both LTS and ELTS.
• Triaged openldap, python-certbot, lemonldap-ng, qemu, gdm3, open-iscsi, gobby, jackson-databind, wavpack, cairo, nsd, tomcat8, and bountycastle.
• Marked CVE-2020-17527/tomcat8 as not-affected for jessie.
• Marked CVE-2020-28052/bountycastle as not-affected for jessie.
• Marked CVE-2020-14394/qemu as postponed for jessie.
• Marked CVE-2020-35738/wavpack as not-affected for jessie.
• Marked CVE-2020-3550{3-6}/qemu as postponed for jessie.
• Marked CVE-2020-3550{3-6}/qemu as postponed for stretch.
• Marked CVE-2020-16093/lemonldap-ng as no-dsa for stretch.
• Marked CVE-2020-27837/gdm3 as no-dsa for stretch.
• Marked CVE-2020-{13987, 13988, 17437}/open-iscsi as no-dsa for stretch.
• Marked CVE-2020-35450/gobby as no-dsa for stretch.
• Marked CVE-2020-35728/jackson-databind as no-dsa for stretch.
• Marked CVE-2020-28935/nsd as no-dsa for stretch.
• Auto EOL’ed libpam-tacplus, open-iscsi, wireshark, gdm3, golang-go.crypto, jackson-databind, spotweb, python-autobahn, asterisk, nsd, ruby-nokogiri, linux, and motion for jessie.
• General discussion on LTS private and public mailing list.

Other $things! \o/

Bugs and Patches

Well, I did report some bugs and issues and also sent some patches:

• Issue #44 for github-activity-readme, asking for a feature request to set custom committer’s email address.
• Issue #711 for git2go, reporting build failure for the library.
• PR #89 for rubocop-rails_config, bumping RuboCop::Packaging to v0.5.
• Issue #36 for rubocop-packaging, asking to try out mutant :)
• PR #212 for cucumber-ruby-core, bumping RuboCop::Packaging to v0.5.
• PR #213 for cucumber-ruby-core, enabling RuboCop::Packaging.
• Issue #19 for behance, asking to relax constraints on faraday and faraday_middleware.
• PR #37 for rubocop-packaging, enabling tests against ruby3.0! \o/
• PR #489 for cucumber-rails, bumping RuboCop::Packaging to v0.5.
• Issue #362 for nheko, reporting a crash when opening the application.
• PR #1282 for paper_trail, adding RuboCop::Packaging amongst other used extensions.
• Bug #978640 for nheko Debian package, reporting a crash, as a result of libfmt7 regression.

Misc and Fun

Besides squashing bugs and submitting patches, I did some other things as well!

• Participated in my first Advent of Code event! :)
  Whilst it was indeed fun, I didn’t really complete it. No reason, really. But I’ll definitely come back stronger next year, heh! :)
  All the solutions thus far could be found here.
• Did a couple of reviews for some PRs and triaged some bugs here and there, meh.
• Also did some cloud debugging, not so fun if you ask me, but cool enough to make me want to do it again! ^_^
• Worked along with pollo, zigo, ehashman, rlb, et al for puppet and puppetserver in Debian. OMG, they’re so lovely! <3
• Ordered some interesting books to read January onward. New year resolution? Meh, not really. Or maybe. But nah.
• Also did some interesting stuff this month but can’t really talk about it now. Hopefully sooooon.

Until next time.
:wq for today.