Here’s my (twenty-first) monthly but brief update about the activities I’ve done in the F/L/OSS world.
However, this wasn’t really a good month for mental health. And so apparently lesser work but still more than nothing, heh. :D
As a side note, this month, I spent a lot of time on Clubhouse, the new social audio app, at least in India. (I am sure you’d have heard?) Anyway, I made some friends there; more on that later, maybe? (ik, I say that a lot, but ugh, I’ll get to it!)
Anyway, I did the following stuff in Debian:
Uploads and bug fixes:
- rails (2:126.96.36.199+dfsg-1+deb10u3) - Fix for CVE-2021-22885/#988214, CVE-2021-22904/#988214, and CVE-2021-22880.
- eterm (0.9.6-6.1) - Fix CVE-2021-33477/#989041 for Debian unstable, a.k.a. sid.
- eterm (0.9.6-5+deb10u1) - Fix CVE-2021-33477/#989041 for Debian 10, buster.
- micro (2.0.9-1) - New upstream version, v2.0.9.
- ruby-httpclient (2.8.3-3) - Disable tests related to
HTTP_PROXYas Launchpad builders don’t like them.
- Mentoring for newcomers.
- Moderation of -project mailing list.
This month, again, was dedicated to PHP 8.0, transitioning from PHP 7.4 to 8.0. And finally, I and Bryce were able to complete the transition! \o/
This month, I also became an Ubuntu Core Developer. :D I’ll write about it in sometime; lol, yet another promise. Heh.
That said, the things that I mostly worked on are:
Uploads & Syncs:
- [2021-06-01] No-change rebuild for php-email-validator/3.1.1-2build1.
- [2021-06-01] php-cache-integration-tests/0.17.0-1ubuntu1 (fix build w/ symfony & php-twig.
- [2021-06-02] php-league-mime-type-detection/1.5.1+ds-2ubuntu1 (fix tests w/ PHP 8.0).
- [2021-06-02] php-sabredav/1.8.12-9ubuntu1 (fix autopkgtest w/ PHP 8.0).
- [2021-06-03] sync-request/php-doctrine-annotations (1.12.1-1) (from experimental) - LP: #1929738.
- [2021-06-03] php-twig/3.3.2-1ubuntu2 (make it build; circular-dependency breakthrough! \o/).
- [2021-06-03] symfony/5.2.6+dfsg-1ubuntu1 (make it build; circular-dependency breakthrough! \o/).
- [2021-06-04] php-cache-tag-interop/1.0.1-1ubuntu1 (fix FTBFS w/ Psr/Cache).
- [2021-06-04] php-doctrine-bundle/2.2.3-1ubuntu1 (make it build; circular-test-dependency breakthrough! \o/).
- [2021-06-07] symfony/5.2.6+dfsg-1ubuntu2 (fix FTBFS & tests w/ PHP 8 & Psr/Cache).
- [2021-06-09] No-change rebuild for phpmyadmin/4:5.0.4+dfsg2-2ubuntu3.
- [2021-06-09] php-twig/3.3.2-1ubuntu3 (re-enable tests & re-add symfony-based extensions).
- [2021-06-11] No-change rebuild for zeroc-ice/3.7.5-2build1.
- [2021-06-11] No-change rebuild for php-uopz/6.1.2-4build2.
- [2021-06-17] php-text-captcha/1.0.2-8ubuntu1 (fix FTBFS w/ PHP 8).
- [2021-06-17] php-imagick/3.4.4+php8.0+3.4.4-2+deb11u2ubuntu1 (fix FTBFS w/ PHP 8).
- [2021-06-18] sync’d/doctrine (2.8.4+dfsg-1) (from experimental).
- [2021-06-18] php-symfony-security-acl/3.1.1-1ubuntu1 (fix FTBFS w/ PHP 8).
- [2021-06-19] phpmyadmin/4:5.0.4+dfsg2-2ubuntu5 (fix uninstallability issues for php-defaults).
- [2021-06-19] php-zend-stdlib/3.3.1-3ubuntu1 (fix tests w/ PHP 8).
- [2021-06-21] phpseclib/1.0.19-3ubuntu2 (fix build & tests w/ PHP 8).
- [2021-06-22] filed hints w/ Iain (laney) to make php-defaults migrate - MP #404519.
- [2021-06-23] announced the end of PHP 8.0’s successful tranisition on ubuntu-devel@. Thread here! \o/
- Shadowed Christian Ehrhardt on his +1. My report here.
- Added hints for schleuder; MP #404025.
- Fixed ruby-httpclient via 2.8.3-3 in Debian.
- Requested removal of ruby-gitlab-pg-query from Impish (-proposed) - LP: #1931257.
- Re-triggered python-django-debug-toolbar/1:3.2.1-1 for amd64 and it passed & migrated.
- Fixed ruby-rails-html-sanitizer via 1.3.0-2 in Debian to make it work with newer API of ruby-loofah.
- Re-triggered ruby-stackprof with glibc as triggers on amd64; it passed & unblocked glibc.
- Re-triggered ruby-ferret with glibc as triggers on amd64; it passed & unblocked glibc.
- Re-triggered ruby-hiredis with glibc as triggers on armhf; it passed & unblocked glibc.
- Added hints for ruby-excon on s390x; MP #404113.
- [2021-06-01] MP #403562/prips for Impish - MP: #403562.
- [2021-06-17] MP #404326/python-aws-requests-auth for Impish - MP #404326.
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my twenty-first month as a Debian LTS and eleventh month as a Debian ELTS paid contributor.
I was assigned 40.00 hours for LTS and 40.00 hours for ELTS and worked on the following things:
LTS CVE Fixes and Announcements:
- Issued DLA 2670-1, fixing CVE-2021-23017, for nginx.
For Debian 9 stretch, these problems have been fixed in version 1.10.3-1+deb9u6.
- Issued DLA 2671-1, fixing CVE-2021-33477, for rxvt-unicode.
For Debian 9 stretch, these problems have been fixed in version 9.22-1+deb9u1.
- Issued DLA 2681-1, fixing CVE-2021-33477, for eterm.
For Debian 9 stretch, these problems have been fixed in version 0.9.6-5+deb9u1.
- Prepped and uploaded a fix for CVE-2021-33477 to Debian unstable. News here.
For Debian unstable, these problems have been fixed in version 0.9.6-6.1.
- Prepped and uploaded a fix for CVE-2021-33477 to Debian buster-pu. News here.
For Debian 10 buster, these problems have been fixed in version 0.9.6-5+deb10u1.
- Issued DLA 2682-1, fixing CVE-2021-33477, for mrxvt.
For Debian 9 stretch, these problems have been fixed in version 0.5.4-2+deb9u1.
- Issued DLA 2683-1, fixing CVE-2017-7483 and CVE-2021-33477, for rxvt.
For Debian 9 stretch, these problems have been fixed in version 1:2.7.10-7+deb9u2.
- Issued DLA 2700-1, fixing CVE-2019-19630, CVE-2021-20308, CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191, CVE-2021-23206, CVE-2021-26252, CVE-2021-26259, and CVE-2021-26948, for htmldoc.
For Debian 9 stretch, these problems have been fixed in version 1.8.27-8+deb9u1.
ELTS CVE Fixes and Announcements:
- Issued ELA 437-1, fixing CVE-2021-23017, for nginx.
For Debian 8 jessie, these problems have been fixed in version 1.6.2-5+deb8u8.
- Issued ELA 448-1, fixing CVE-2021-3429, for cloud-int.
For Debian 8 jessie, these problems have been fixed in version 0.7.6~bzr976-2+deb8u3.
- Issued ELA 451-1, fixing CVE-2021-20308, CVE-2021-23158, CVE-2021-23165, CVE-2021-23180, CVE-2021-23191, CVE-2021-23206, CVE-2021-26252, CVE-2021-26259, and CVE-2021-26948, for htmldoc.
For Debian 8 jessie, these problems have been fixed in version 1.8.27-8+deb8u2.
- Issued ELA 452-1, fixing CVE-2021-3572, for python-pip.
For Debian 8 jessie, these problems have been fixed in version 1.5.6-5+deb8u2.
- Issued ELA 454-1, fixing CVE-2021-3630, for djvulibre.
For Debian 8 jessie, these problems have been fixed in version 188.8.131.52-4+deb8u4.
- Started working on intel-microcode fixes; have been waiting to see if there are any regressions noticed on sid, bullseye, and buster. Except for 0x906ea processors, everything seems fine so far, at least.
Other (E)LTS Work:
- Front-desk duty from 28-06 until 04-07 for both LTS and ELTS.
- Triaged rails, nginx, eterm, mrxvt, rxvt, ieee-data, cloud-init, intel-microcode, htmldoc, djvulibre, composter, and curl.
- Mark CVE-2021-30535/icu as not-affected for stretch.
- Mark CVE-2017-7483 as fixed via +deb9u2 upload.
- Auto EOL’ed unrar-nonfree, darktable, mruby, htslib, ndpi, dcraw, libspring-security-2.0-java, rabbitmq-server, and linux for jessie.
- [LTS] Discussed ieee-data’s fix for LTS. Thread here.
- [ELTS] Discussed cloud-init’s logs w/ Raphael and ask for a rebuild.
- [(E)LTS] Discussed intel-microcode’s status w/ the maintainer and track regressions, et al.
- [(E)LTS] Discussed htmldoc’s situation; about upgrade problems and prep a fix for that.
- Attended monthly Debian LTS meeting.
- Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
- General and other discussions on LTS private and public mailing list.
Until next time.
:wq for today.