FOSS Activites in May 2020
Here’s my (eighth) monthly update about the activities I’ve done in the F/L/OSS world.
This month marks my 15 months of contributing to Debian. And 6th month as a DD! \o/
Whilst I love doing Debian stuff, I have started spending more time on the programming
side now. And I hope to keep it this for some time now.
Of course, I’ll keep doing the Debian stuff, but just lesser in amount.
Anyway, the following are the things I did in May.
- ruby-aggregate (0.2.3-1) - got patches merged upstream.
- ruby-whenever (1.0.0-1) - new upstream version + take over maintenance.
- polybar (3.4.3-1) - fix GCC 10 compilation.
- ruby-dbus (0.16.0-1) - new upstream version + fix FTBFS (temporarily).
- ruby-rack (2.1.1-5) - use
Dir[glob]. Fixes CVE-2020-8161.
- ruby-espeak (1.0.4-2) - fix FTBFS (#952587).
- ruby-libnotify (0.9.4-1) - NEW (#961577). Needed by batalert.
- batalert (0.3.0-1) - NEW (#961580).
- golang-github-zyedidia-tcell (1.4.5-1) - fix tcell ID for micro.
- micro (2.0.4-1) - new release features + change in build path.
- Hosted Ruby team meeting. Logs here.
- Attended Debian Perl Sprints. Report here.
- Mentoring for newcomers.
- FTP Trainee reviewing.
- Moderation of -project mailing list.
- Got selected for GSoC’20 for Debian!
Experimenting and improving Ruby libraries FTW!
I have been very heavily involved with the Debian Ruby team for over an year now.
Thanks to Antonio Terceiro (and GSoC), I’ve started experimenting and taking more interest in upstream development and improvement of these libraries.
This has the sole purpose of learning. It has gotten fun since I’ve started doing Ruby.
And I hope it stays this way.
This month, I opened some issues and proposed a few pull requests. They are:
- Issue #802 against
wheneverfor Ruby2.7 test failures.
- Issue #8 against
aggregateasking upstream for a release on rubygems.
- Issue #104 against
irbfor asking more about
- Issue #1391 against
- Issue #1655 against
rackreporting test failures in the CVE fix.
- Issue #84 against
ruby-dbusfor help with Debian bug #836296.
- Issue #85 against
ruby-dbusasking if they still use
rDocfor doc generation.
- PR #9 against
aggregatefor dropping git from
- PR #804 against
wheneverfor dropping git from
- Packaged ruby-cmath as it was split from Ruby2.7; cf: (#961213).
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
This was my eighth month as a Debian LTS paid contributor. I was assigned 17.25 hours and worked on the following things:
CVE Fixes and Announcements:
Issued DLA 2191-1, fixing CVE-2020-10683, for dom4j.
For Debian 8 “Jessie”, this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u2.
Issued DLA 2192-1, fixing CVE-2020-10663, for ruby2.1.
For Debian 8 “Jessie”, this problem has been fixed in version 2.1.5-2+deb8u10.
Issued DLA 2208-1, fixing CVE-2020-11026, CVE-2020-11027, CVE-2020-11028, and CVE-2020-11029, for wordpress.
For Debian 8 “Jessie”, these problems have been fixed in version 4.1.30+dfsg-0+deb8u1.
Issued DLA 2210-1, fixing CVE-2020-3810, for apt.
This update was prepared by the maintainer, Julian. I just took care of the paperwork.
For Debian 8 “Jessie”, this problem has been fixed in version 220.127.116.11.6.
Other LTS Work:
- Triaged tika, freerdp, and apache2.
- Mark CVE-2020-12105/openconnect as
no-dsanot-affected for Jessie.
- Mark CVE-2020-9489/tika as
no-dsaignored for Jessie.
- Mark CVE-2020-11025/wordpres as not-affected for Jessie.
- Add fix for Add fix for CVE-2019-18823/condor.
- Requested CVE for bug#60251 against apache2.
- Raised issue #947 against sympa reporting an incomplete patch for CVE-2020-10936.
- Created the LTS Survey on the self-hosted LimeSurvey instance.
- Attended the second LTS meeting. Logs here.
- General discussion on LTS private and public mailing list.
Sometimes it gets hard to categorize work/things into a particular category.
That’s why I am writing all of those things inside this category.
This includes two sub-categories and they are as follows.
This month I could get the following things done:
- Wrote and published my first Ruby gem/library/tool on RubyGems! 💯
It’s open-sourced and the repository is here.
Bug reports and pull requests are welcomed! 😉
- Wrote a small Ruby script (available here) to install Ruby gems from Gemfile(.lock).
Needed this when I hit a bug while using ruby-standalone, which Antonio fixed pretty quickly! 🚀
- Had a coffee chat with John Coghlan! 🤗
Again, this contains all the things that I couldn’t categorize earlier.
Opened several issues and did a PR review:
- Issue #15434 against
phantomjs, asking to look into CVE-2019-17221. Still no action :/
- Issue #947 against
sympa, reporting an incomplete patch for CVE-2020-10936.
- Issue #2102 against
polybar, mentioning that the build is not reproducible.
- Issue #5521 against
libgit2, mentioning that the build is not reproducible.
- Reviewed PR #5523 for
polybar, which was a fix for the above issue.
Until next time.
:wq for today.