My FLOSS activities in January 2016

In January 2016 I was finally able to work on various FLOSS topics again (after two months of heavily focussed local customer work):

  • Upload of MATE 1.12 to Debian unstable
  • Debian LTS packaging and front desk work
  • Other Debian activies
  • Edu Workshop in Kiel
  • Yet another OPSI Packaging Project

Upload of MATE 1.12 to Debian testing/unstable

At the beginning of the new year, I finalized the bundle upload of MATE 1.12 to Debian unstable [1]. All uploaded packages are available in Debian testing (stretch) and Ubuntu xenial by now. MATE 1.12 will also be the version shipped in Ubuntu MATE 16.04 LTS.

Additionally, I finally uploaded caja-dropbox to Debian unstable (non-free), thanks to Vangelis Mouhtsis and Martin Wimpress for doing first steps preparations. The package has already left Debian's NEW queue, but unfortunately has been removed from Debian testing (stretch) again due to build failures in one of its dependencies.

Debian LTS work

In January 2016 I did my first round of Debian LTS front desk work [2]. Before actually starting with my front desk duty, I worked myself through the documentation and found it difficult to understand the output of the lts-cve-triage.py script. So, I proposed various improvments to the output of that script (all committed by now).

During the second week of January then, I triaged the following packages regarding known/open CVE issues:

  • isc-dhcp (CVE-2015-8605)
  • gosa (CVE-2015-8771, CVE-2014-9760)
  • roundcube (CVE-2015-8770)
  • openssh (CVE-2016-1908), status not decided yet
  • gdcm (CVE-2015-8396, CVE-2015-8397)
  • ffmpeg, qemu (reached end-of-life in Debian Squeeze LTS)

I also took a quite intensive look at dhcpd (CVE-2016-1503, CVE-2016-1504). However, the code differences between recent dhcpcd5 versions and the 3.x dhcpcd version in Debian Squeeze LTS are too great to reach a concrete decision on that without attempting to exploit dhcpcd in Debian Squeeze LTS or to get feedback from the dhcpcd upstream maintainer/developer.

Also I prepared three uploads to Debian Squeeze LTS in January 2016:

  • libvncserver [3] (including a regression upload)
  • isc-dhcp [4]
  • gosa [5]

The first upload of package isc-dhcp caused some waves, unfortunately. The DHCP server shipped with isc-dhcp suddenly looked for its configuration file in /etc/dhcpd.conf (instead of /etc/dhcp/dhcpd.conf). This issue only occurred for the amd64 version of the package. Cause of this issue has been a flaw in my local build system that fortunately now has been sorted out. Again a deep apology for this hassle.

The above amount of work covered 23h, 16h of which have been paid by Freexian (run by Raphael Hertzog). Thanks to every one supporting Debian LTS, thanks to Raphael for running this project via his business.

Other Debian activities

Some other packages that I maintain received an update in Debian unstable, as well:

  • onboard [6]
  • GOsa [7]
  • MATE Menu (sponsored/team upload) [8]
  • MATE Tweak (sponsored/team upload) [9]

Edu Workshop in Kiel

During the last week of January 2016, we (Project: IT-Zukunft Schule) had visitors from Norway. Klaus Ade Johnstad and Linnea Skogtvedt came by to hold a common workshop on various topics related to FLOSS and education. The time has been very intense and absolutely inspiring. I will post a separate blog article on this soon.

Yet another OPSI Packaging Project

One outcome of our Edu Workhop in Kiel is the founding of yet another OPSI packaging project: https://github.com/OpsiPackages. More on this in a later post on this blog.

light+love,
Mike

[1] http://sunweavers.net/blog/node/30
[2] https://wiki.debian.org/LTS/Development#Frontdesk_duties
[3] https://lists.debian.org/debian-lts-changes/2016/01/msg00002.html
[4] https://lists.debian.org/debian-lts-changes/2016/01/msg00011.html,
https://lists.debian.org/debian-lts-changes/2016/01/msg00019.html
[5] https://lists.debian.org/debian-lts-changes/2016/01/msg00034.html
[6] https://lists.debian.org/debian-devel-changes/2016/01/msg00117.html
[7] https://lists.debian.org/debian-devel-changes/2016/01/msg00490.html,
https://lists.debian.org/debian-devel-changes/2016/01/msg02152.html
[8] https://lists.debian.org/debian-devel-changes/2016/01/msg02758.html
[9] https://lists.debian.org/debian-devel-changes/2016/01/msg02764.html,
https://lists.debian.org/debian-devel-changes/2016/01/msg03077.html

light+love
Mike