My FLOSS activities in December 2015

December 2015 was a month mainly dedicated to work for local contractors (local schools mainly) and my employer (University of Kiel, Git server migration).

At the end of the month I had the privilege of attending the 32c3 ([1]) where we had a little sprint for the Arctica Project. Thanks to my family and esp. to my wonderful wife for letting me attend this always fascinating event at the end of each year.

Horde Hacking

One of my local customers is really interested in using a non-gated-community mail provider, so he asked me to host his company's mail addresses on my mail company's server. Something I regularly don't offer (anymore) except for dear friends and very patient customers.

This customer sponsored several more work hours on hacking on the Kolab_Storage code in Horde and proposing bug fixes upstream [2,3,4,5,6,7,8]. Thanks for supporting my work on the Horde Groupware Framework. Thanks to Horde upstream maintainers (esp. Michael Rubinsky) for reacting on my bug submissions so promptly.

Debian and Debian LTS

Locally, I did a lot of work for our Debian Edu / Skolelinux customers again this months.

At one of our supported schools a minor security issue in mate-session-manager got discovered: If a "Switch User" request gets emitted via the logout dialog window, the screensaver does not get started. Until the screensaver timeout of the first user kicks in, it is then possible to switch back from the second user's to the first user's session. The issue has been reported upstream [9]. In the issue has been solved in Debian testing/unstable since upload of mate-session-manager 1.12.1-2.

In the context of the Debian MATE packaging team, I was able to start reviewing several of the MATE packages prepared by Martin Wimpress over the X-mas holidays. The last portion of reviewing was done during the first days of January. Uploads to Debian unstable have been done 24h ago.

Recenty, Bernhard Miklautz has started on preparing FreeRDP 2.0 releases upstream and he is also in charge of preparing the official FreeRDP 2.0 Debian packages (source upload is planned to be named freerdp2). Whenever Bernhard had question on packaging and Debian policy I did my best to answer his questions.

For the Debian LTS team I had to give back my 8h for December (4h of them got dispatched into January).

GitLab and LDAP

For my employer (University of Kiel) I run a GitLab installation hooked into an LDAP service. I discovered a security issue (type: privilege escalation) in the LDAP authentication scheme of GitLab and reported this issue upstream (undisclosed issue report for now).

The issue has not yet been solved appropriately by upstream. Discussion will be picked up when I am back at university and I tend to publishing the issue publicly if not addressed upstream appropriately within a reasonable amount of time.

Arctica Project

During the Arctica Project's sprint at 32c3 (everyone except me worked from remote) several achievements have been made:

  • Mailing list server [10] is up and running
  • Several commits on the nx-libs [11] project:
    • Dropping three more dusty X11 client libraries (libNX_Xcomposite, libNX_Xfixes, libNX_Xtst, libNX_Xinerama)
    • Merging-in a patch series from Ulrich Sibiller and myself that reinvents Xinerama support in nx-libs
    • Test and fix RPM builds after noone cared for them for at least half a year
  • The first Arctica Client draft is about to be ready for making the code public... (hopefully in January 2016)