Right here’s my (thirty-sixth) month-to-month however transient replace concerning the actions I’ve performed within the F/L/OSS world.
Debian
This was my forty fifth month of actively contributing to Debian.
I grew to become a DM in late March 2019 and a DD on Christmas ‘19! o/
There’s a bunch of issues I do, each, technical and non-technical. Listed below are the issues I did this month:
Debian Uploads
- rails (2:6.1.6.1+dfsg-2) – Add patch to permit Symbols in YAML columns, fixes #1018934.
- rails (2:6.1.6.1+dfsg-3) – Add patch to take away active_record.yaml initializers.
- rails (2:6.1.6.1+dfsg-4) – Add patch to permit Date, Time, ActiveSupport::HashWithIndifferentAccess in YAML columns.
- ruby-arbre (1.4.0-2) – Add patch to make use of selector to detect authenticity token enter.
- ruby-net-http-digest-auth (1.4.1-1) – New upstream model, v1.4.1 to repair the FTBFS w/ rails.
- rails (2:6.1.7+dfsg-1) – New upstream model, v6.1.7+dfsg.
- redmine (5.0.2-1) – New upstream model, v5.0.2 + fixes for #1017525, #1019607, #1019238, and #1014813.
- redmine (5.0.2-2) – Add patch to calm down pg’s model for autopkgtest.
- ruby-json-jwt (1.14.0-2) – No-change rebuild for unstable to repair #1011682.
- libexporter-tiny-perl (1.004002-1) – New upstream model, v1.004002.
Different $issues:
- Sponsored php-nikic-fast-route/1.3.0-4~bpo11+1 for William.
- Being an AM for Arun Kumar, course of #1024.
- Sponsoring stuff for non-DDs.
- Mentoring for newcomers.
- Moderation of -project mailing record.
Ubuntu
This was my twentieth month of actively contributing to Ubuntu.
Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of issues I do! o/
I largely labored on various things, I assume.
I used to be too lazy to keep up an inventory of issues I labored on so there’s
no concrete record atm. Perhaps I’ll get again to this part later or
will begin to record stuff from the autumn, as I used to be doing earlier than. 😀
Debian (E)LTS
Debian Lengthy Time period Assist (LTS) is a undertaking to increase the lifetime of all Debian secure releases to (at the very least) 5 years. Debian LTS isn’t dealt with by the Debian safety workforce, however by a separate group of volunteers and corporations focused on making it a hit.
And Debian Prolonged LTS (ELTS) is its sister undertaking, extending assist to the Jessie launch (+2 years after LTS assist).
This was my thirty-sixth month as a Debian LTS and twenty-seventh month as a Debian ELTS paid contributor.
I labored for 38.00 hours for LTS and 27.00 hours for ELTS.
LTS CVE Fixes and Bulletins:
- Rolled out announcement for src:flac.
- Rolled out announcement for src:ruby-rack.
- Issued DLA 3128-1, fixing CVE-2020-7677, for node-thenify.
For Debian 10 buster, these issues have been mounted in model 3.3.0-1+deb10u1. - Issued DLA 3129-1, fixing CVE-2019-17545 and CVE-2021-45943, for gdal.
For Debian 10 buster, these issues have been mounted in model 2.4.0+dfsg-1+deb10u1. - Checked out src:mbedtls which has about 18 CVEs opened in buster (together with no-dsa).
Additionally, spoke to the maintainer – they mentioned they’d be uncomfortable doing or reviewing the backport (though they initially mentioned they’d be joyful to assist). - Mounted src:rails regression by way of 2:6.1.6.1+dfsg-2, 2:6.1.6.1+dfsg-3, and a couple of:6.1.6.1+dfsg-4 for sid.
CVE-2022-32224 broke your entire world. 🙂 - Helped Abhijith determine the regression repair for CVE-2022-32224.
Additionally obtained that verified by the individuals who reported regression, Raphael, Sven, and Jude. The entire thread is on debian-lts@.
ELTS CVE Fixes and Bulletins:
- Rolled out announcemnet for src:ruby-tzinfo.
- Rolled out announcemnet for src:grubt.
- Issued ELA 682-1, fixing CVE-2022-31676, for open-vm-tools.
For Debian 9 stretch, these issues have been mounted in model 2:10.1.5-5055683-4+deb9u3. - Issued ELA 691-1, fixing CVE-2020-21365, for wkhtmltopdf.
For Debian 8 jessie, these issues have been mounted in model 0.12.1-2+deb8u1.
For Debian 9 stretch, these issues have been mounted in model 0.12.3.2-3+deb9u1. - Issued ELA 692-1, fixing CVE-2022-37452, for exim4.
For Debian 8 jessie, these issues have been mounted in model 4.84.2-2+deb8u9.
For Debian 9 stretch, these issues have been mounted in model 4.89-2+deb9u9. - Began to take a look at src:tiff once more. Has quite a lot of open points. Haven’t claimed the bundle formally but, although. 🙂
Different (E)LTS Work:
- Triaged rails,
node-thenify,
exim4,
wkhtmltopdf,
gdal, and
mbedtls. - Marked CVE-2019-25050/gdal as not-affected for buster.
- Marked CVE-2022-37451/exim4 as not-affected for stretch and jessie; following buster and bullseye.
- Helped and assisted new contributors becoming a member of Freexian (LTS/ELTS).
- Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
- Participated and helped fellow members with their queries by way of personal mail and chat.
- Basic and different discussions on LTS personal and public mailing record.
- Attended the month-to-month public assembly held on #debian-lts on September twenty ninth.
Till subsequent time.:wq
for at the moment.