| CARVIEW |
Select Language
HTTP/2 200
accept-ranges: bytes
age: 0
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; fwd=miss
content-encoding: gzip
content-type: application/xml
date: Fri, 26 Dec 2025 14:34:15 GMT
etag: "1a899bafb895f5da82189e34e5ea8d47-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01KDDH9T14PM5SYQAQQSAT5EVF
utkarsh2102 https://utkarsh2102.org/Recent content on utkarsh2102 Hugo -- gohugo.io en Sun, 30 Nov 2025 11:11:11 +0530 FOSS Activites in November 2025 https://utkarsh2102.org/posts/foss-in-nov-25/Sun, 30 Nov 2025 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-nov-25/ <p>Here’s my monthly but brief update about the activities I’ve done in the FOSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>Whilst I didn’t get a chance to do much, here are still a few things that I worked on:</p>
<ul>
<li>Did a few sessions with the new DFSG team to help kickstart things, et al.</li>
<li>Assited a few folks in getting their patches submitted via Salsa.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a> back in February 2021.</p>
<p>Whilst I can’t give a full, detailed list of things I did, here’s a quick TL;DR of what I did:</p>
<ul>
<li>Successfully released <a href="https://discourse.ubuntu.com/t/resolute-snapshot-1-released/72760">Resolute Snapshot 1</a>!
<ul>
<li>This one was particularly interesting as it was done without the ISO tracker and cdimage access.</li>
<li>There are some wrinkles that need ironing out for the next snapshot.</li>
</ul>
</li>
<li>Resolute Raccoon is now fully and formally open.</li>
<li>Assisted a bunch of folks with my Archive Admin and Release team hats to:
<ul>
<li>review NEW packages for Ubuntu Studio.</li>
<li>remove old binaries that are stalling transition and/or migration.</li>
<li>LTS requalification of Ubuntu flavours.</li>
<li>bootstrapping dotnet-10 packages.</li>
<li>removal of openjdk-19 from Jammy, which sparked some interesting discussions.</li>
</ul>
</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p>This month I have worked 22 hours
on <a href="https://www.freexian.com/lts/debian/">Debian Long Term Support (LTS)</a>
and on its sister <a href="https://www.freexian.com/lts/extended/">Extended LTS</a>
project and did the following things:</p>
<ul>
<li>
<p><strong>wordpress</strong>: There were multiple vulnerabilities reported in Wordpress, leading to Sent Data & Cross-site Scripting.</p>
<ul>
<li><strong>[bookworm]</strong>: Roberto rightly pointed out that the upload to bookworm hadn’t gone through last month, so I re-uploaded <strong>wordpress/6.1.9+dfsg1-0+deb12u1</strong> to <strong>bookworm-security</strong>.</li>
<li>This is now released as <a href="https://lists.debian.org/debian-security-announce/2025/msg00241.html">DSA 6075-1</a>.</li>
</ul>
</li>
<li>
<p><strong>ruby-rack</strong>: There were multiple vulnerabilities reported in Rack, leading to DoS (memory exhaustion) and proxy bypass.</p>
<ul>
<li><strong>[ELTS]</strong>: Last month I had backported fixes for CVE-2025-46727 & CVE-2025-32441 to buster and stretch but the other backports were being a bit tricky due to really old versions.</li>
<li>I spent a bit more time but there’s a lot to demystify. Gonna take a bit of break from this one and come back to this after doing other updates. Might even consider sending a RFH to the list.</li>
</ul>
</li>
<li>
<p><strong>libwebsockets</strong>: Multiple issues were reported in LWS causing denial of service and stack-based buffer overflow.</p>
<ul>
<li><strong>[LTS]</strong>: For <strong>bullseye</strong>, these were <a href="https://tracker.debian.org/news/1689800/accepted-libwebsockets-4020-2deb11u1-source-into-oldoldstable-security/">fixed via <strong>4.0.20-2+deb11u1</strong></a>. And released as <a href="https://lists.debian.org/debian-lts-announce/2025/11/msg00016.html">DLA 4373-1</a>.</li>
</ul>
</li>
<li>
<p><strong>mako</strong>: It was found that Mako, a Python template library, was vulnerable to a denial of service attack via crafted regular expressions.</p>
<ul>
<li><strong>[LTS]</strong>: For <strong>bullseye</strong>, these were <a href="https://tracker.debian.org/news/1694871/accepted-mako-113ds1-2deb11u1-source-into-oldoldstable-security/">fixed via <strong>1.1.3+ds1-2+deb11u1</strong></a>. And released as <a href="https://lists.debian.org/debian-lts-announce/2025/12/msg00004.html">DLA 4393-1</a>.</li>
<li>Backporting tests was an interesting exercise as I had to make them compatible with the bullseye version. :)</li>
</ul>
</li>
<li>
<p><strong>ceph</strong>: Affected by CVE-2024-47866, using the argument <code>x-amz-copy-source</code> to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack.</p>
<ul>
<li><strong>[LTS]</strong>: Whilst the patch is straightforward, backports are a bit tricky. I’ve prepared the update but would like to reach out to zigo, the maintainer, to make sure nothing regresses.</li>
<li><strong>[ELTS]</strong>: Same as LTS, I’d like to get a quick review and upload to LTS first before I start staging uploads for ELTS.</li>
</ul>
</li>
<li>
<p><strong>[LTS]</strong> Attended the monthly LTS meeting on IRC. <a href="https://lists.debian.org/debian-lts/2025/11/msg00023.html">Summary here</a>.</p>
<ul>
<li>It was also followed by a 50-minute post-meeting technical discussion/question session.</li>
</ul>
</li>
<li>
<p><strong>[E/LTS]</strong> Monitored discussions on mailing lists, IRC, and all the documentation updates. Thanks, Sylvain, for a great documentation summary.</p>
</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in October 2025 https://utkarsh2102.org/posts/foss-in-oct-25/Thu, 30 Oct 2025 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-oct-25/ <p>Here’s my monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>Whilst I didn’t get a chance to do much, here’s still a few things that I worked on:</p>
<ul>
<li>Uploaded ruby-rack, 3.1.18-1, to fix a bunch of CVEs.</li>
<li>Asssited a few folks in getting their patches submitted via Salsa.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a> back in February 2021.</p>
<p>Whilst I can’t give a full, detailed list of things I did, here’s a quick TL;DR of what I did:</p>
<ul>
<li>Successfully released <a href="https://discourse.ubuntu.com/t/ubuntu-25-10-questing-quokka-released/69067">Ubuntu 25.10 - Questing Quokka</a>!
<ul>
<li>This one was particularly interesting as I pressed the “release” button at 8:30 AM from my room. :)</li>
<li>The earliest we’ve ever released so far!</li>
</ul>
</li>
<li>Started work on archive opening and <a href="https://lists.ubuntu.com/archives/ubuntu-devel/2025-October/043470.html">Resolute Raccoon is now open for development</a>!</li>
<li>I also attended the Ubuntu Summit held in London this time.
<ul>
<li>I even gave a talk about “<a href="https://discourse.ubuntu.com/t/ubuntu-s-monthly-snapshots-why-we-did-this-to-ourselves/67261/1">Ubuntu’s Monthly Snapshots: Why We Did This to Ourselves</a>".</li>
</ul>
</li>
<li>From there, I flew to Gothenburg, Sweden to attend the product roadmap & engineering sprints.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p>This month I have worked
16 hours on <a href="https://www.freexian.com/lts/debian/">Debian Long Term Support (LTS)</a> and
05 hours on its sister <a href="https://www.freexian.com/lts/extended/">Extended LTS</a> project and
did the following things:</p>
<ul>
<li>
<p><strong>ruby-rack</strong>: There were multiple vulnerabilities reported leading to DoS (memory exhaustion) and proxy bypass.</p>
<ul>
<li><strong>[unstable/forky]</strong>: Uploaded a <a href="https://tracker.debian.org/news/1684537/accepted-ruby-rack-3118-1-source-into-unstable/">fix to <strong>unstable</strong> via <strong>3.1.18-1</strong></a> to fix 5 CVEs.</li>
<li><strong>[trixie/bookworm]</strong>: Uploaded a fix for all 5 CVEs in <strong>trixie</strong> via <strong>3.1.18-1~deb13u1</strong> and 7 CVEs in <strong>bookworm</strong> via <strong>2.2.20-0+deb12u1</strong>.</li>
<li><strong>[LTS]</strong>: Uploaded a fix for all 7 CVEs in <strong>bullseye</strong> via <strong>2.1.4-3+deb11u4</strong>. And released <a href="https://lists.debian.org/debian-lts-announce/2025/11/msg00000.html">DLA 4357-1</a>.</li>
<li><strong>[ELTS]</strong>: Backported fixes for CVE-2025-46727 & CVE-2025-32441 to buster and stretch but the other backports are being a bit tricky due to really old versions. But I’ll spend some more time there before coming to a conclusion.</li>
</ul>
</li>
<li>
<p><strong>wordpress</strong>: There were multiple vulnerabilities reported leading to Sent Data & Cross-site Scripting.</p>
<ul>
<li><strong>[bookworm]</strong>: Prepared a fix for all 4 CVEs in <strong>bookwrom</strong> via <strong>6.1.9+dfsg1-0+deb12u1</strong>. Awaiting review from the Security team.</li>
<li><strong>[LTS]</strong>: Uploaded a fix for all 4 CVEs in <strong>bullseye</strong> via <strong>5.7.14+dfsg1-0+deb11u1</strong>. And released <a href="https://lists.debian.org/debian-lts-announce/2025/11/msg00001.html">DLA 4358-1</a>.</li>
</ul>
</li>
<li>
<p><strong>[LTS]</strong> Attended the monthly LTS meeting on Jitsi. <a href="https://lists.debian.org/debian-lts/2025/10/msg00026.html">Summary here</a>.</p>
</li>
<li>
<p><strong>[E/LTS]</strong> Monitored discussions on mailing lists, IRC, and all the documentation updates.</p>
</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in September 2025 https://utkarsh2102.org/posts/foss-in-sept-25/Tue, 30 Sep 2025 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-sept-25/ <p>Here’s my monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>Whilst I didn’t get a chance to do much, here’s still a few things that I worked on:</p>
<ul>
<li>Helped sponsor a patch for net-tools for Helge.
<ul>
<li><a href="https://salsa.debian.org/debian/net-tools/-/merge_requests/5">https://salsa.debian.org/debian/net-tools/-/merge_requests/5</a>.</li>
</ul>
</li>
<li>Asssited Anshul in his interest to do a Go 1.25 transition.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a> back in February 2021.</p>
<p>Whilst I can’t give a full, detailed list of things I did, here’s a quick TL;DR of what I did:</p>
<ul>
<li>Successfully and timely <a href="https://lists.ubuntu.com/archives/ubuntu-announce/2025-September/000316.html">released 25.10 (Questing Quokka) Beta</a>! \o/</li>
<li>Continued to hold weekly release syncs, et al.</li>
<li>Granted FFe and triaged a bunch of other bugs from both, Release team and Archive Admin POV. :)</li>
<li>360s were fab - I was a peak performer again. Yay!</li>
<li>Preparing for the 25.10 Release sprints in London and then the Summit.</li>
<li>Roadmap planning for the Release team.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p>This month I have worked 16.50 hours on <a href="https://www.freexian.com/lts/debian/">Debian Long Term Support (LTS)</a> and
05.50 hours on its sister <a href="https://www.freexian.com/lts/extended/">Extended LTS</a> project and did the following things:</p>
<ul>
<li><strong>[E/LTS]</strong> Frontdesk duty from 22nd September to 28th September.
<ul>
<li>Triaged lemonldap-ng, ghostscript, dovecot, node-ip, webkit2gtk, wpewebkit, libscram-java, keras, openbabel, gegl, tiff, zookeeper, squid, ogre-1.12, mapserver, ruby-rack.</li>
<li>Auto-EOL’d a few packages.</li>
<li>Also circled back on previously opened ticket for supported packages for ELTS.</li>
<li>Partially reviewed and added comment on <a href="https://gitlab.com/freexian/services/deblts-team/debian-lts/-/merge_requests/64">Emilio’s MP</a>.</li>
<li>Re-visited an old thread (in order to fully close it) about issues being fixed in buster & bookworm but not in bullseye. And brought it up in the LTS meeting, too.</li>
</ul>
</li>
<li><strong>[LTS]</strong> Partook in some internal discussions about introducing support for handling severity of CVEs, et al.
<ul>
<li>Santiago had asked for an input from people doing FD so spent some time reflecting on his proposal and getting back with thoughts and suggestions.</li>
</ul>
</li>
<li><strong>[LTS]</strong> Helped Lee with testing gitk and git-gui aspects of his git update.</li>
<li><strong>[LTS]</strong> Attended the monthly LTS meeting on IRC. <a href="https://meetbot.debian.net/debian-lts/2025/debian-lts.2025-09-25-14.00.html">Summary here</a>.
<ul>
<li>It was also followed by a 40-minute discussion of technical questions/reviews/discussions - which in my opinion was pretty helpful. :)</li>
</ul>
</li>
<li><strong>[LTS]</strong> Prepared the LTS update for wordpress, bumping the package from 5.7.11 to 5.7.13.
<ul>
<li>Prepared an update for stable, Craig approved. Was waiting on the Security team’s +1 to upload.</li>
<li>Now we’ve waited enough that we have new CVEs. Oh well.</li>
</ul>
</li>
<li><strong>[ELTS]</strong> Finally setup debusine for ELTS uploads.
<ul>
<li>Since I use Ubuntu, this required installing debusine* from bookworm-backport but that required Python 3.11.</li>
<li>So I had to upgrade from Jammy (22.04) to Noble (24.04) - which was anyway pending.. :)</li>
<li>And then followed the docs to configure it. \o/</li>
</ul>
</li>
<li><strong>[E/LTS]</strong> Started working on new ruby-rack CVE.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in August 2025 https://utkarsh2102.org/posts/foss-in-aug-25/Sat, 30 Aug 2025 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-aug-25/ <p>Here’s my monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>Debian 13 was released! Woot!</p>
<p>Whilst I didn’t get a chance to do much, here’s still a few things that I worked on:</p>
<ul>
<li>Helped Anshul with Golang 1.25 packaging and upload.</li>
<li>Assited Anshul in fixing Golang bugs in the stable release via a -pu.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a> back in February 2021.</p>
<p>Whilst I can’t give a full, detailed list of things I did, here’s a quick TL;DR of what I did:</p>
<ul>
<li><a href="https://lists.ubuntu.com/archives/ubuntu-devel/2025-August/043431.html">Released Questing snapshot 4</a>! \o/</li>
<li>Prepared for 25.10 Beta, held weekly release syncs, et al.</li>
<li>Granted FFe and triaged a bunch of other bugs from both, Release team and Archive Admin POV. :)</li>
<li>Got a recognition award for helping Chlo with Google Guest Agent packages.</li>
<li>Preparing for the a round of internal review, 360s, and trying to not be sick. :)</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p>This month I have worked 16.00 hours on <a href="https://www.freexian.com/lts/debian/">Debian Long Term Support (LTS)</a> and
4.50 hours on its sister <a href="https://www.freexian.com/lts/extended/">Extended LTS</a> project and did the following things:</p>
<ul>
<li>[LTS] Prepared the LTS update for wordpress, bumping the package from 5.7.11 to 5.7.13.
<ul>
<li>Prepared an update for stable, too, and pinged Craig. Haven’t heard yet.</li>
<li>Got incredibly sick so will carry on the coordination work and release the updates to all the releases. Everything’s mostly ready and tested.</li>
<li>Gave Salvatore a quick heads up via IRC.</li>
</ul>
</li>
<li>[E/LTS] Frontdesk duty from 28th July to 04th August.
<ul>
<li>Triaged a bunch of packages and CVEs.</li>
<li>Raised an inconsistency about <a href="https://lists.debian.org/debian-lts/2025/07/msg00017.html">issues being fixed in buster & bookworm but not in bullseye</a>.</li>
<li>Also triaged some newly supported packages for ELTS.</li>
</ul>
</li>
<li>[E/LTS] Helped Daniel Leidert in showing him around as he did his first frontdesk rota. Yay! 🎉
<ul>
<li>We paired on an hour long meets call and discussed various toolings and workflows.</li>
<li>Pair-reviewed a few CVEs together.</li>
<li>Also discussed how to triage newly supported packages for ELTS, too!</li>
</ul>
</li>
<li>[LTS] Attended the monthly LTS meeting on Jitsi. <a href="https://lists.debian.org/debian-lts/2025/08/msg00042.html">Summary here</a>.
<ul>
<li>[ELTS] Raised questions about installing debusine on Ubuntu.
<ul>
<li>Still trying to play around to get a bit more comfortable before starting to do actual uploads there.</li>
</ul>
</li>
</ul>
</li>
<li>[LTS] Helping a few folks - like assisting Lee to see if we have a reproducer for CVE-2025-27613 for git, et al.</li>
<li>[Stable] Been working on fixing 2 packages:
<ul>
<li>ruby-graphql: The Debian Security team asked to fix that via p-u so prepared a patch update.</li>
<li>ruby-saml: The update is finally ready but not tested yet - should be a quick one though.</li>
<li>Got incredibly sick and couldn’t move things forward but will take care of the work in the following month.</li>
</ul>
</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in July 2025 https://utkarsh2102.org/posts/foss-in-july-25/Wed, 30 Jul 2025 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-july-25/ <p>Here’s my 70th monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 79th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Debian was in freeze throughout so whilst I didn’t do many uploads, there’s a bunch of other things I did:</p>
<ul>
<li>Attended DebConf25 in Brest, France.
<ul>
<li>Lead the bursary BOF and discussions.</li>
<li>Participated in other sessions, especially around the FTP masters.</li>
<li>I’ve started to look at things with my trainee hat on.</li>
<li>Participated in the Debian Security Tracker sprints during DebCamp. More on that below.</li>
</ul>
</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 54th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a> back in February 2021.</p>
<p>Whilst I can’t give a full, detailed list of things I did (there’s so much and some of it might not be public…yet!), here’s a quick TL;DR of what I did:</p>
<ul>
<li><a href="https://discourse.ubuntu.com/t/questing-snapshot-3-released/65383">Released Questing snapshot 3</a>! \o/</li>
<li><a href="https://discourse.ubuntu.com/t/ubuntu-24-10-oracular-oriole-reached-end-of-life-on-10th-july-2025/64289">EOL’d Oracular</a>. o/</li>
<li>Participated in the mid-cycle sprints.</li>
<li>Got a recognition award for leading 24.04.2 LTS release and leading the Release Management team.</li>
<li>Preparing for the 24.04.3 LTS release early next month.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my 70th month as a Debian LTS and 57th month as a Debian ELTS paid contributor.<br>
I only worked for 15.00 hours for LTS and 5.00 hours for ELTS and did the following things:</p>
<ul>
<li>[LTS] Released <a href="https://lists.debian.org/debian-lts-announce/2025/08/msg00002.html">DLA 4263-1</a> for ruby-graphql.
<ul>
<li>Coordinated with upstream due to lack of clarity on 1.11.4 being affected & not having a clear reproducer.</li>
<li>As 1.11.4 was still partially vulnerable and the backport was non-trivial, it was probably conveinent to bump the upstream version to 1.11.12 instead, fixing:</li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2025-27407">CVE-2025-27407)</a>: a remote code execution.</li>
<li>Salsa repository: <a href="https://salsa.debian.org/lts-team/packages/ruby-graphql">https://salsa.debian.org/lts-team/packages/ruby-graphql</a>.</li>
<li>Coordinated with the Security team for a p-u fix or a DSA.</li>
</ul>
</li>
<li>[E/LTS] Frontdesk duty from 28th July to 04th August.
<ul>
<li>Triaged a bunch of CVEs.</li>
<li>Raised an inconsistency about <a href="https://lists.debian.org/debian-lts/2025/07/msg00017.html">issues being fixed in buster & bookworm but not in bullseye</a>.</li>
<li>Helped Bastien with ca-certificates bit & coordinating with fellow Debian contributors.</li>
<li>Also triaged some newly supported packages for ELTS.</li>
</ul>
</li>
<li>[LTS] Attended the monthly LTS meeting on IRC. <a href="https://meetbot.debian.net/debian-lts/2025/debian-lts.2025-07-24-14.00.html">Summary here</a>.</li>
</ul>
<h3 id="debian-security-tracker-sprint-2025">Debian Security Tracker sprint 2025</h3>
<p>Thanks to the LTS team for also organizing a security tracker sprint during DebCamp25. I attended the sprint and spent 10 hours working on the following tasks:</p>
<ul>
<li>
<p>JSON API documentation:</p>
<ul>
<li>Issue: <a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/issues/15">https://salsa.debian.org/security-tracker-team/security-tracker/-/issues/15</a></li>
<li>MR: <a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/237">https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/237</a></li>
<li>This also includes actioning of Roberto’s and Salvatore’s review.</li>
</ul>
</li>
<li>
<p>Missing -1 from DSA entries causing web redirects to fail:</p>
<ul>
<li>Issue: <a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/issues/28">https://salsa.debian.org/security-tracker-team/security-tracker/-/issues/28</a></li>
<li>MR: <a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224">https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/224</a></li>
<li>This includes some coordination with the web team and some back and forth with them to ensure both the Web team and the Security team would be happy with the fix. It also fixes more issues as mentioned in the description of the MR.</li>
</ul>
</li>
<li>
<p>Show packages from next-point-release.txt in source package overview</p>
<ul>
<li>Bug: <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989065">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989065</a></li>
<li>Did some initial brainstorming on the issue, haven’t had time to do the actual implementation.</li>
<li>I intend to continue working on it as time allows in the next weeks & months. Will update if & when I make progress.</li>
</ul>
</li>
</ul>
<p>That’s all. A quicky shoutout to Roberto for organizing the sprints remotely and being awake at odd hours. <3</p>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in May 2025 https://utkarsh2102.org/posts/foss-in-may-25/Fri, 30 May 2025 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-may-25/ <p>Here’s my 68th monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 77th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>This month I’ve just been sort of MIA, mostly because of a combination of the Canonical engineering sprints in Frankfurt, a bit of vacation in Italy, and then being sick. So didn’t really get much done in Debian this month.</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 53rd month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a> back in February 2021.</p>
<p>Whilst I can’t give a full, detailed list of things I did (there’s so much and some of it might not be public…yet!), here’s a quick TL;DR of what I did:</p>
<ul>
<li>Prepared for the engineering sprints in Frankfurt.</li>
<li>Delivered the Ubuntu knowledge sharing session during the sprints.</li>
<li>Released the first monthly snapshot of Ubuntu 25.10.
<ul>
<li>Ref: <a href="https://discourse.ubuntu.com/t/supercharging-ubuntu-releases-monthly-snapshots-automation/61876">https://discourse.ubuntu.com/t/supercharging-ubuntu-releases-monthly-snapshots-automation/61876</a></li>
<li>Release: <a href="https://discourse.ubuntu.com/t/questing-snapshot-1-released/61889">https://discourse.ubuntu.com/t/questing-snapshot-1-released/61889</a></li>
</ul>
</li>
<li>Archived the Focal release as it goes in the hands of the ESM team now.
<ul>
<li>Announcement: <a href="https://discourse.ubuntu.com/t/extended-security-maintenance-for-ubuntu-20-04-focal-fossa-began-on-may-29-2025/61909">https://discourse.ubuntu.com/t/extended-security-maintenance-for-ubuntu-20-04-focal-fossa-began-on-may-29-2025/61909</a></li>
</ul>
</li>
<li>Got a recognition award for driving the Plucky Puffin release, nominated by Florent. \o/</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the buster, stretch, and jessie release (+2 years after LTS support).</p>
<p>This was my 68th month as a Debian LTS and 55th month as a Debian ELTS paid contributor.<br>
Due to a combination of the Canonical engineering sprints in Frankfurt, a bit of vacation in Italy, and then being sick, I was barely able to do (E)LTS work. So this month, I worked for only 1.00 hours for LTS and 0 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>[LTS] Attended the hourly LTS meeting on IRC. <a href="https://meetbot.debian.net/debian-lts/2025/debian-lts.2025-05-22-14.00.html">Summary here</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in April 2025 https://utkarsh2102.org/posts/foss-in-april-25/Wed, 30 Apr 2025 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-april-25/ <p>Here’s my 67th monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 76th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:</p>
<ul>
<li>Updating Matomo to v5.3.1.</li>
<li>Lots of bursary stuff for DC25. We rolled out the results for the first batch.</li>
<li>Helping Andreas Tille with and around FTP team bits.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 51st month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a> back in February 2021.</p>
<p>Whilst I can’t give a full, detailed list of things I did (there’s so much and some of it might not be public…yet!), here’s a quick TL;DR of what I did:</p>
<ul>
<li><a href="https://lists.ubuntu.com/archives/ubuntu-announce/2025-April/000311.html">Released 25.04 Plucky Puffin</a>! \o/</li>
<li>Helped <a href="https://lists.ubuntu.com/archives/ubuntu-devel/2025-May/043348.html">open the 25.10 Questing Quokka archive</a>. Let the development begin!</li>
<li>Jon, VP of Engineering, asked me to lead the Canonical Release team - that was definitely not something I saw coming. :)</li>
<li>We’re now doing Ubuntu monthly releases for the devel releases - I’ll be the tech lead for the project.</li>
<li>Preparing for the May sprints - too many new things and new responsibilities. :)</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my 67th month as a Debian LTS and 54th month as a Debian ELTS paid contributor.<br>
Due to DC25 bursary work, Ubuntu 25.04 release, and other travel bits, I only worked for 2.00 hours for LTS and 4.50 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>[ELTS] Had already backported patches for <a href="https://tracker.debian.org/pkg/adminer">adminer</a> for the following CVEs:
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-45195">CVE-2023-45195</a>: a SSRF attack.</li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-45196">CVE-2023-45196</a>: a denial of service attack.</li>
<li>Salsa repository: <a href="https://salsa.debian.org/lts-team/packages/adminer">https://salsa.debian.org/lts-team/packages/adminer</a>.</li>
<li>As the same CVEs are affected LTS, we decided to release for LTS first and then for ELTS but since I had no hours for LTS, I decided to do a bit more of testing for ELTS to make sure things don’t regress in buster.</li>
<li>Will prepare LTS (and also s-p-u, sigh) updates this month and get back to ELTS thereafter.</li>
</ul>
</li>
<li>[LTS] Started to prepare the LTS update for adminer for the same CVEs as for ELTS:
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-45195">CVE-2023-45195</a>: a SSRF attack.</li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-45196">CVE-2023-45196</a>: a denial of service attack.</li>
<li>Haven’t fully backported the patch yet but this is what I intend to do for this month (now that I have hours :D).</li>
</ul>
</li>
<li>[LTS] Partially attended the LTS meeting on Jitsi. <a href="https://lists.debian.org/debian-lts/2025/04/msg00059.html">Summary here</a>.
<ul>
<li>“Partially” because I was fighting SSO auth issues with Jitsi. Looks like there were some upstream issues/activity and it was resulting in gateway crashes but all good now.</li>
<li>I was following the running notes and keeping up with things as much as I could. :)</li>
</ul>
</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in March 2025 https://utkarsh2102.org/posts/foss-in-march-25/Sun, 30 Mar 2025 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-march-25/ <p>Here’s my 66th monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 75th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:</p>
<ul>
<li>Updating Rails to v7.2.2.1 for Trixie.</li>
<li>Updating Redmine to v6.0.4 for Trixie.</li>
<li>Kickstarting the bursary team for DC25.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 50th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my 66th month as a Debian LTS and 53rd month as a Debian ELTS paid contributor.<br>
I worked for 15.00 hours for LTS and 7.50 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>[ELTS] Worked on backporting patches for <a href="https://tracker.debian.org/pkg/adminer">adminer</a>.
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-45195">CVE-2023-45195</a>: a SSRF attack.</li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-45196">CVE-2023-45196</a>: a denial of service attack.</li>
<li>Salsa repository: <a href="https://salsa.debian.org/lts-team/packages/adminer">https://salsa.debian.org/lts-team/packages/adminer</a>.</li>
<li>Update has been prepared and partly tested. Will be released next month.</li>
<li>Will speak to FD for also fixing this for LTS.</li>
</ul>
</li>
<li>[E/LTS] Working on the musl fixes for bullseye. Taking it forward from where it was left off by Chris.
<ul>
<li>Co-ordiating with Santiago to see how to best get the reproducer to test the update.</li>
<li>Plan is to reproduce it myself but then reach out to Adrian if that doesn’t work out.</li>
<li>Also makes sense to upload to LTS first, let it settle there, and then look at ELTS.</li>
</ul>
</li>
<li>[LTS] Attended the LTS meeting on IRC. <a href="https://meetbot.debian.net/debian-lts/2025/debian-lts.2025-03-27-14.00.html">Summary here</a>.</li>
<li>[stable] Co-ordinated with the Security team to fix rails in bookworm via 2:6.1.7.10+dfsg-1~deb12u1.
<ul>
<li>Fixes: CVE-2023-28362, CVE-2023-38037, CVE-2024-26144, CVE-2024-28103, CVE-2024-41128, CVE-2024-47887, CVE-2024-47888, CVE-2024-47889, and CVE-2024-54133.</li>
<li>Released as <a href="https://lists.debian.org/debian-security-announce/2025/msg00043.html">DSA 5881-1</a>.</li>
</ul>
</li>
<li>[stable] Co-ordinated with the Security team to fix ruby-rack in bookworm via 2.2.13-1~deb12u1.
<ul>
<li>Fixes: CVE-2025-27610, CVE-2025-27111, and CVE-2025-25184.</li>
<li>Released as <a href="https://lists.debian.org/debian-security-announce/2025/msg00048.html">DSA 5886-1</a>.</li>
</ul>
</li>
<li>[stable] Partly co-ordinated with the Security team to fix ruby-saml in bookworm.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in April 2024 https://utkarsh2102.org/posts/foss-in-april-24/Tue, 30 Apr 2024 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-april-24/ <p>Here’s my 55th monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 64th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:</p>
<ul>
<li>Reviewed <a href="https://salsa.debian.org/debconf-team/public/websites/dc24/-/merge_requests/18">MR !18 for DC24 website</a> for Stefano.</li>
<li>Kickstarting the bursary team.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 39th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my 55th month as a Debian LTS and 42nd month as a Debian ELTS paid contributor.<br>
I worked for 3.25 hours for LTS and 0.00 hours for ELTS. :(</p>
<p>I did the following things:</p>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/atril">atril</a>,
<a href="https://tracker.debian.org/pkg/zabbix">zabbix</a>, and
<a href="https://tracker.debian.org/pkg/ruby3.1">ruby3.1</a>.</li>
<li>Asked Santiago for help in testing the atril update for buster. There are 2 CVEs open for the package. One is a Command Injection Vulnerability and the other one is about Remote Command Execution. I’ve gotten some feedback, will incorporate it and release the update in May.</li>
<li>Reviewed ruby3.1 DSA for the security team. Will prep E/LTS updates for ruby* next month.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2024/04/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in March 2024 https://utkarsh2102.org/posts/foss-in-march-24/Sat, 30 Mar 2024 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-march-24/ <p>Here’s my (fifty-fourth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 63rd month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:</p>
<ul>
<li>Reviewed and sponsored some Golang packages for Lena Voytek and helped Rajudev w/ some packaging.</li>
<li>Helped Mitchell Dzurick w/ the adoption of pyparted package.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 38th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my fifty-fourth month as a Debian LTS and fourty-first month as a Debian ELTS paid contributor.<br>
I worked for 19.50 hours for LTS and 17.00 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>LTS & ELTS frontdesk from 25-03 to 31-03.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/composer">composer</a>,
<a href="https://tracker.debian.org/pkg/node-yarnpkg">node-yarnpkg</a>,
<a href="https://tracker.debian.org/pkg/python-aiohttp">python-aiohttp</a>,
<a href="https://tracker.debian.org/pkg/atril">atril</a>,
<a href="https://tracker.debian.org/pkg/inetutils">inetutils</a>,
<a href="https://tracker.debian.org/pkg/kde4libs">kde4libs</a>,
<a href="https://tracker.debian.org/pkg/zfs-linux">zfs-linux</a>,
<a href="https://tracker.debian.org/pkg/zabbix">zabbix</a>,
<a href="https://tracker.debian.org/pkg/phpmyadmin">phpmyadmin</a>,
<a href="https://tracker.debian.org/pkg/vim">vim</a>,
<a href="https://tracker.debian.org/pkg/angular.js">angular.js</a>, and
<a href="https://tracker.debian.org/pkg/diffoscope">diffoscope</a>.</li>
<li>Marked CVE-2022-48522/perl as not-affected for stretch and jessie.</li>
<li>Auto EOL’d linux, webkit2gtk, minidlna, ruby-carrierwave, chromium, wireshark, composer, ampache, qtbase-opensource-src, anope, org-mode, pcp, and tinymce.</li>
<li>On a support request from one of our customers, I further triaged 17 CVEs amongst 9 packages and assisting them with other queries.</li>
<li>Released <a href="https://www.freexian.com/lts/extended/updates/ela-1057-1-inetutils/">ELA-1057-1</a> for inetutils.</li>
<li>Released <a href="https://www.freexian.com/lts/extended/updates/ela-1058-1-kde4libs/">ELA-1058-1</a> for kde4libs.</li>
<li>Released <a href="https://lists.debian.org/debian-lts-announce/2024/03/msg00019.html">DLA-3766-1</a> for zfs-linux.</li>
<li>Debugged the xz backdoor compromise issue to ensure LTS/ELTS is not affected. PS: it’s not. :)</li>
<li>Worked on phpmyadmin, zabbix, and atril but couldn’t complete them. Will get back to it next month.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2024/03/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in February 2024 https://utkarsh2102.org/posts/foss-in-feb-24/Thu, 29 Feb 2024 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-feb-24/ <p>Here’s my (fifty-third) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 62nd month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:</p>
<ul>
<li>Reviewed pyparted MR and gave feedback on the package adoption to Mitch.</li>
<li>Mentoring for newcomers.</li>
<li>Sponsorship of some Golang packages for Lena Voytek.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 37th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my fifty-third month as a Debian LTS and fourtieth month as a Debian ELTS paid contributor.<br>
I worked for 11.25 hours for LTS and 7.25 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>LTS & ELTS frontdesk from 11-12 to 17-12.</li>
<li>And then a couple of days (24th and 25th), substituting Emilio.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/composer">composer</a>,
<a href="https://tracker.debian.org/pkg/openvswitch">openvswitch</a>,
<a href="https://tracker.debian.org/pkg/zabbix">zabbix</a>,
<a href="https://tracker.debian.org/pkg/kde4libs">kde4libs</a>,
<a href="https://tracker.debian.org/pkg/zfs-linux">zfs-linux</a>,
<a href="https://tracker.debian.org/pkg/libgit2">libgit2</a>,
<a href="https://tracker.debian.org/pkg/bind9">bind9</a>,
<a href="https://tracker.debian.org/pkg/ckeditor">ckeditor</a>,
<a href="https://tracker.debian.org/pkg/ckeditor3">ckeditor3</a>,
<a href="https://tracker.debian.org/pkg/gpac">gpac</a>,
<a href="https://tracker.debian.org/pkg/389-ds-base">389-ds-base</a>,
<a href="https://tracker.debian.org/pkg/libxml2">libxml2</a>,
<a href="https://tracker.debian.org/pkg/node-yarnpkg">node-yarnpkg</a>,
<a href="https://tracker.debian.org/pkg/python-aiohttp">python-aiohttp</a>,
<a href="https://tracker.debian.org/pkg/vim">vim</a>,
<a href="https://tracker.debian.org/pkg/angular.js">angular.js</a>, and
<a href="https://tracker.debian.org/pkg/diffoscope">diffoscope</a>.</li>
<li>Marked CVE-2024-24815/ckeditor3 as end-of-life for buster.</li>
<li>Marked CVE-2024-24816/ckeditor3 as end-of-life for buster.</li>
<li>Marked CVE-2024-2426{5,6,7}/gpac as end-of-life for buster.</li>
<li>Marked ckeditor and ckeditor3 as EOL for stretch and jessie.</li>
<li>Marked CVE-2024-1062/389-ds-base as no-dsa for buster.</li>
<li>Marked CVE-2024-25062/libxml2 as no-dsa for buster, stretch, and jessie.</li>
<li>Marked CVE-2021-4435/node-yarnpkg as no-dsa for buster.</li>
<li>Marked CVE-2024-23334/python-aiohttp as no-dsa for buster.</li>
<li>Marked CVE-2024-23829/python-aiohttp as no-dsa for buster.</li>
<li>Marked CVE-2024-22667/vim as no-dsa for buster, stretch, and jessie.</li>
<li>Marked CVE-2024-21490/angular.js as postponed for buster.</li>
<li>Marked CVE-2024-25711/diffoscope as no-dsa for buster.</li>
<li>Auto EOL’d webkit2gtk, libhibernate-validator-java, openvswitch, linux, engrampa, chromium, gpac, libgit2, wordpress, ckeditor, ckeditor3, firefox-esr, lucene-solr, angular.js, hugin, diffoscope, ruby-rack, and nodejs.</li>
<li>Reviewed man-db update for Colin; cf: <a href="https://lists.debian.org/debian-lts/2024/02/msg00000.html">https://lists.debian.org/debian-lts/2024/02/msg00000.html</a>.</li>
<li>Helped facilitate Firefox and Thunderbird DLA for Emilio. However, most of the time was spent in making sure the builds were successful and that there are binaries available for users.</li>
<li>Understood Thunderbird’s situation and history of its armhf builds; cf: <a href="https://lists.debian.org/debian-lts/2024/02/msg00021.html">https://lists.debian.org/debian-lts/2024/02/msg00021.html</a>.</li>
<li>Worked on some packages, like zfs-linux, kde4libs, and libgit2 but couldn’t complete them. Will get back to it next month.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2024/02/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in January 2024 https://utkarsh2102.org/posts/foss-in-jan-24/Tue, 30 Jan 2024 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-jan-24/ <p>Here’s my (fifty-second) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 61st month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:</p>
<ul>
<li>Some sync up w/ DC24 team, gearing up for DC24 prep. \o/</li>
<li>Mentoring for newcomers.</li>
<li>Sponsorship of some Golang packages for Lena Voytek.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 36th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my fifty-second month as a Debian LTS and thirty-ninth month as a Debian ELTS paid contributor.<br>
I worked for 8.50 hours for LTS and 8.00 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/keystone">keystone</a>,
<a href="https://tracker.debian.org/pkg/rails">rails</a>,
<a href="https://tracker.debian.org/pkg/inetutils">inetutils</a>,
<a href="https://tracker.debian.org/pkg/kde4libs">kde4libs</a>, and
<a href="https://tracker.debian.org/pkg/zfs-linux">zfs-linux</a>.</li>
<li>Worked on zfs-linux and kde4libs partly. DLA and ELA to go out soon. Sadly I couldn’t finish it to completion.</li>
<li>Uploaded inetutils to jessie, fixing 4 CVEs. This is a newly supported package and so we decided to issue an update for jessie.
The same CVEs are fixed in other suites, however.</li>
<li>Discussed the situation of rails in buster with Santiago, as buster will soon be ELTS, we’d like to ensure it’s something that we can provide support for.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/12/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in December 2023 https://utkarsh2102.org/posts/foss-in-dec-23/Sat, 30 Dec 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-dec-23/ <p>Here’s my (fifty-first) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 60th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:</p>
<ul>
<li>Some sync up w/ DC24 team, gearing up for DC24 prep. \o/</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 35th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my fifty-first month as a Debian LTS and thirty-eighth month as a Debian ELTS paid contributor.<br>
I worked for 18.75 hours for LTS and 23.25 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>LTS & ELTS frontdesk from 11-12 to 17-12.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/haproxy">haproxy</a>,
<a href="https://tracker.debian.org/pkg/ghostscript">ghostscript</a>,
<a href="https://tracker.debian.org/pkg/jq">jq</a>,
<a href="https://tracker.debian.org/pkg/libreoffice">libreoffice</a>,
<a href="https://tracker.debian.org/pkg/m2crypto">m2crypto</a>,
<a href="https://tracker.debian.org/pkg/python-cryptography">python-cryptography</a>,
<a href="https://tracker.debian.org/pkg/tar">tar</a>,
<a href="https://tracker.debian.org/pkg/espeak-ng">espeak-ng</a>,
<a href="https://tracker.debian.org/pkg/gnome-control-center">gnome-control-center</a>,
<a href="https://tracker.debian.org/pkg/slurm-llnl">slurm-llnl</a>,
<a href="https://tracker.debian.org/pkg/tor">tor</a>,
<a href="https://tracker.debian.org/pkg/budgie-extras">budgie-extras</a>,
<a href="https://tracker.debian.org/pkg/ncurses">ncurses</a>,
<a href="https://tracker.debian.org/pkg/shiro">shiro</a>,
<a href="https://tracker.debian.org/pkg/virtuoso-opensource">virtuoso-opensource</a>,
<a href="https://tracker.debian.org/pkg/kde4libs">kde4libs</a>, and
<a href="https://tracker.debian.org/pkg/zfs-linux">zfs-linux</a>.</li>
<li>Marked CVE-2023-46751/ghostscript as not-affected for stretch and jessie.</li>
<li>Marked CVE-2023-49355/jq as not-affected for stretch and jessie.</li>
<li>Marked CVE-2023-50246/jq as not-affected for stretch and jessie.</li>
<li>Marked CVE-2023-50268/jq as not-affected for stretch and jessie.</li>
<li>Marked CVE-2023-50781/m2crypto as no-dsa for buster, stretch, and jessie.</li>
<li>Marked CVE-2023-50782/python-cryptography as no-dsa for buster, stretch, and jessie.</li>
<li>Marked CVE-2023-39804/tar as no-dsa for buster, stretch, and jessie.</li>
<li>Marked CVE-2023-4999{0-5}/espeak-ng as no-dsa for buster and stretch.</li>
<li>Marked CVE-2023-5616/gnome-control-center as no-dsa for stretch.</li>
<li>Marked slurm-llnl CVEs as end-of-life for buster.</li>
<li>Marked TEMP-0000000-7CC552/tor as end-of-life for buster.</li>
<li>Marked CVE-2023-4934{2-6}/budgie-extras as no-dsa for buster and stretch.</li>
<li>Marked CVE-2023-50495/ncurses as no-dsa for buster.</li>
<li>Marked CVE-2023-46750/shiro as no-dsa for buster.</li>
<li>Marked CVE-2023-489{45-52}/virtuoso-opensource as no-dsa for buster.</li>
<li>Auto EOL’d capnproto, gpac, radare2, minizip, gimp-dds, libde265, strongswan, cargo, bouncycastle, linux, firefox-esr, thunderbird, gnutls28, gnome-control-center, chromium, tinyxml, asterisk, glpi, shiro, xen, slurm-llnl, wordpress, and derby.</li>
<li>Worked on some distro-info-data updates for sid. Coordination w/ Stefano for E/LTS is still needed.</li>
<li>Worked on zfs-linux and kde4libs partly. DLA and ELA to go out soon.</li>
<li>Partook in various discussions about ELTS packages and their support w/ Santiago and Roberto, and others, during the Freexian sprints.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/12/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in November 2023 https://utkarsh2102.org/posts/foss-in-nov-23/Thu, 30 Nov 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-nov-23/ <p>Here’s my (fiftieth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 59th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here’s what I did:</p>
<ul>
<li>Helped w/ /usr-merge (DEP 17) work and fixed 3 packages: net-tools, gitlab, and libnfc.</li>
<li>Attended MiniDebCamp and MiniDebConf Cambridge. Super fun hanging out w/ Debainites.</li>
<li>Sponsored django-assets, python-django-tagging, and django-menu-generator-ng for Lena Voytek.</li>
<li>Reviewed django-dbbackup for Lena. Couldn’t sponsor as it FTBFS.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 34th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my fiftieth month as a Debian LTS and thirty-seventh month as a Debian ELTS paid contributor.<br>
I worked for 4.75 hours for LTS and 11.00 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>ELTS frontdesk from 20-11 to 26-11.</li>
<li>Marked CVE-2022-46337/derby as postponed for stretch.</li>
<li>Marked CVE-2023-48161/giflib as no-dsa for stretch and jessie; following buster.</li>
<li>Marked CVE-2023-47038/perl as not-affected for stretch and jessie.</li>
<li>Auto EOL’d capnproto, gpac, radare2, minizip, gimp-dds, libde265, strongswan, cargo, bouncycastle, linux, firefox-esr, thunderbird, gnutls28, and derby.</li>
<li>Noticed and pinged Bastien about the missing ceph/0.80.7-2+deb8u6 upload to jessie.</li>
<li>Figured what’s wrong with ruby-rmagick autopkgtest in jessie; it’s a bug in autopkgtest/debci.</li>
<li>Pinged Adrian about fixing CVEs fixed via ELA-909-1/DLA-3513-1 in (old)stable.</li>
<li>Worked on strongswan for jessie with Chris Lamb together during MiniDebConf Cambridge.</li>
<li>Partook in various discussions about ELTS packages and their support w/ Santiago and Roberto, and others, during the Freexian sprints.</li>
<li>Prepared distro-info-data update with LTS/ELTS EOL dates and uploaded it to unstable. Will prep it for stable, LTS, and ELTS in coordination w/ Stefano.</li>
<li>Let my colleagues know about my whereabouts in the last few months.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/10/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in October 2023 https://utkarsh2102.org/posts/foss-in-oct-23/Mon, 30 Oct 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-oct-23/ <p>Here’s my (forty-ninth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 58th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. But I only did mostly DebConf stuff this month:</p>
<ul>
<li>Mentoring for newcomers.</li>
<li>DebConf Bursary work w/ bursary lead hat on.</li>
<li>Wrapping DebConf stuff and helping and coordinating with DebConf orga.</li>
<li>Some work on the Release team side; transitions, documentation, et al.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 33rd month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-ninth month as a Debian LTS and thirty-sixth month as a Debian ELTS paid contributor.<br>
I worked for 3.25 hours for LTS and 1.75 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>LTS/ELTS frontdesk from 16-10 to 22-10.</li>
<li>Did paperwork for postgresql-11 and sent <a href="https://lists.debian.org/debian-lts-announce/2023/10/msg00003.html">DLA 3600-1</a>.</li>
<li>Did paperwork for grub2 and sent <a href="https://lists.debian.org/debian-lts-announce/2023/10/msg00007.html">DLA 3605-1</a>.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/10/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in September 2023 https://utkarsh2102.org/posts/foss-in-sept-23/Sat, 30 Sep 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-sept-23/ <p>Here’s my (forty-eighth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 57th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. But I only did mostly DebConf stuff this month:</p>
<ul>
<li>Mentoring for newcomers during DebCamp and DebConf.</li>
<li>DebConf Bursary work w/ bursary lead hat on.</li>
<li>Helping DebConf orga (and local team) w/ other things during DebConf.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 32nd month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-eighth month as a Debian LTS and thirty-fifth month as a Debian ELTS paid contributor.<br>
I worked for 2.25 hours for LTS and 4.00 hours for ELTS.</p>
<p>I did the following things:</p>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/json-c">json-c</a>.</li>
<li>Mark CVE-2021-32292/json-c as not-affected for buster, stretch, and jessie.</li>
<li>Helped with the runc and LXC discussions on the mailing list.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/09/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in August 2023 https://utkarsh2102.org/posts/foss-in-aug-23/Wed, 30 Aug 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-aug-23/ <p>Here’s my (forty-seventh) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 56th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h3 id="uploads">Uploads</h3>
<ul>
<li><a href="https://tracker.debian.org/pkg/pystaticconfiguration">pystaticconfiguration</a> (0.11.1-1) - New upstream version, v0.11.1.</li>
<li><a href="https://tracker.debian.org/pkg/python-jira">python-jira</a> (3.5.2-1) - New upstream version, v3.5.2.</li>
<li><a href="https://tracker.debian.org/pkg/django-modeltranslation">django-modeltranslation</a> (0.18.11-1) - New upstream version, v0.18.11.</li>
<li><a href="https://tracker.debian.org/pkg/python-stomp">python-stomp</a> (8.1.0-1) - New upstream version, v8.1.0.</li>
<li><a href="https://tracker.debian.org/pkg/python-twilio">python-twilio</a> (8.6.0-1) - New upstream version, v8.6.0.</li>
</ul>
<h3 id="others">Others</h3>
<ul>
<li>Mentoring for newcomers.</li>
<li>Bug work and debugging issues for ccextractor.</li>
<li>Sponsored the upload of blueman for Christopher Schramm.</li>
<li>DebConf Bursary work w/ bursary lead hat on.</li>
<li>Helping DebConf orga w/ other things as DebConf is around the corner.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 31st month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-seventh month as a Debian LTS and thirty-fourth month as a Debian ELTS paid contributor.<br>
I worked for 12.25 hours for LTS and 72.50 hours for ELTS.</p>
<h4 id="lts-work">LTS Work:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html">DLA 3529-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-23445">CVE-2021-23445</a>, for <a href="https://tracker.debian.org/pkg/datatables.js">datatables.js</a>.<br>
For Debian 10 buster, these problems have been fixed in version 1.10.19+dfsg-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html">DLA 3531-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2023-20867">CVE-2023-20867</a>, for <a href="https://tracker.debian.org/pkg/open-vm-tools">open-vm-tools</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2:10.3.10-1+deb10u4.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html">DLA 3532-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2023-38408">CVE-2023-38408</a>, for <a href="https://tracker.debian.org/pkg/openssh">openssh</a>.<br>
For Debian 10 buster, these problems have been fixed in version 1:7.9p1-10+deb10u3.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00026.html">DLA 3537-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-40982">CVE-2022-40982</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-41804">CVE-2022-41804</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2023-23908">CVE-2023-23908</a>, for <a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>.<br>
For Debian 10 buster, these problems have been fixed in version 3.20230808.1~deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/08/msg00033.html">DLA 3544-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2023-20197">CVE-2023-20197</a>, for <a href="https://tracker.debian.org/pkg/clamav">clamav</a>.<br>
For Debian 10 buster, these problems have been fixed in version 0.103.9+dfsg-0+deb10u1.</li>
<li>Started looking at other packages.</li>
</ul>
<h4 id="elts-work">ELTS Work:</h4>
<ul>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-920-1-datatables.js/">ELA 920-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-23445">CVE-2021-23445</a>, for <a href="https://tracker.debian.org/pkg/datatables.js">datatables.js</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.10.13+dfsg-2+deb9u1.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-924-1-open-vm-tools/">ELA 924-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2023-20867">CVE-2023-20867</a>, for <a href="https://tracker.debian.org/pkg/open-vm-tools">open-vm-tools</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2:9.4.6-1770165-8+deb8u1.<br>
For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u4.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-925-1-openssh/">ELA 925-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2023-38408">CVE-2023-38408</a>, for <a href="https://tracker.debian.org/pkg/openssh">openssh</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1:6.7p1-5+deb8u9.<br>
For Debian 9 stretch, these problems have been fixed in version 1:7.4p1-10+deb9u8.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-935-1-intel-microcode/">ELA 935-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-40982">CVE-2022-40982</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-41804">CVE-2022-41804</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2023-23908">CVE-2023-23908</a>, for <a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 3.20230808.1~deb8u1.<br>
For Debian 9 stretch, these problems have been fixed in version 3.20230808.1~deb9u1.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-936-1-ruby-rack/">ELA 936-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2023-27539">CVE-2023-27539</a>, for <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u5.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-937-1-clamav/">ELA 937-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2023-20197">CVE-2023-20197</a>, for <a href="https://tracker.debian.org/pkg/clamav">clamav</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.103.9+dfsg-0+deb8u1.<br>
For Debian 9 stretch, these problems have been fixed in version 0.103.9+dfsg-0+deb9u1.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>,
<a href="https://tracker.debian.org/pkg/rails">rails</a>,
<a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>,
<a href="https://tracker.debian.org/pkg/datatables.js">datatables.js</a>,
<a href="https://tracker.debian.org/pkg/open-vm-tools">open-vm-tools</a>,
<a href="https://tracker.debian.org/pkg/openssh">openssh</a>,
<a href="https://tracker.debian.org/pkg/clamav">clamav</a>,
<a href="https://tracker.debian.org/pkg/flac">flac</a>,
<a href="https://tracker.debian.org/pkg/tiff">tiff</a>,
<a href="https://tracker.debian.org/pkg/trafficserver">trafficserver</a>,
<a href="https://tracker.debian.org/pkg/freeimage">freeimage</a>,
<a href="https://tracker.debian.org/pkg/python2.7">python2.7</a>,
<a href="https://tracker.debian.org/pkg/c-ares">c-ares</a>,
<a href="https://tracker.debian.org/pkg/batik">batik</a>,
<a href="https://tracker.debian.org/pkg/busybox">busybox</a>,
<a href="https://tracker.debian.org/pkg/cacti">cacti</a>,
<a href="https://tracker.debian.org/pkg/etcd">etcd</a>,
<a href="https://tracker.debian.org/pkg/gnome-gmail">gnome-gmail</a>,
<a href="https://tracker.debian.org/pkg/horizon">horizon</a>,
<a href="https://tracker.debian.org/pkg/iotjs">iotjs</a>,
<a href="https://tracker.debian.org/pkg/libcrypto++">libcrypto++</a>,
<a href="https://tracker.debian.org/pkg/libsass">libsass</a>,
<a href="https://tracker.debian.org/pkg/mupdf">mupdf</a>,
<a href="https://tracker.debian.org/pkg/nasm">nasm</a>,
<a href="https://tracker.debian.org/pkg/opensc">opensc</a>,
<a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/qtsvg-opensource-src">qtsvg-opensource-src</a>,
<a href="https://tracker.debian.org/pkg/poppler">poppler</a>,
<a href="https://tracker.debian.org/pkg/tryton-server">tryton-server</a>,
<a href="https://tracker.debian.org/pkg/wireshark">wireshark</a>,
<a href="https://tracker.debian.org/pkg/unrar-nonfree">unrar-nonfree</a>,
<a href="https://tracker.debian.org/pkg/rar">rar</a>,
<a href="https://tracker.debian.org/pkg/json-c">json-c</a>, and
<a href="https://tracker.debian.org/pkg/openssl">openssl</a>.</li>
<li>Mark CVE-2009-1143/open-vm-tools as ignored for buster, stretch, and jessie.</li>
<li>Mark CVE-2022-447{29,30}/batik as no-dsa for buster, stretch, and jessie.</li>
<li>Mark CVE-2022-48174/busybox as no-dsa for buster, stretch, and jessie.</li>
<li>Mark CVE-2022-41444/cacti as no-dsa for buster.</li>
<li>Mark CVE-2022-34038/etcd as no-dsa for buster.</li>
<li>Mark CVE-2020-24904/gnome-gmail as no-dsa for buster.</li>
<li>Mark CVE-2022-45582/horizon as no-dsa for buster.</li>
<li>Mark CVE-2020-24187/iotjs as ignored for buster.</li>
<li>Mark CVE-2023-38961/iotjs as ignored for buster.</li>
<li>Mark CVE-2022-48570/libcrypto++ as no-dsa for buster and stretch.</li>
<li>Mark CVE-2022-43358/libsass as no-dsa for buster.</li>
<li>Mark CVE-2020-21896/mupdf as no-dsa for buster.</li>
<li>Mark CVE-2022-29654/nasm as no-das for buster and stretch.</li>
<li>Mark CVE-2021-34193/opensc as no-dsa for buster.</li>
<li>Mark CVE-2022-36648/qemu as postponed for buster and stretch.</li>
<li>Mark CVE-2021-28025/qtsvg-opensource-src as no-dsa for buster and stretch.</li>
<li>Mark poppler CVEs as no-dsa for buster, stretch, and jessie.</li>
<li>Mark wireshark CVEs as no-dsa for buster and stretch.</li>
<li>Mark CVE-2023-20212/clamav as not-affected for buster and bullseye.</li>
<li>Mark CVE-2023-20212/clamav as not-affected for stretch and jessie.</li>
<li>Mark CVE-2023-27530/ruby-rack as ignored for stretch.</li>
<li>Mark CVE-2021-32292/json-c as not-affected for stretch and jessie.</li>
<li>Auto EOL’d exempi, nasm, audiofile, freeimage, graphicsmagick, oggvideotools, mupdf, libraw, linux, opensc, upx-ucl, libsass, radare2, qemu, cacti, horizon, hwloc, libcrypto++, wireshark, ansible, chromium, gerbv, rar, unrar-nonfree, python-pyramid, tryton-server.</li>
<li>Discussed about the ckeditor regression in stretch and jessie. Bastien kindly stepped up and rolled out a fix.</li>
<li>Helped with the runc and LXC discussions on the mailing list.</li>
<li>Pinged the customer about the modsecurity-crs bump.</li>
<li>Participated in samba discussion a bit.</li>
<li>Initiate the discussion about clamAV being EOL after 2 years and we’ll have to update to 1.0.x which pulls in Rust. :)</li>
<li>Helped Bastien w/ some runc vendoring bits.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/08/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in July 2023 https://utkarsh2102.org/posts/foss-in-july-23/Sun, 30 Jul 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-july-23/ <p>Here’s my (forty-sixth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 55th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h3 id="uploads">Uploads</h3>
<ul>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.4-7) - Add patch to let redmine run from its own user. (<a href="https://bugs.debian.org/1022815">debbug#1022815</a>)</li>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.4-5~bpo11+2) - Backporting the above changes to bullseye.</li>
</ul>
<h3 id="others">Others</h3>
<ul>
<li>Mentoring for newcomers.</li>
<li>Sponsored matthiasmullie-minify for Athos.</li>
<li>Bug work and MR review for redmine.</li>
<li>Moderation of -project mailing list.</li>
<li>DebConf Bursary work. Quite a month. But the bursary stuff is mostly done, we have rolled out the second batch already. About to do the final round super soon.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work and Entrouvert for sponsoring the Redmine backports. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 30th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-sixth month as a Debian LTS and thirty-third month as a Debian ELTS paid contributor.<br>
I worked for 1.5 hours for LTS and 1.00 hours for ELTS.</p>
<h4 id="lts-work">LTS Work:</h4>
<ul>
<li>ruby-rack v/s ruby-sinatra regression investigation. Took 30 minutes, roughly.</li>
</ul>
<h4 id="elts-work">ELTS Work:</h4>
<ul>
<li>Started to look at ruby-rack for stretch, a general triage and understanding the issue this month. Will continue to work on this and rails next month.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/07/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in June 2023 https://utkarsh2102.org/posts/foss-in-june-23/Fri, 30 Jun 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-june-23/ <p>Here’s my (forty-fifth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 54th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h3 id="uploads">Uploads</h3>
<ul>
<li><a href="https://tracker.debian.org/pkg/ccextractor">ccextractor</a> (0.94+ds1-2) - Fix FTBFS w/ FFmpeg 5.0 and Tesseract 5.0. (<a href="https://bugs.debian.org/1004581">debbug#1004581</a>)</li>
</ul>
<h3 id="others">Others</h3>
<ul>
<li>Moderation of -project mailing list.</li>
<li>Mentoring for newcomers.</li>
<li>Bursary team stuff - starting to analyze requests, gathering refs, and dry-running the scripts.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 29th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-fifth month as a Debian LTS and thirty-sixth month as a Debian ELTS paid contributor.<br>
I worked for 11.75 hours for LTS and 0.00 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html">DLA 3450-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33621">CVE-2021-33621</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-28739">CVE-2022-28739</a>, for <a href="https://tracker.debian.org/pkg/ruby2.5">ruby2.5</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.5.5-3+deb10u6.</li>
<li>Replied to Roberto’s mail for the ruby2.5 regression post-mortem.</li>
<li>Prepared ruby-rack security update for the security team.
<ul>
<li>Some regressions reported in ruby-sinatra’s autopkgtest. Investigating further.</li>
</ul>
</li>
<li>Started to prep ruby2.7 security update but paused that work in favor of investigating the regression above.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>,
<a href="https://tracker.debian.org/pkg/ruby-sinatra">ruby-sinatra</a>,
<a href="https://tracker.debian.org/pkg/ruby2.5">ruby2.5</a>,
<a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a>.</li>
<li>Helped and assisted fellow Freexian contributors (LTS/ELTS/internally).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/06/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in May 2023 https://utkarsh2102.org/posts/foss-in-may-23/Tue, 30 May 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-may-23/ <p>Here’s my (forty-fourth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 53rd month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<ul>
<li>Moderation of -project mailing list.</li>
<li>Mentoring for newcomers.</li>
<li>Bursary team stuff - getting familiar with some processes, setting up basic policy, et al.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work.</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 28th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-fourth month as a Debian LTS and thirty-fifth month as a Debian ELTS paid contributor.<br>
I worked for 5.5 hours for LTS and 3.0 hours for ELTS.</p>
<h4 id="lts-work">LTS Work:</h4>
<ul>
<li>Helped Scarlett with their uploads and with general questions.</li>
<li>LTS frontdesk -
<ul>
<li>LTS package traige.</li>
<li>Answering any questions that fellow contributors or other developers might have.</li>
</ul>
</li>
</ul>
<h4 id="elts-work">ELTS Work:</h4>
<ul>
<li>ELTS frontdesk -
<ul>
<li>ELTS package traige.</li>
<li>Answering any questions that fellow contributors or other developers might have.</li>
<li>Review of newly added packages.</li>
</ul>
</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/owslib">owslib</a>,
<a href="https://tracker.debian.org/pkg/hoteldruid">hoteldruid</a>,
<a href="https://tracker.debian.org/pkg/iotjs">iotjs</a>,
<a href="https://tracker.debian.org/pkg/ncurses">ncurses</a>,
<a href="https://tracker.debian.org/pkg/libpodofo">libpodofo</a>, and
<a href="https://tracker.debian.org/pkg/nvidia-cuda-toolkit">nvidia-cuda-toolkit</a>.</li>
<li>Marked CVE-2023-29839/hoteldruid as no-dsa for buster.</li>
<li>Marked iotjs CVEs as ignored for buster; following bullseye.</li>
<li>Marked CVE-2023-31555/libpodofo as no-dsa for buster.</li>
<li>Marked CVE-2023-31566-67/libpodofo as no-dsa for buster.</li>
<li>Marked CVE-2023-29491/ncurses as no-dsa for buster.</li>
<li>Auto EOL’d osslsigncode, linux, thunderbird, firefox-esr, sngrep, libpodofo, maradns, python-os-brick, python-glance-store, nova, cinder, libraw, and sqlite.</li>
<li>Helped and assisted fellow Freexian contributors (LTS/ELTS/internally).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/05/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in April 2023 https://utkarsh2102.org/posts/foss-in-april-23/Sun, 30 Apr 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-april-23/ <p>Here’s my (forty-third) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 52nd month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<ul>
<li>Moderation of -project mailing list.</li>
<li>Mentoring for newcomers.</li>
<li>Reviewing packages from other fellow contributors.</li>
<li>Some tiny bits of DebConf Bursary team work, attending meetings, et al.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work.</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 27th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-third month as a Debian LTS and thirty-fourth month as a Debian ELTS paid contributor.<br>
I worked for 3.5 hours for LTS and 0 hours for ELTS.</p>
<h4 id="lts-work">LTS Work:</h4>
<ul>
<li>Helped Scarlett with their uploads and with general questions.</li>
<li>Some work and progress on ruby-rails-html-sanitizer.</li>
<li>LTS package claim traiges.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/ruby-loofah">ruby-loofah</a> and
<a href="https://tracker.debian.org/pkg/ruby-rails-html-sanitizer">ruby-rails-html-sanitizer</a>.</li>
<li>Helped and assisted fellow Freexian contributors (LTS/ELTS/internally).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/04/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in March 2023 https://utkarsh2102.org/posts/foss-in-march-23/Thu, 30 Mar 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-march-23/ <p>Here’s my (forty-second) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 51st month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<ul>
<li>Looked for some Release team bits.</li>
<li>Mentoring for newcomers.</li>
<li>Ruby sprints remaining stuff.</li>
<li>Bug work (on BTS and #debian-ruby) for rails and redmine.</li>
<li>Moderation of -project mailing list.</li>
<li>Reviewing Stefano’s branch for DebConf prep.</li>
<li>And finally, starting to do DebConf Bursary team setup.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work and Entrouvert for sponsoring the Redmine backports. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 26th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-second month as a Debian LTS and thirty-third month as a Debian ELTS paid contributor.<br>
I worked for 11.00 hours for LTS and 5.5 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Helped Scarlett with their uploads.</li>
<li>Assisted Daniel with their RFA and pointed to a particular situation with ruby-roofah <-> ruby-rails-html-sanitize.</li>
<li>Worked on ruby-rails-html-sanitize and added notes to the security-tracker.<br>
TL;DR: we need newer methods in ruby-loofah to make the patches for ruby-rails-html-sanitize backportable.</li>
<li>LTS traige.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Helped and review ELTS documentation.</li>
<li>ELTS triage.</li>
<li>Lesser work on packages this month.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/ruby-loofah">ruby-loofah</a>,
<a href="https://tracker.debian.org/pkg/ruby-sinatra">ruby-sinatra</a>,
<a href="https://tracker.debian.org/pkg/phpmyadmin">phpmyadmin</a>,
<a href="https://tracker.debian.org/pkg/ruby-rails-html-sanitizer">ruby-rails-html-sanitizer</a>,
<a href="https://tracker.debian.org/pkg/hdf5">hdf5</a>,
<a href="https://tracker.debian.org/pkg/cairosvg">cairosvg</a>,
<a href="https://tracker.debian.org/pkg/debian-goodies">debian-goodies</a>,
<a href="https://tracker.debian.org/pkg/sudo">sudo</a>,
<a href="https://tracker.debian.org/pkg/vim">vim</a>,
<a href="https://tracker.debian.org/pkg/openssh">openssh</a>,
<a href="https://tracker.debian.org/pkg/tidy-html5">tidy-html5</a>, and
<a href="https://tracker.debian.org/pkg/wireshark">wireshark</a>.</li>
<li>Marked CVE-2023-27635/debian-goodies as no-dsa for stretch and jessie.</li>
<li>Marked CVE-2023-2848{6,7}/sudo as no-dsa for buster and stretch and jessie.</li>
<li>Marked CVE-2023-1175/vim as no-dsa for buster and stretch and jessie.</li>
<li>Marked CVE-2023-28531/openssh as not-affected for stretch and jessie.</li>
<li>Marked CVE-2021-33391/tidy-html5 as no-dsa for buster and stretch.</li>
<li>Marked CVE-2023-1161/wireshark as no-dsa for buster and stretch.</li>
<li>Auto EOL’d chromium, node-sqlite3, linux, firefox-esr, thunderbird, libde265, flatpak, stellarium, gpac, and liblouis.</li>
<li>Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/03/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in February 2023 https://utkarsh2102.org/posts/foss-in-feb-23/Tue, 28 Feb 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-feb-23/ <p>Here’s my (forty-first) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 50th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h3 id="uploads">Uploads</h3>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby-delayed-job">ruby-delayed-job</a> (4.1.9-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-delayed-job-active-record">ruby-delayed-job-active-record</a> (4.1.6-3~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-globalid">ruby-globalid</a> (0.6.0-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-tzinfo">ruby-tzinfo</a> (2.0.4-1~bpo11+2) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.1.7+dfsg-3~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-commonmarker">ruby-commonmarker</a> (0.23.6-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-csv">ruby-csv</a> (3.2.2-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-task-list">ruby-task-list</a> (2.3.2-2~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-i18n">ruby-i18n</a> (1.10.0-2~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-mini-magick">ruby-mini-magick</a> (4.11.0-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-net-ldap">ruby-net-ldap</a> (0.17.0-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-roadie-rails">ruby-roadie-rails</a> (3.0.0-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-roadie">ruby-roadie</a> (5.1.0-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-sanitize">ruby-sanitize</a> (6.0.0-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-nokogiri">ruby-nokogiri</a> (1.13.1+dfsg-2~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-mini-portile2">ruby-mini-portile2</a> (2.8.0-1~bpo11+2) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-webrick">ruby-webrick</a> (1.7.0-3~bpo11+2) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-zip">ruby-zip</a> (2.3.0-2~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/gem2deb">gem2deb</a> (2.1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-actionpack-action-caching">ruby-actionpack-action-caching</a> (1.2.2-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-nokogiri">ruby-nokogiri</a> (1.13.5+dfsg-2~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.4-2~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.1.7+dfsg-3~bpo11+2) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-roadie-rails">ruby-roadie-rails</a> (3.0.0-1~bpo11+2) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.4-4~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.4-5~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-web-console">ruby-web-console</a> (4.2.0-1~bpo11+1) - Backport to bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/libyang2">libyang2</a> (2.1.30-2) - Adding DEP8 test for yangre.</li>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.4-3) - Add patch to stop unnecessary recursive chown’ing (Fixes: #1022816, #1022817).</li>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.4-4) - Set DH_RUBY_IGNORE_TESTS to all (Fixes: #1031308).</li>
<li><a href="https://tracker.debian.org/pkg/python-jira">python-jira</a> (3.4.1-1) - New upstream version, v3.4.1.</li>
</ul>
<h3 id="others">Others</h3>
<ul>
<li>Looked up some Release team documentation.</li>
<li>Sponsored php-font-lib and php-dompdf-svg-lib for William.</li>
<li>Granted DM rights for php-dompdf.</li>
<li>Mentoring for newcomers.</li>
<li>Reviewed micro bits for Nilesh, new uploads and changes.</li>
<li>Ruby sprints.</li>
<li>Bug work (on BTS and #debian-ruby) for rails and redmine.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work and Entrouvert for sponsoring the Redmine backports. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 25th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my forty-first month as a Debian LTS and thirty-second month as a Debian ELTS paid contributor.<br>
I worked for 24.25 hours for LTS and 28.50 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Fixed CVE-2022-47016 for tmux and uploaded to buster via 2.8-3+deb10u1.<br>
But decided to not roll the DLA for the package as the CVE got rejected upstream.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/03/msg00010.html">DLA 3359-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-13038">CVE-2019-13038</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-3639">CVE-2021-3639</a>, for <a href="https://tracker.debian.org/pkg/libapache2-mod-auth-mellon">libapache2-mod-auth-mellon</a>.<br>
For Debian 10 buster, these problems have been fixed in version 0.14.2-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/03/msg00011.html">DLA 3360-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-30151">CVE-2021-30151</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-23837">CVE-2022-23837</a>, for <a href="https://tracker.debian.org/pkg/ruby-sidekiq">ruby-sidekiq</a>.<br>
For Debian 10 buster, these problems have been fixed in version 5.2.3+dfsg-1+deb10u1.</li>
<li>Worked on ruby-rails-html-sanitize and added notes to the security-tracker.<br>
TL;DR: we need newer methods in ruby-loofah to make the patches for ruby-rails-html-sanitize backportable.</li>
<li>Started to look at other set of packages meanwhile.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="">ELA 813-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2017-12618">CVE-2017-12618</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-25147">CVE-2022-25147</a>, for <a href="https://tracker.debian.org/pkg/apr-util">apr-util</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.5.4-1+deb8u1.<br>
For Debian 9 stretch, these problems have been fixed in version 1.5.4-3+deb9u1.</li>
<li>Issued <a href="">ELA 814-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-39286">CVE-2022-39286</a>, for <a href="https://tracker.debian.org/pkg/jupyter-core">jupyter-core</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.2.1-1+deb9u1.</li>
<li>Issued <a href="">ELA 815-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-44792">CVE-2022-44792</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-44793">CVE-2022-44793</a>, for <a href="https://tracker.debian.org/pkg/net-snmp">net-snmp</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 5.7.2.1+dfsg-1+deb8u6.<br>
For Debian 9 stretch, these problems have been fixed in version 5.7.3+dfsg-1.7+deb9u5.</li>
<li>Helped facilitate RabbitMQ’s update queries by one of our customers.</li>
<li>Started to look at other set of packages meanwhile.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/ruby-loofah">ruby-loofah</a>,
<a href="https://tracker.debian.org/pkg/ruby-sinatra">ruby-sinatra</a>,
<a href="https://tracker.debian.org/pkg/tmux">tmux</a>,
<a href="https://tracker.debian.org/pkg/ruby-sidekiq">ruby-sidekiq</a>,
<a href="https://tracker.debian.org/pkg/libapache2-mod-auth-mellon">libapache2-mod-auth-mellon</a>,
<a href="https://tracker.debian.org/pkg/jupyter-core">jupyter-core</a>,
<a href="https://tracker.debian.org/pkg/net-snmp">net-snmp</a>, and
<a href="https://tracker.debian.org/pkg/apr-util">apr-util</a>,
<a href="https://tracker.debian.org/pkg/rabbitmq-server">rabbitmq-server</a>.</li>
<li>Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/02/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in January 2023 https://utkarsh2102.org/posts/foss-in-jan-23/Mon, 30 Jan 2023 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-jan-23/ <p>Here’s my (fortieth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 49th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h3 id="uploads">Uploads</h3>
<ul>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.4-1) - Fixing bug #1022818, #1026048, and #1027340.</li>
<li><a href="https://tracker.debian.org/pkg/libyang2">libyang2</a> (2.1.30-2) - Adding DEP8 test for yangre.</li>
</ul>
<h3 id="others">Others</h3>
<ul>
<li>Proposed tomcat9 bullseye -pu via 9.0.43-2~deb11u5.</li>
<li>Helped Otto with review of mariadb from NEW.</li>
<li>Sponsored php-font-lib for William.</li>
<li>Advocated William for becoming DD, uploading.</li>
<li>Granted some DM rights.</li>
<li>Mentoring for newcomers.</li>
<li>Reviewed libgit2 bits, new uploads and changes.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<p>A huge thanks to Freexian for sponsoring my Debian work. :D</p>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 24th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my fortieth month as a Debian LTS and thirty-first month as a Debian ELTS paid contributor.<br>
I worked for 43.25 hours for LTS and 25.00 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html">DLA 3281-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-47950">CVE-2022-47950</a>, for <a href="https://tracker.debian.org/pkg/swift">swift</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.19.1-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html">DLA 3295-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-24785">CVE-2022-24785</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-31129">CVE-2022-31129</a>, for <a href="https://tracker.debian.org/pkg/node-moment">node-moment</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.24.0+ds-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00036.html">DLA 3296-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2023-24038">CVE-2023-24038</a>, for <a href="https://tracker.debian.org/pkg/libhtml-stripscripts-perl">libhtml-stripscripts-perl</a>.<br>
For Debian 10 buster, these problems have been fixed in version 1.06-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html">DLA 3297-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-48281">CVE-2022-48281</a>, for <a href="https://tracker.debian.org/pkg/tiff">tiff</a>.<br>
For Debian 10 buster, these problems have been fixed in version 4.1.0+git191117-2~deb10u6.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html">DLA 3298-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8161">CVE-2020-8161</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-8184">CVE-2020-8184</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-44570">CVE-2022-44570</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-44571">CVE-2022-44571</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-44572">CVE-2022-44572</a>, for <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.0.6-3+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html">DLA 3300-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-47951">CVE-2022-47951</a>, for <a href="https://tracker.debian.org/pkg/glance">glance</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2:17.0.0-5+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html">DLA 3301-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-47951">CVE-2022-47951</a>, for <a href="https://tracker.debian.org/pkg/cinder">cinder</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2:13.0.7-1+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html">DLA 3302-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-47951">CVE-2022-47951</a>, for <a href="https://tracker.debian.org/pkg/nova">nova</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2:18.1.0-6+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html">DLA 3303-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-25648">CVE-2022-25648</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-46648">CVE-2022-46648</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-47318">CVE-2022-47318</a>, for <a href="https://tracker.debian.org/pkg/ruby-git">ruby-git</a>.<br>
For Debian 10 buster, these problems have been fixed in version 1.2.8-1+deb10u1.</li>
<li>Started to look at other set of packages.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-784-1-ruby-git/">ELA 784-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-25648">CVE-2022-25648</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-46648">CVE-2022-46648</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-47318">CVE-2022-47318</a>, for <a href="https://tracker.debian.org/pkg/ruby-git">ruby-git</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.2.8-1+deb9u1.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-785-1-ruby-rack/">ELA 785-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-44570">CVE-2022-44570</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-44571">CVE-2022-44571</a>, for <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.6.4-4+deb9u4.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-787-1-ruby-sinatra/">ELA 787-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-45442">CVE-2022-45442</a>, for <a href="https://tracker.debian.org/pkg/ruby-sinatra">ruby-sinatra</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.4.7-5+deb9u2.</li>
<li>Helped facilitate Erlang’s and RabbitMQ’s update; cf: <a href="https://www.freexian.com/lts/extended/updates/ela-754-1-erlang/">ELA 754-1</a>.</li>
<li>Started to look at other set of packages.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/node-moment">node-moment</a>,
<a href="https://tracker.debian.org/pkg/modsecurity-apache">modsecurity-apache</a>,
<a href="https://tracker.debian.org/pkg/ruby-git">ruby-git</a>,
<a href="https://tracker.debian.org/pkg/ruby-sinatra">ruby-sinatra</a>,
<a href="https://tracker.debian.org/pkg/gpac">gpac</a>,
<a href="https://tracker.debian.org/pkg/cargo">cargo</a>,
<a href="https://tracker.debian.org/pkg/git">git</a>,
<a href="https://tracker.debian.org/pkg/openjdk-11">openjdk-11</a>,
<a href="https://tracker.debian.org/pkg/swift">swift</a>,
<a href="https://tracker.debian.org/pkg/libxpm">libxpm</a>,
<a href="https://tracker.debian.org/pkg/lilypond">lilypond</a>,
<a href="https://tracker.debian.org/pkg/openjdk-8">openjdk-8</a>,
<a href="https://tracker.debian.org/pkg/modsecurity">modsecurity</a>,
<a href="https://tracker.debian.org/pkg/netdata">netdata</a>,
<a href="https://tracker.debian.org/pkg/nim">nim</a>,
<a href="https://tracker.debian.org/pkg/rust-cargo">rust-cargo</a>,
<a href="https://tracker.debian.org/pkg/sgt-puzzles">sgt-puzzles</a>,
<a href="https://tracker.debian.org/pkg/apache2">apache2</a>,
<a href="https://tracker.debian.org/pkg/wireshark">wireshark</a>,
<a href="https://tracker.debian.org/pkg/libhtml-stripscripts-perl">libhtml-stripscripts-perl</a>,
<a href="https://tracker.debian.org/pkg/redis">redis</a>,
<a href="https://tracker.debian.org/pkg/tomcat8">tomcat8</a>,
<a href="https://tracker.debian.org/pkg/tiff">tiff</a>,
<a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>,
<a href="https://tracker.debian.org/pkg/tmux">tmux</a>,
<a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>,
<a href="https://tracker.debian.org/pkg/ruby-sidekiq">ruby-sidekiq</a>,
<a href="https://tracker.debian.org/pkg/libapache2-mod-auth-mellon">libapache2-mod-auth-mellon</a>,
<a href="https://tracker.debian.org/pkg/jupyter-core">jupyter-core</a>,
<a href="https://tracker.debian.org/pkg/net-snmp">net-snmp</a>, and
<a href="https://tracker.debian.org/pkg/rabbitmq-server">rabbitmq-server</a>.</li>
<li>Marked CVE-2023-{0358,2314{3-5}}/gpac as EOL for buster.</li>
<li>Marked CVE-2022-46176/cargo as no-dsa in buster.</li>
<li>Marked CVE-2022-4{4617,6285,883}/libxpm as no-dsa for buster, stretch, and jessie.</li>
<li>Marked CVE-2020-17354/lilypond as ignored for buster.</li>
<li>Marked CVE-2022-48279/modsecurity as no-dsa for buster.</li>
<li>Marked CVE-2023-2249{6,7}/netdata as no-dsa for buster.</li>
<li>Marked CVE-2021-46872/nim as no-dsa for buster.</li>
<li>Marked CVE-2022-46176/rust-cargo as no-dsa in buster.</li>
<li>Marked TEMP-1028986-7037E6/sgt-puzzles as no-dsa for buster.</li>
<li>Marked CVE-2006-20001 and CVE-2022-3{6760,7436}/apache2 as postponed for stretch and jessie.</li>
<li>Marked CVE-2023-22458/redis as not-affected for stretch and jessie.</li>
<li>Marked CVE-2022-45143/tomcat8 as postponed for stretch and jessie.</li>
<li>Marked CVE-2022-44572/ruby-rack as not-affected for stretch.</li>
<li>Marked CVE-2022-47950/swift as not-affected for stretch.</li>
<li>Auto EOL’d node-debug, nim, netty, ruby-git, firefox-esr, linux, swift, radare2, gpac, virtualbox, shiro, sgt-puzzles, pdns-recursor, sofia-sip, libgit2, wireshark, amanda, libhtml-stripscripts-perl, pkgconf, libapache-session-ldap-perl, golang-yaml.v2, nvidia-graphics-drivers, xen, rails, ruby-rack, assimp, thunderbird, cinder, glance, nova, editorconfig-core, chromium, ruby-globalid, spip, opusfile, pgpool2, and ruby-sanitize.</li>
<li>Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2023/01/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in December 2022 https://utkarsh2102.org/posts/foss-in-dec-22/Fri, 30 Dec 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-dec-22/ <p>Here’s my (thirty-ninth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 48th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<ul>
<li>Some DebConf work.</li>
<li>Sponsoring stuff for non-DDs.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 23rd month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my thirty-ninth month as a Debian LTS and thirtieth month as a Debian ELTS paid contributor.<br>
I worked for 51.50 hours for LTS and 22.50 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00009.html">DLA 3224-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8287">CVE-2020-8287</a>, for <a href="https://tracker.debian.org/pkg/http-parser">http-parser</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.8.1-1+deb10u3.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00010.html">DLA 3225-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-46391">CVE-2022-46391</a>, for <a href="https://tracker.debian.org/pkg/awstats">awstats</a>.<br>
For Debian 10 buster, these problems have been fixed in version 7.6+dfsg-2+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html">DLA 3227-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-32209">CVE-2022-32209</a>, for <a href="https://tracker.debian.org/pkg/ruby-rails-html-sanitizer">ruby-rails-html-sanitizer</a>.<br>
For Debian 10 buster, these problems have been fixed in version 1.0.4-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html">DLA 3228-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3918">CVE-2021-3918</a>, for <a href="https://tracker.debian.org/pkg/node-json-schema">node-json-schema</a>.<br>
For Debian 10 buster, these problems have been fixed in version 0.2.3-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00014.html">DLA 3229-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-21704">CVE-2022-21704</a>, for <a href="https://tracker.debian.org/pkg/node-log4js">node-log4js</a>.<br>
For Debian 10 buster, these problems have been fixed in version 4.0.2-2+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00015.html">DLA 3230-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-41182">CVE-2021-41182</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-41183">CVE-2021-41183</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-41184">CVE-2021-41184</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-31160">CVE-2022-31160</a>, for <a href="https://tracker.debian.org/pkg/jqueryui">jqueryui</a>.<br>
For Debian 10 buster, these problems have been fixed in version 1.12.1+dfsg-5+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html">DLA 3231-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-29394">CVE-2020-29394</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36244">CVE-2020-36244</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-31291">CVE-2022-31291</a>, for <a href="https://tracker.debian.org/pkg/dlt-daemon">dlt-daemon</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.18.0-1+deb10u1.</li>
<li>Inspected joblib’s security update upon Helmut’s investigation and see what went wrong there.</li>
<li>Started to look at other set of packages: node-moment, tiff, ruby*, et al.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-752-1-jqueryui/">ELA 752-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-41182">CVE-2021-41182</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-41183">CVE-2021-41183</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-41184">CVE-2021-41184</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-31160">CVE-2022-31160</a>, for <a href="https://tracker.debian.org/pkg/jqueryui">jqueryui</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.12.1+dfsg-4+deb9u1.</li>
<li>Helped facilitate Erlang’s and RabbitMQ’s update; cf: <a href="https://www.freexian.com/lts/extended/updates/ela-754-1-erlang/">ELA 754-1</a>.</li>
<li>Looked through python3.4’s FTBFS on armhf. Even diff’d with Ubuntu. No luck. Inspected the traces, doesn’t give a lot of hint either. Will continue to look later next month or so but it’s a rabbit hole. (:</li>
<li>Inspected joblib’s security update upon Helmut’s investigation and see what went wrong there.</li>
<li>Started to look at other set of packages: dropbear, tiff, et al.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/jqueryui">jqueryui</a>,
<a href="https://tracker.debian.org/pkg/http-parser">http-parser</a>,
<a href="https://tracker.debian.org/pkg/awstats">awstats</a>,
<a href="https://tracker.debian.org/pkg/ruby-rails-html-sanitizer">ruby-rails-html-sanitizer</a>,
<a href="https://tracker.debian.org/pkg/node-json-schema">node-json-schema</a>,
<a href="https://tracker.debian.org/pkg/node-log4js">node-log4js</a>,
<a href="https://tracker.debian.org/pkg/dlt-daemon">dlt-daemon</a>,
<a href="https://tracker.debian.org/pkg/joblib">joblib</a>,
<a href="https://tracker.debian.org/pkg/tiff">tiff</a>,
<a href="https://tracker.debian.org/pkg/dropbear">dropbear</a>,
<a href="https://tracker.debian.org/pkg/python3.5">python3.5</a>,
<a href="https://tracker.debian.org/pkg/python3.4">python3.4</a>,
<a href="https://tracker.debian.org/pkg/ruby-sinatra">ruby-sinatra</a>,
<a href="https://tracker.debian.org/pkg/erlang">erlang</a>, and
<a href="https://tracker.debian.org/pkg/rabbitmq-server">rabbitmq-server</a>.</li>
<li>Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/12/threads.html">public mailing list</a>.</li>
<li>Attended the monthly Freexian meeting.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in November 2022 https://utkarsh2102.org/posts/foss-in-nov-22/Wed, 30 Nov 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-nov-22/ <p>Here’s my (thirty-eighth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 47th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h4 id="debian-uploads">Debian Uploads</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/tango">tango</a> (9.3.4+dfsg1-2) - Fix FTBFS: configure: error; cf: <a href="https://bugs.debian.org/1020056">bug#1020056</a>.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Sponsoring stuff for non-DDs.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 22nd month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).</p>
<p>This was my thirty-eighth month as a Debian LTS and twenty-nine month as a Debian ELTS paid contributor.<br>
I worked for 41.00 hours for LTS and 30.25 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/11/msg00015.html">DLA 3187-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-36369">CVE-2021-36369</a>, for <a href="https://tracker.debian.org/pkg/dropbear">dropbear</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2018.76-5+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html">DLA 3188-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-16167">CVE-2019-16167</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-19725">CVE-2019-19725</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-39377">CVE-2022-39377</a>, for <a href="https://tracker.debian.org/pkg/sysstat">sysstat</a>.<br>
For Debian 10 buster, these problems have been fixed in version 12.0.3-2+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/11/msg00017.html">DLA 3189-1</a> for a minor LTS version update of <a href="https://tracker.debian.org/pkg/postgresql-11">postgresql-11</a>.<br>
For Debian 10 buster, the package has been updated to version 11.18-0+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00000.html">DLA 3215-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-3328">CVE-2022-3328</a>, for <a href="https://tracker.debian.org/pkg/snapd">snapd</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.37.4-1+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00001.html">DLA 3216-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-41325">CVE-2022-41325</a>, for <a href="https://tracker.debian.org/pkg/vlc">vlc</a>.<br>
For Debian 10 buster, these problems have been fixed in version 3.0.17.4-0+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00002.html">DLA 3217-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-46338">CVE-2022-46338</a>, for <a href="https://tracker.debian.org/pkg/g810-led">g810-led</a>.<br>
For Debian 10 buster, these problems have been fixed in version 0.3.3-2+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00003.html">DLA 3218-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-41946">CVE-2022-41946</a>, for <a href="https://tracker.debian.org/pkg/libpgjava">libpgjava</a>.<br>
For Debian 10 buster, these problems have been fixed in version 42.2.5-2+deb10u3.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/12/msg00005.html">DLA 3220-1</a> for a new upstream version update of <a href="https://tracker.debian.org/pkg/clamav">clamav</a>.<br>
For Debian 10 buster, the package has been updated to version 0.103.7+dfsg-0+deb10u1.</li>
<li>Started to look at other set of packages.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-731-1-sysstat/">ELA 731-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-39377">CVE-2022-39377</a>, for <a href="https://tracker.debian.org/pkg/sysstat">sysstat</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 11.4.3-2+deb9u1.<br>
For Debian 8 jessie, these problems have been fixed in version 11.0.1-1+deb8u1.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-749-1-vlc/">ELA 749-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-41325">CVE-2022-41325</a>, for <a href="https://tracker.debian.org/pkg/vlc">vlc</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.0.17.4-0+deb9u2.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-750-1-clamav/">ELA 750-1</a> for a new upstream version update of <a href="https://tracker.debian.org/pkg/clamav">clamav</a>.<br>
For Debian 9 stretch, the package has been updated to version 0.103.7+dfsg-0+deb9u1.
For Debian 8 jessie, the package has been updated to version 0.103.7+dfsg-0+deb8u1.</li>
<li>Started to look at other set of packages.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front desk duty from 21-11 until 27-11 for both, LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/jqueryui">jqueryui</a>,
<a href="https://tracker.debian.org/pkg/open-vm-tools">open-vm-tools</a>,
<a href="https://tracker.debian.org/pkg/systemd">systemd</a>,
<a href="https://tracker.debian.org/pkg/ffmpeg">ffmpeg</a>,
<a href="https://tracker.debian.org/pkg/lava">lava</a>,
<a href="https://tracker.debian.org/pkg/pngcheck">pngcheck</a>,
<a href="https://tracker.debian.org/pkg/snapd">snapd</a>,
<a href="https://tracker.debian.org/pkg/vlc">vlc</a>,
<a href="https://tracker.debian.org/pkg/g810-led">g810-led</a>,
<a href="https://tracker.debian.org/pkg/libpgjava">libpgjava</a>,
<a href="https://tracker.debian.org/pkg/dropbear">dropbear</a>,
<a href="https://tracker.debian.org/pkg/python3.5">python3.5</a>,
<a href="https://tracker.debian.org/pkg/python3.4">python3.4</a>,
<a href="https://tracker.debian.org/pkg/clamav">clamav</a>,
<a href="https://tracker.debian.org/pkg/systat">systat</a>,
<a href="https://tracker.debian.org/pkg/postgresql-11">postgresql-11</a>, and
<a href="https://tracker.debian.org/pkg/mariadb-10.1">mariadb-10.1</a>.</li>
<li>Marked CVE-2009-1143/open-vm-tools as postponed for buster, stretch and jessie.</li>
<li>Marked CVE-2022-45873/systemd as not-affected in stretch and jessie.</li>
<li>Marked CVE-2022-396{4,5}/ffmpeg as postponed for buster and stretch.</li>
<li>Marked CVE-2022-45061/python3.{4,5} as postponed for stretch and jessie.</li>
<li>Marked CVE-2022-31160/jqueryui as not-affected for jessie instead.</li>
<li>Noted CVE-2022-45061/python3.4 to be marked as postponed; only things to fix is the armhf FTBFS.</li>
<li>Auto EOL’d linux, libpgjava, nvidia-graphics-drivers, maradns, chromium, and glance for ELTS.</li>
<li>Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/11/threads.html">public mailing list</a>.</li>
<li>Attended the monthly meeting held on IRC on November 24th.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in October 2022 https://utkarsh2102.org/posts/foss-in-oct-22/Sun, 30 Oct 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-oct-22/ <p>Here’s my (thirty-seventh) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 46th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h4 id="debian-uploads">Debian Uploads</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby-espeak">ruby-espeak</a> (1.1.0-1) - New upstream version, v1.1.0.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Being an AM for <a href="https://nm.debian.org/process/1024/">Arun Kumar, process #1024</a>. Process completed. \o/</li>
<li>Sponsoring stuff for non-DDs.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 21st month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirty-seventh month as a Debian LTS and twenty-eighth month as a Debian ELTS paid contributor.<br>
I worked for 35.00 hours for LTS and 25.00 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html">DLA 3146-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-2928">CVE-2022-2928</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-2929">CVE-2022-2929</a>, for <a href="https://tracker.debian.org/pkg/isc-dhcp">isc-dhcp</a>.<br>
For Debian 10 buster, these problems have been fixed in version 4.4.1-2+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html">DLA 3165-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-43680">CVE-2022-43680</a>, for <a href="https://tracker.debian.org/pkg/expat">expat</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.2.6-2+deb10u6.</li>
<li>Issued <a href="">DLA 3166-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-29970">CVE-2022-29970</a>, for <a href="https://tracker.debian.org/pkg/ruby-sinatra">ruby-sinatra</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.0.5-4+deb10u1.</li>
<li>Uploaded dropbear to fix CVE-2021-36369 in buster. Waiting for ELTS upload to issue the DLA. But will do soon now.</li>
<li>src:joblib is a bit painful - having to backport patches to Py2. :/</li>
<li>Started to look at other set of packages.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-715-1-expat/">ELA 715-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-43680">CVE-2022-43680</a>, for <a href="https://tracker.debian.org/pkg/expat">expat</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.2.0-2+deb9u7.<br>
For Debian 8 jessie, these problems have been fixed in version 2.1.0-6+deb8u10.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-716-1-djangorestframework/">ELA 716-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-25045">CVE-2018-25045</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-25626">CVE-2020-25626</a>, for <a href="https://tracker.debian.org/pkg/djangorestframework">djangorestframework</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.4.0-2+deb9u1.</li>
<li>Uploaded dropbear to fix CVE-2021-36369 in buster. Waiting for ELTS upload, too. But some backporting problems. :/</li>
<li>src:joblib is a bit painful - having to backport patches to Py2. :/</li>
<li>Started to look at other set of packages.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/joblib">joblib</a>,
<a href="https://tracker.debian.org/pkg/dropbear">dropbear</a>,
<a href="https://tracker.debian.org/pkg/ruby-sinatra">ruby-sinatra</a>,
<a href="https://tracker.debian.org/pkg/djangorestframework">djangorestframework</a>,
<a href="https://tracker.debian.org/pkg/isc-dhcp">isc-dhcp</a>, and
<a href="https://tracker.debian.org/pkg/expat">expat</a>.</li>
<li>Reverted “Mark freerdp CVEs wrongly affecting freerdp <2.0.0” in the ELTS tracker.</li>
<li>Helped and assisted new contributors joining Freexian (LTS/ELTS).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/10/threads.html">public mailing list</a>.</li>
<li>Attended the monthly meeting held on Jitsi on October 27th.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in September 2022 https://utkarsh2102.org/posts/foss-in-sept-22/Fri, 30 Sep 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-sept-22/ <p>Here’s my (thirty-sixth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 45th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h4 id="debian-uploads">Debian Uploads</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.1.6.1+dfsg-2) - Add patch to allow Symbols in YAML columns, fixes <a href="https://bugs.debian.org/1018934">#1018934</a>.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.1.6.1+dfsg-3) - Add patch to remove active_record.yaml initializers.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.1.6.1+dfsg-4) - Add patch to allow Date, Time, ActiveSupport::HashWithIndifferentAccess in YAML columns.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-arbre">ruby-arbre</a> (1.4.0-2) - Add patch to use selector to detect authenticity token input.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-net-http-digest-auth">ruby-net-http-digest-auth</a> (1.4.1-1) - New upstream version, v1.4.1 to fix the FTBFS w/ rails.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.1.7+dfsg-1) - New upstream version, v6.1.7+dfsg.</li>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.2-1) - New upstream version, v5.0.2 + fixes for <a href="https://bugs.debian.org/1017525">#1017525</a>, <a href="https://bugs.debian.org/1019607">#1019607</a>, <a href="https://bugs.debian.org/1019238">#1019238</a>, and <a href="https://bugs.debian.org/1014813">#1014813</a>.</li>
<li><a href="https://tracker.debian.org/pkg/redmine">redmine</a> (5.0.2-2) - Add patch to relax pg’s version for autopkgtest.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-json-jwt">ruby-json-jwt</a> (1.14.0-2) - No-change rebuild for unstable to fix <a href="https://bugs.debian.org/1011682">#1011682</a>.</li>
<li><a href="https://tracker.debian.org/pkg/libexporter-tiny-perl">libexporter-tiny-perl</a> (1.004002-1) - New upstream version, v1.004002.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Sponsored php-nikic-fast-route/1.3.0-4~bpo11+1 for William.</li>
<li>Being an AM for <a href="https://nm.debian.org/process/1024/">Arun Kumar, process #1024</a>.</li>
<li>Sponsoring stuff for non-DDs.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 20th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirty-sixth month as a Debian LTS and twenty-seventh month as a Debian ELTS paid contributor.<br>
I worked for 38.00 hours for LTS and 27.00 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Rolled out announcement for src:flac.</li>
<li>Rolled out announcement for src:ruby-rack.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00039.html">DLA 3128-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-7677">CVE-2020-7677</a>, for <a href="https://tracker.debian.org/pkg/node-thenify">node-thenify</a>.<br>
For Debian 10 buster, these problems have been fixed in version 3.3.0-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00040.html">DLA 3129-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-17545">CVE-2019-17545</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-45943">CVE-2021-45943</a>, for <a href="https://tracker.debian.org/pkg/gdal">gdal</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.4.0+dfsg-1+deb10u1.</li>
<li>Looked at src:mbedtls which has about 18 CVEs opened in buster (including no-dsa).<br>
Also, spoke to the maintainer - they said they’d be uncomfortable doing or reviewing the backport (although they initially said they’d be happy to help).</li>
<li>Fixed src:rails regression via 2:6.1.6.1+dfsg-2, 2:6.1.6.1+dfsg-3, and 2:6.1.6.1+dfsg-4 for sid.<br>
CVE-2022-32224 broke the entire world. :)</li>
<li>Helped Abhijith figure out the regression fix for CVE-2022-32224.<br>
Also got that verified by the people who reported regression, <a href="https://lists.debian.org/debian-lts/2022/09/msg00024.html">Raphael</a>, <a href="https://lists.debian.org/debian-lts/2022/09/msg00037.html">Sven</a>, and <a href="https://lists.debian.org/debian-lts/2022/09/msg00045.html">Jude</a>. The whole thread is on debian-lts@.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Rolled out announcemnet for src:ruby-tzinfo.</li>
<li>Rolled out announcemnet for src:grubt.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-682-1-open-vm-tools/">ELA 682-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-31676">CVE-2022-31676</a>, for <a href="https://tracker.debian.org/pkg/open-vm-tools">open-vm-tools</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u3.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-691-1-wkhtmltopdf/">ELA 691-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-21365">CVE-2020-21365</a>, for <a href="https://tracker.debian.org/pkg/wkhtmltopdf">wkhtmltopdf</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.12.1-2+deb8u1.<br>
For Debian 9 stretch, these problems have been fixed in version 0.12.3.2-3+deb9u1.</li>
<li>Issued <a href="">ELA 692-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-37452">CVE-2022-37452</a>, for <a href="https://tracker.debian.org/pkg/exim4">exim4</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u9.<br>
For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u9.</li>
<li>Started to look at src:tiff again. Has a lot of open issues. Haven’t claimed the package officially yet, though. :)</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/rails">rails</a>,
<a href="https://tracker.debian.org/pkg/node-thenify">node-thenify</a>,
<a href="https://tracker.debian.org/pkg/exim4">exim4</a>,
<a href="https://tracker.debian.org/pkg/wkhtmltopdf">wkhtmltopdf</a>,
<a href="https://tracker.debian.org/pkg/gdal">gdal</a>, and
<a href="https://tracker.debian.org/pkg/mbedtls">mbedtls</a>.</li>
<li>Marked CVE-2019-25050/gdal as not-affected for buster.</li>
<li>Marked CVE-2022-37451/exim4 as not-affected for stretch and jessie; following buster and bullseye.</li>
<li>Helped and assisted new contributors joining Freexian (LTS/ELTS).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/09/threads.html">public mailing list</a>.</li>
<li>Attended the monthly public meeting held on #debian-lts on September 29th.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in August 2022 https://utkarsh2102.org/posts/foss-in-aug-22/Tue, 30 Aug 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-aug-22/ <p>Here’s my (thirty-fifth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 44th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:</p>
<h4 id="debian-uploads">Debian Uploads</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.1.6.1+dfsg-1) - New upstream version, v6.1.6.1+dfsg to fix <a href="https://security-tracker.debian.org/tracker/CVE-2022-22577">CVE-2022-22577</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-27777">CVE-2022-27777</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-32224">CVE-2022-32224</a> and thereby, bug <a href="https://bugs.debian.org/1011941">#1011941</a>, <a href="https://bugs.debian.org/1016982">#1016982</a>, and <a href="https://bugs.debian.org/1016140">#1016140</a>.</li>
<li><a href="https://tracker.debian.org/pkg/python-pbcommand">python-pbcommand</a> (2.1.1+git20220616.3f2e6c2-2) - Add python3-avro to Depends to fix autopkgtest.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Being an AM for <a href="https://nm.debian.org/process/1024/">Arun Kumar, process #1024</a>.</li>
<li>Sponsoring stuff for non-DDs.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 19th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirty-fifth month as a Debian LTS and twenty-sixth month as a Debian ELTS paid contributor.<br>
I worked for 14.00 hours for LTS and 19.00 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00003.html">DLA 3094-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-0561">CVE-2021-0561</a>, for <a href="https://tracker.debian.org/pkg/flac">flac</a>.<br>
For Debian 10 buster, these problems have been fixed in version 1.3.2-3+deb10u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00004.html">DLA 3095-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-30122">CVE-2022-30122</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-30123">CVE-2022-30123</a>, for <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.0.6-3+deb10u1.</li>
<li>Uploaded <a href="https://tracker.debian.org/news/1356946/accepted-rails-26161dfsg-1-source-into-unstable/">rails/2:6.1.6.1+dfsg-1</a> to unstable for fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-22577">CVE-2022-22577</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-27777">CVE-2022-27777</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-32224">CVE-2022-32224</a> and thereby, bug <a href="https://bugs.debian.org/1011941">#1011941</a>, <a href="https://bugs.debian.org/1016982">#1016982</a>, and <a href="https://bugs.debian.org/1016140">#1016140</a>.</li>
<li>Also looked at src:samba and how Ubuntu is looking at it. It’s a mess, really. And it’s different for both, LTS and ELTS. Worse for LTS with 36 opened issues. :)</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-671-1-ruby-tzinfo/">ELA 671-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-31163">CVE-2022-31163</a>, for <a href="https://tracker.debian.org/pkg/ruby-tzinfo">ruby-tzinfo</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.2.2-2+deb9u1.</li>
<li>Issued <a href="https://www.freexian.com/lts/extended/updates/ela-672-1-grunt/">ELA 672-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-0436">CVE-2022-0436</a>, for <a href="https://tracker.debian.org/pkg/grunt">grunt</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.0.1-5+deb9u2.</li>
<li>Started to look at src:tiff again. There are a lot of open CVEs piled up now. Drafted some fixes but halted the process to look at src:tiff in buster first - which I’ll do next month.<br>
I might do the update in two cycles. But more on that later.</li>
<li>Also looked at src:samba and how Ubuntu is looking at it. It’s a mess, really. Probably should write to the list. :/</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/grunt">grunt</a>,
<a href="https://tracker.debian.org/pkg/flac">flac</a>,
<a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>,
<a href="https://tracker.debian.org/pkg/ruby-tzinfo">ruby-tzinfo</a>, and
<a href="https://tracker.debian.org/pkg/mbedtls">mbedtls</a>.</li>
<li>Helped and assisted new (and fellow) contributors joining Freexian (LTS/ELTS).</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/08/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in July 2022 https://utkarsh2102.org/posts/foss-in-july-22/Sat, 30 Jul 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-july-22/ <p>Here’s my (thirty-fourth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 43rd month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:</p>
<ul>
<li>Doing DebConf stuff! \o/
<ul>
<li>Some DebConf talks, some assists, et al.</li>
<li>Talking about Freexian/LTS with fellow attendees.</li>
</ul>
</li>
<li>Volunteering for DC22 Content team.</li>
<li>Leading the Bursary team w/ Paulo.</li>
<li>Answering a bunch of questions and things bursary.</li>
<li>Being an AM for <a href="https://nm.debian.org/process/1024/">Arun Kumar, process #1024</a>.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 18th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirty-fourth month as a Debian LTS and twenty-fifth month as a Debian ELTS paid contributor.<br>
I worked for 1.00 hours for LTS and 0.00 hours for ELTS, thanks to DebConf. :P</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Helped Andrea, the mbedtls maintainer, (and Samuel) understand the security tracker interals.<br>
Also helped them in doing precise triages, fix the incorrect ones, and deep-dived into remaining LTS ones.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Did absolutely nothing. :)</li>
</ul>
<h4 id="other-freexian-internal-work">Other Freexian internal work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/mbedtls">mbedtls</a>.</li>
<li>Moar reading on the documentation bits.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>Co-presented LTS BoF with Anton Gladky. Showed the survey results.</li>
<li>Talked to upstream CIP kernel folks to help Freexian’s internal goals and bribed them w beers. :)</li>
<li>Had a chat around Freexian, LTS, and ELTS with other conference attendees.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>Participated and helped fellow members with their queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/07/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in June 2022 https://utkarsh2102.org/posts/foss-in-june-22/Thu, 30 Jun 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-june-22/ <p>Here’s my (thirty-third) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 42nd month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:</p>
<h4 id="debian-uploads">Debian Uploads</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby-image-processing">ruby-image-processing</a> (1.10.3-2) - Add patch to fix remote shell execution in #apply. (Closes: #1007225)</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Volunteering for DC22 Content team.</li>
<li>Leading the Bursary team w/ Paulo.</li>
<li>Answering a bunch of questions and things bursary.</li>
<li>Being an AM for <a href="https://nm.debian.org/process/1024/">Arun Kumar, process #1024</a>.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 17th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirty-third month as a Debian LTS and twenty-fourth month as a Debian ELTS paid contributor.<br>
I worked for 6.50 hours for LTS and 4.75 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued DLA 3048-1, fixing CVE-2022-31799, for python-bottle.</li>
<li>Started to work on CVE-2020-36475, CVE-2020-36476, CVE-2020-36478, CVE-2021-24119, CVE-2021-43666, and CVE-2021-44732 for mbedtls.</li>
<li>Re-started working on the tiff update.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued ELA 621-1, fixing CVE-2018-1000532, for beep.</li>
<li>Issued ELA 623-1, fixing CVE-2022-31799, for python-bottle.</li>
<li>Re-started working on the tiff update.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/beep">beep</a>,
<a href="https://tracker.debian.org/pkg/python-bottle">python-bottle</a>,
<a href="https://tracker.debian.org/pkg/tiff">tiff</a>, and
<a href="https://tracker.debian.org/pkg/mbedtls">mbedtls</a>,</li>
<li>Started as a Freexian Collaborator last month! \o/</li>
<li>Moar reading on the documentation bits.</li>
<li>Helped and assisted new contributors joining Freexian.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>Participated and helped fellow members with theie queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/06/threads.html">public mailing list</a>.</li>
</ul>
<h4 id="debian-lts-survey">Debian LTS Survey</h4>
<p>I’ve spent 9 hours on the LTS survey on the following bits:</p>
<ul>
<li>Importing the “useful” data and sorting it out and downloading the available graphs on the LS instance.</li>
<li>Figured that the LS data is not very clear and in some cases, pretty useless. Sigh.</li>
<li>Started writing the final document in LaTeX.</li>
<li>Screenshotted the graphs (neatly) and arranged them in the LaTeX docuement.</li>
<li>Readied it up to present in DebConf, during the LTS BoF. \o/</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in May 2022 https://utkarsh2102.org/posts/foss-in-may-22/Mon, 30 May 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-may-22/ <p>Here’s my (thirty-second) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 41st month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:</p>
<h4 id="debian-uploads">Debian Uploads</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/puppet-beaker">puppet-beaker</a> (4.30.0-2) - Sponsored the upload to fix net-ssh’s FTBFS.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-terminal-table">ruby-terminal-table</a> (3.0.2-1) - New upstream version, v3.0.2.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Volunteering for DC22 Content team.</li>
<li>Leading the Bursary team w/ Paulo.</li>
<li>Answering a bunch of questions and things bursary.</li>
<li>Being an AM for <a href="https://nm.debian.org/process/1024/">Arun Kumar, process #1024</a>.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 16th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirty-second month as a Debian LTS and twenty-third month as a Debian ELTS paid contributor.<br>
I worked for 35.00 hours for LTS and 30.00 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00010.html">DLA 2999-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-1328">CVE-2022-1328</a>, for <a href="https://tracker.debian.org/pkg/mutt">mutt</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.7.2-1+deb9u6.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html">DLA 3009-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-27239">CVE-2022-27239</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-29869">CVE-2022-29869</a>, for <a href="https://tracker.debian.org/pkg/cifs-utils">cifs-utils</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2:6.7-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00024.html">DLA 3013-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-30688">CVE-2022-30688</a>, for <a href="https://tracker.debian.org/pkg/needrestart">needrestart</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.11-3+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html">DLA 3014-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8659">CVE-2020-8659</a>, for <a href="https://tracker.debian.org/pkg/elog">elog</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.1.2-1-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/06/msg00000.html">DLA 3038-1</a>, for <a href="https://tracker.debian.org/pkg/debian-security-support">debian-security-support</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1:9+2022.06.02.</li>
<li>Working on tiff update for stretch.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="">ELA 607-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-1328">CVE-2022-1328</a>, for <a href="https://tracker.debian.org/pkg/mutt">mutt</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.5.23-3+deb8u6.</li>
<li>Issued <a href="">ELA 608-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-28044">CVE-2022-28044</a>, for <a href="https://tracker.debian.org/pkg/lrzip">lrzip</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.616-1+deb8u2.</li>
<li>Issued <a href="">ELA 611-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-25647">CVE-2022-25647</a>, for <a href="https://tracker.debian.org/pkg/libgoogle-gson-java">libgoogle-gson-java</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.2.4-1+deb8u1.</li>
<li>Issued <a href="">ELA 614-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-27239">CVE-2022-27239</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-29869">CVE-2022-29869</a>, for <a href="https://tracker.debian.org/pkg/cifs-utils">cifs-utils</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2:6.4-1+deb8u1.</li>
<li>Working on tiff and beep updates for jessie.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/cifs-utils">cifs-utils</a>,
<a href="https://tracker.debian.org/pkg/vim">vim</a>,
<a href="https://tracker.debian.org/pkg/elog">elog</a>,
<a href="https://tracker.debian.org/pkg/needrestart">needrestart</a>,
<a href="https://tracker.debian.org/pkg/amd64-microcode">amd64-microcode</a>,
<a href="https://tracker.debian.org/pkg/libgoogle-gson-java">libgoogle-gson-java</a>,
<a href="https://tracker.debian.org/pkg/lrzip">lrzip</a>, and
<a href="https://tracker.debian.org/pkg/mutt">mutt</a>.</li>
<li>Started as a Freexian Collaborator! \o/</li>
<li>Read through the documentation bits around that.</li>
<li>Helped and assisted new contributors joining Freexian.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>Participated and helped fellow members with theie queries via private mail and chat.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/05/threads.html">public mailing list</a>.</li>
</ul>
<h4 id="debian-lts-survey">Debian LTS Survey</h4>
<p>I’ve spent 2 hours on the LTS survey on the following bits:</p>
<ul>
<li>Finalizing and wrapping up the survey.</li>
<li>Providing the stats, working on the initial export of the survey.</li>
<li>Dropping ghost entries and other things which are useless. :)</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in April 2022 https://utkarsh2102.org/posts/foss-in-april-22/Sat, 30 Apr 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-april-22/ <p>Here’s my (thirty-first) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 40th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>There’s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:</p>
<h4 id="debian-uploads">Debian Uploads</h4>
<ul>
<li>Helped Andrius w/ FTBFS for php-text-captcha, reported via #977403.
<ul>
<li>I fixed the samed in Ubuntu a couple of months ago and they copied over the patch here.</li>
</ul>
</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Volunteering for DC22 Content team.</li>
<li>Leading the Bursary team w/ Paulo.</li>
<li>Answering a bunch of questions of referees and attendees around bursary.</li>
<li>Being an AM for <a href="https://nm.debian.org/process/1024/">Arun Kumar, process #1024</a>.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 15th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirty-first month as a Debian LTS and twentieth month as a Debian ELTS paid contributor.<br>
I worked for 23.25 hours for LTS and 20.00 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00007.html">DLA 2976-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-1271">CVE-2022-1271</a>, for <a href="https://tracker.debian.org/pkg/gzip">gzip</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.6-5+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00008.html">DLA 2977-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-1271">CVE-2022-1271</a>, for <a href="https://tracker.debian.org/pkg/xz-utils">xz-utils</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 5.2.2-1.2+deb9u1.</li>
<li>Working on src:tiff and src:mbedtls to fix the issues, <em>still</em> waiting for more issues to be reported, though.</li>
<li>Looking at src:mutt CVEs. Haven’t had the time to complete but shall roll out next month.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-593-1-gzip/">ELA 593-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-1271">CVE-2022-1271</a>, for <a href="https://tracker.debian.org/pkg/gzip">gzip</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.6-4+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-594-1-xz-utils/">ELA 594-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-1271">CVE-2022-1271</a>, for <a href="https://tracker.debian.org/pkg/xz-utils">xz-utils</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 5.1.1alpha+20120614-2+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-598-1-python2.7/">ELA 598-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-16935">CVE-2019-16935</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-3177">CVE-2021-3177</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-4189">CVE-2021-4189</a>, for <a href="https://tracker.debian.org/pkg/python2.7">python2.7</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.7.9-2-ds1-1+deb8u9.</li>
<li>Working on src:tiff and src:beep to fix the issues, <em>still</em> waiting for more issues to be reported for src:tiff and src:beep is a bit of a PITA, though. :)</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/gzip">gzip</a>,
<a href="https://tracker.debian.org/pkg/xz-utils">xz-utils</a>,
<a href="https://tracker.debian.org/pkg/tiff">tiff</a>,
<a href="https://tracker.debian.org/pkg/beep">beep</a>,
<a href="https://tracker.debian.org/pkg/python2.7">python2.7</a>,
<a href="https://tracker.debian.org/pkg/python-django">python-django</a>, and
<a href="https://tracker.debian.org/pkg/libgit2">libgit2</a>,</li>
<li>Signed up to be a Freexian Collaborator! \o/</li>
<li>Read through some bits around that.</li>
<li>Helped and assisted new contributors joining Freexian.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/04/threads.html">public mailing list</a>.</li>
<li>Attended monthly Debian meeting. Held on Jitsi this month.</li>
</ul>
<h4 id="debian-lts-survey">Debian LTS Survey</h4>
<p>I’ve spent 18 hours on the LTS survey on the following bits:</p>
<ul>
<li>Rolled out the announcement. Started the survey.</li>
<li>Answered a bunch of queries, people asked via e-mail.</li>
<li>Looked at another bunch of tickets: <a href="https://salsa.debian.org/freexian-team/project-funding/-/issues/23">https://salsa.debian.org/freexian-team/project-funding/-/issues/23</a>.</li>
<li>Sent a reminder and fixed a few things here and there.</li>
<li>Gave a status update during the meeting.</li>
<li>Extended the duration of the survey.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in March 2022 https://utkarsh2102.org/posts/foss-in-march-22/Wed, 30 Mar 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-march-22/ <p>Here’s my (thirtieth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 39th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>I recovered this month and cleared up a bunch of my backlog. So a good month, that way.</p>
<p>I didn’t do any uploads this month but I still did the following this month:</p>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Volunteering for DC22 Content team.</li>
<li>Volunteering for DC22 Bursary team.</li>
<li>Being a DC22 Bursary lead along w/ Paulo.</li>
<li>Being an AM for <a href="https://nm.debian.org/process/1024/">Arun Kumar, process #1024</a>.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 14th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirtieth month as a Debian LTS and nineteenth month as a Debian ELTS paid contributor.<br>
I worked for 57.75 out of 59.50 hours for LTS and 42.25 out of 60.00 hours for ELTS.</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00015.html">DLA 2943-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-30151">CVE-2021-30151</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2022-23837">CVE-2022-23837</a>, for <a href="https://tracker.debian.org/pkg/ruby-sidekiq">ruby-sidekiq</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.2.3+dfsg-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00022.html">DLA 2951-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-0561">CVE-2021-0561</a>, for <a href="https://tracker.debian.org/pkg/flac">flac</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00028.html">DLA 2956-1</a>, fixing some vulnerabilties which haven’t a CVE ID assigned yet, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.7.23+dfsg-0+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html">DLA 2958-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3700">CVE-2021-3700</a>, for <a href="https://tracker.debian.org/pkg/usbredir">usbredir</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.7.1-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html">DLA 2936-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-8098">CVE-2018-8098</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2018-8099">CVE-2018-8099</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2018-10887">CVE-2018-10887</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2018-10888">CVE-2018-10888</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2018-15501">CVE-2018-15501</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-12278">CVE-2020-12278</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-12279">CVE-2020-12279</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-1352">CVE-2019-1352</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2019-1353">CVE-2019-1353</a>, for <a href="https://tracker.debian.org/pkg/libgit2">libgit2</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.25.1+really0.24.6-1+deb9u1.</li>
<li>Working on src:tiff and src:mbedtls to fix the issues, waiting for more issues to be reported, though.</li>
<li>Help and assisted others w/ their queries, see “Other (E)LTS Work” section for more details.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-578-1-flac/">ELA 578-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-0561">CVE-2021-0561</a>, for <a href="https://tracker.debian.org/pkg/flac">flac</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.3.0-3+deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-582-1-wordpress/">ELA 582-1</a>, fixing some vulnerabilties which haven’t a CVE ID assigned yet, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 4.1.35+dfsg-0+deb8u1.</li>
<li>Worked on readying up python2.7 update. But the tests fails with a segfault but only on jessie. The very same works fine on stretch.<br>
Been trying to workthru the tests but it looks that it’s a test-only thing. But I’ll double-check to be sure. :)</li>
<li>Looked into src:bind9 for Markus. Also, coordinated the same w/ the Ubuntu security team (ESM one). Reported the findings that I and Marc discussed.<br>
Markus seemed to workthru a way out in the end. \o/</li>
<li>Working on src:tiff and src:beep to fix the issues, waiting for more issues to be reported for src:tiff and src:beep is a bit of a PITA, though. :)</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/xterm">xterm</a>,
<a href="https://tracker.debian.org/pkg/dojo">dojo</a>,
<a href="https://tracker.debian.org/pkg/strongswan">strongswan</a>,
<a href="https://tracker.debian.org/pkg/ruby-sidekiq">ruby-sidekiq</a>,
<a href="https://tracker.debian.org/pkg/flac">flac</a>,
<a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>,
<a href="https://tracker.debian.org/pkg/usbredir">usbredir</a>,
<a href="https://tracker.debian.org/pkg/debian-edu-config">debian-edu-config</a>,
<a href="https://tracker.debian.org/pkg/libphp-adodb">libphp-adodb</a>, and
<a href="https://tracker.debian.org/pkg/libgit2">libgit2</a>,</li>
<li>Contributed to “Freexian values” (cf: internal survey).</li>
<li>Read through the logs of the monthly Debian LTS meeting.</li>
<li>Helped w/ debian-archive-keyring thread and gave pointers to Anton.</li>
<li>Sorted out the <a href="https://lists.debian.org/debian-lts/2022/03/msg00026.html">LXD VM issue for src:libgit2 upload</a>.</li>
<li>Helped answer Markus’ question on src:bind9 security/regression updates.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/03/threads.html">public mailing list</a>.</li>
<li>Attended the monthly LTS meeting. Happened on #debian-lts this month.</li>
</ul>
<h4 id="debian-lts-survey">Debian LTS Survey</h4>
<p>I’ve spent 9 hours on the LTS survey on the following bits:<br>
(but I’ll invoice them next month)</p>
<ul>
<li>Organize questions. Re-order, fix, and add things wherever needed.</li>
<li>Finally set the whole thing up.</li>
<li>Did a couple of dry-runs.</li>
<li>Drafted the mail to be sent.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in February 2022 https://utkarsh2102.org/posts/foss-in-feb-22/Mon, 28 Feb 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-feb-22/ <p>Here’s my (twenty-ninth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 38th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>I had been sick this month, so most of the time I spent away from system, recovering, et al,
and also went through the huge backlog that I had, which is starting to get smaller. :D</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/at">at</a> (3.4.4-1) - Adding a DEP8 test for the package, fixing bug #985421.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 13th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-ninth month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.<br>
Whilst I was assigned 42.75 hours for LTS and 45.25 hours for ELTS, I could only work a little due to being sick and so
I spent 15.75 hours on LTS and 9.25 hours on ELTS and worked on the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/02/msg00003.html">DLA 2909-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-45079">CVE-2021-45079</a>, for <a href="https://tracker.debian.org/pkg/strongswan">strongswan</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 5.5.1-4+deb9u6.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html">DLA 2912-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3850">CVE-2021-3850</a>, for <a href="https://tracker.debian.org/pkg/libphp-adodb">libphp-adodb</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 5.20.9-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/02/msg00007.html">DLA 2913-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-24130">CVE-2022-24130</a>, for <a href="https://tracker.debian.org/pkg/xterm">xterm</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 327-2+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/02/msg00012.html">DLA 2918-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-20001">CVE-2021-20001</a>, for <a href="https://tracker.debian.org/pkg/debian-edu-config">debian-edu-config</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.929+deb9u5.</li>
<li>Simultaneously, I’ve been working on the python* update but couldn’t complete due to illness.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-559-1-dojo/">ELA 559-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-6561">CVE-2018-6561</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-4051">CVE-2020-4051</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-23450">CVE-2021-23450</a>, for <a href="https://tracker.debian.org/pkg/dojo">dojo</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.10.2+dfsg-1+deb8u4.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-560-1-libphp-adodb/">ELA 560-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3850">CVE-2021-3850</a>, for <a href="https://tracker.debian.org/pkg/libphp-adodb">libphp-adodb</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 5.15-1+deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-561-1-xterm/">ELA 561-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-24130">CVE-2022-24130</a>, for <a href="https://tracker.debian.org/pkg/xterm">xterm</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 312-2+deb8u4.</li>
<li>Also looking at python2.7 and python3.4 updates for jessie but couldn’t complete due to illness.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/xterm">xterm</a>,
<a href="https://tracker.debian.org/pkg/dojo">dojo</a>,
<a href="https://tracker.debian.org/pkg/strongswan">strongswan</a>,
<a href="https://tracker.debian.org/pkg/debian-edu-config">debian-edu-config</a>,
<a href="https://tracker.debian.org/pkg/libphp-adodb">libphp-adodb</a>, and
<a href="https://tracker.debian.org/pkg/libgit2">libgit2</a>,</li>
<li>Read through the logs of the monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/02/threads.html">public mailing list</a>.</li>
</ul>
<h4 id="debian-lts-survey">Debian LTS Survey</h4>
<p>I’ve spent 10 hours on the LTS survey on the following bits:<br>
(and 5 hours of the last month that I’m going to invoice this month)</p>
<ul>
<li>Put most of the content in the instance according to the question type.</li>
<li>Been going back and forth updating the status of the survey on the issue.</li>
<li>Trying to find a way to send to DDs - discussing with DPL, Raphael, and other people on the issue itself.</li>
<li>Completing the last bits to start the survey for the paid contributors, at least. Talking to Jeremiah about this.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in January 2022 https://utkarsh2102.org/posts/foss-in-jan-22/Sun, 30 Jan 2022 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-jan-22/ <p>Here’s my (twenty-eighth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 37th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Just churning through the backlog again this month. Ugh.</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby2.5">ruby2.5</a> (2.5.5-3+deb10u4) - Fixing CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, Fixes: CVE-2021-41817, and CVE-2021-41819 for Buster.</li>
<li><a href="https://tracker.debian.org/pkg/mat2">mat2</a> (0.12.2-1.1) - Add patch to fix AssertionError in test_libmat2, fixing bug #1002418.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-fast-gettext">ruby-fast-gettext</a> (2.0.3-2) - Add patch to fix FTBFS, fixing bug #1002103.</li>
<li><a href="https://tracker.debian.org/pkg/python-flask-marshmallow">python-flask-marshmallow</a> (0.14.0-1) - New upstream version, v0.14.0, fixing bug #989269.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a> (2.2.3-4) - Add patch to fix build and autopkgtest.</li>
<li><a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a> (2.7.4-1+deb11u1) - Fixing CVE-2021-41816, CVE-2021-41817, and CVE-2021-41819 for Bullseye.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 12th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from the fall, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-seventh month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.<br>
I was assigned 58.25 hours for LTS and 60.00 hours for ELTS and worked on the following things:<br>
(I already worked for 20h in the last month (December) because of vacation :D)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/01/msg00019.html">DLA 2884-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-21661">CVE-2022-21661</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-21662">CVE-2022-21662</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-21663">CVE-2022-21663</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-21664">CVE-2022-21664</a>, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.7.22+dfsg-0+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/01/msg00020.html">DLA 2885-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3481">CVE-2021-3481</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-45930">CVE-2021-45930</a>, for <a href="https://tracker.debian.org/pkg/qtsvg-opensource-src">qtsvg-opensource-src</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 5.7.1~20161021-2.1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/01/msg00022.html">DLA 2895-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3481">CVE-2021-3481</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-45930">CVE-2021-45930</a>, for <a href="https://tracker.debian.org/pkg/qt4-x11">qt4-x11</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4:4.8.7+dfsg-11+deb9u3.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html">DLA 2894-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-45417">CVE-2021-45417</a>, for <a href="https://tracker.debian.org/pkg/aide">aide</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.16-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-security-announce/2022/msg00034.html">DSA 5067-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-41816">CVE-2021-41816</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-41817">CVE-2021-41817</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-41819">CVE-2021-41819</a>, for <a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a>.<br>
For Debian 11 bullseye, these problems have been fixed in version 2.7.4-1+deb11u1.</li>
<li>Also worked on the policykit-1 security update, rolled out by Salvatore.</li>
<li>Simultaneously, I’ve been working on the samba and python* update.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-539-1-wordpress/">ELA 539-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2022-21661">CVE-2022-21661</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-21662">CVE-2022-21662</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2022-21663">CVE-2022-21663</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2022-21664">CVE-2022-21664</a>, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 4.1.34+dfsg-0+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-543-1-qtsvg-opensource-src/">ELA 543-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-19869">CVE-2018-19869</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-3481">CVE-2021-3481</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-45930">CVE-2021-45930</a>, for <a href="https://tracker.debian.org/pkg/qtsvg-opensource-src">qtsvg-opensource-src</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 5.3.2-2+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-545-1-aide/">ELA 545-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-45417">CVE-2021-45417</a>, for <a href="https://tracker.debian.org/pkg/aide">aide</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.16~a2.git20130520-3+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-554-1-qt4-x11/">ELA 554-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-19872">CVE-2018-19872</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-3481">CVE-2021-3481</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-45930">CVE-2021-45930</a>, for <a href="https://tracker.debian.org/pkg/qt4-x11">qt4-x11</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u4.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-555-1-shadow/">ELA 555-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2017-12424">CVE-2017-12424</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2018-7169">CVE-2018-7169</a>, for <a href="https://tracker.debian.org/pkg/shadow">shadow</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1:4.2-3+deb8u5.</li>
<li>Issued <a href="https://lists.debian.org/debian-security-announce/2022/msg00033.html">DSA 5066-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28965">CVE-2021-28965</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-31799">CVE-2021-31799</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-31810">CVE-2021-31810</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-41817">CVE-2021-41817</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-41819">CVE-2021-41819</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-32066">CVE-2021-32066</a>, for <a href="https://tracker.debian.org/pkg/ruby2.5">ruby2.5</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.5.5-3+deb10u4.</li>
<li>Worked on the policykit-1 (<a href="https://deb.freexian.com/extended-lts/updates/ela-551-1-policykit-1/">ELA 551-1</a>) security update for jessie, fixing CVE-2021-4034, but was rolled out by Emilio due to a slight clash, but all good. :)</li>
<li>Been working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.<br>
The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. Might need to unclaim, I think.</li>
<li>Found the problem w/ libjdom1-java. Will have to roll the regression upload.</li>
<li>Also looking at python2.7 and python3.4 updates for jessie. Some regressions for the package has been reported on the Ubuntu side.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 24-01 to 30-01 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>,
<a href="https://tracker.debian.org/pkg/php-nette">php-nette</a>,
<a href="https://tracker.debian.org/pkg/samba">samba</a>,
<a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>, and
<a href="https://tracker.debian.org/pkg/qtsvg-opensource-src">qtsvg-opensource-src</a>,
<a href="https://tracker.debian.org/pkg/qt4-x11">qt4-x11</a>,
<a href="https://tracker.debian.org/pkg/python2.7">python2.7</a>,
<a href="https://tracker.debian.org/pkg/python3.4">python3.4</a>,
<a href="https://tracker.debian.org/pkg/libspring-java">libspring-java</a>,
<a href="https://tracker.debian.org/pkg/librecad">librecad</a>,
<a href="https://tracker.debian.org/pkg/minetest">minetest</a>,
<a href="https://tracker.debian.org/pkg/spip">spip</a>,
<a href="https://tracker.debian.org/pkg/varnish">varnish</a>,
<a href="https://tracker.debian.org/pkg/libimage-exiftool-perl">libimage-exiftool-perl</a>,
<a href="https://tracker.debian.org/pkg/libsixel">libsixel</a>,
<a href="https://tracker.debian.org/pkg/openexr">openexr</a>,
<a href="https://tracker.debian.org/pkg/openssl">openssl</a>,
<a href="https://tracker.debian.org/pkg/phpmyadmin">phpmyadmin</a>,
<a href="https://tracker.debian.org/pkg/util-linux">util-linux</a>,
<a href="https://tracker.debian.org/pkg/shadow">shadow</a>,
<a href="https://tracker.debian.org/pkg/ruby2.5">ruby2.5</a>, and
<a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a>.</li>
<li>Mark CVE-2022-21648/php-nette as not-affected for stretch and jessie.</li>
<li>Mark CVE-2021-23803/php-nette as not-affected for stretch and jessie.</li>
<li>Mark CVE-2021-22060/libspring-java as end-of-life for stretch.</li>
<li>Mark CVE-2022-23935/libimage-exiftool-perl as no-dsa for stretch.</li>
<li>Mark CVE-2021-45340/libsixel as no-dsa for stretch.</li>
<li>Mark CVE-2021-45942/openexr as no-dsa for stretch.</li>
<li>Mark CVE-2021-4160/openssl as no-dsa for stretch.</li>
<li>Mark CVE-2022-23807/phpmyadmin as not-affected at all.</li>
<li>Mark CVE-2022-23808/phpmyadmin as not-affected at all.</li>
<li>Mark CVE-2022-23935/libimage-exiftool-perl as no-dsa for jessie.</li>
<li>Mark CVE-2021-4160/openssl as no-dsa for jessie.</li>
<li>Mark CVE-2021-3995/util-linux as not-affected for jessie.</li>
<li>Mark CVE-2021-3996/util-linux as not-affected for jessie.</li>
<li>Mark CVE-2022-23959/varnish as not-affected for jessie.</li>
<li>Mark CVE-2021-4160/openssl as ignored instead for stretch.</li>
<li>Auto EOL’ed 389-ds-base, mongodb, kfreebsd-10, spip, strongswan, libsixel, xen, connman, minetest, and linux for jessie.</li>
<li>Attended monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2022/01/threads.html">public mailing list</a>.</li>
</ul>
<h4 id="debian-lts-survey">Debian LTS Survey</h4>
<p>I’ve spent 5 hours on the LTS survey on the following bits:<br>
(however, I’ll invoice them together next month)</p>
<ul>
<li>Went through the content to put in the survey.</li>
<li>Put some of them there according to the question type.</li>
<li>Been going back and forth updating the status of the survey on the issue.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in December 2021 https://utkarsh2102.org/posts/foss-in-dec-21/Thu, 30 Dec 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-dec-21/ <p>Here’s my (twenty-seventh) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 36th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Just churning through the backlog again this month. Ugh.</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a> (2.7.5-1) - New upstream version fixing 3 new CVEs.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 11th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I’ve joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from next year onward, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-seventh month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.<br>
I was assigned 40.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:<br>
(since I had a 3-week vacation, I wanted to wrap things up that were pending and so I worked for 20h more for LTS, which I’ll compensate the next month!)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="">DLA 2844-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-44540">CVE-2021-44540</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-44543">CVE-2021-44543</a>, for <a href="https://tracker.debian.org/pkg/privoxy">privoxy</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.0.26-3+deb9u3.</li>
<li>Issued <a href="">DLA 2847-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-44858">CVE-2021-44858</a>, for <a href="https://tracker.debian.org/pkg/mediawiki">mediawiki</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1:1.27.7-1+deb9u11.</li>
<li>Issued <a href="">DLA 2853-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-41817">CVE-2021-41817</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-41819">CVE-2021-41819</a>, for <a href="https://tracker.debian.org/pkg/ruby2.3">ruby2.3</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.3.3-1+deb9u11.</li>
<li>Issued <a href="">DLA 2854-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2017-18635">CVE-2017-18635</a>, for <a href="https://tracker.debian.org/pkg/novnc">novnc</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1:0.4+dfsg+1+20131010+gitf68af8af3d-6+deb9u1.</li>
<li>Issued <a href="">DLA 2860-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-7750">CVE-2018-7750</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2018-1000805">CVE-2018-1000805</a>, for <a href="https://tracker.debian.org/pkg/paramiko">paramiko</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.0.0-1+deb9u1.</li>
<li>Issued <a href="">DLA 2862-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-12020">CVE-2018-12020</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2019-6690">CVE-2019-6690</a>, for <a href="https://tracker.debian.org/pkg/python-gnupg">python-gnupg</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.3.9-1+deb9u1.</li>
<li>Issued <a href="">DLA 2864-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2017-1002201">CVE-2017-1002201</a>, for <a href="https://tracker.debian.org/pkg/ruby-haml">ruby-haml</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.0.7-1+deb9u1.</li>
<li>Issued <a href="">DLA 2871-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-43818">CVE-2021-43818</a>, for <a href="https://tracker.debian.org/pkg/lxml">lxml</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.7.1-1+deb9u5.</li>
<li>Simultaneously, I’ve been working on rolling the samba update. Should happen the next month.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="">ELA 525-2</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-43527">CVE-2021-43527</a>, for <a href="https://tracker.debian.org/pkg/nss">nss</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u15.</li>
<li>Issued <a href="">ELA 530-1</a>, for <a href="https://tracker.debian.org/pkg/systemd">systemd</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 215-17+deb8u14.</li>
<li>Issued <a href="">ELA 531-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-41817">CVE-2021-41817</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-41819">CVE-2021-41819</a>, for <a href="https://tracker.debian.org/pkg/ruby2.1">ruby2.1</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.1.5-2+deb8u13.</li>
<li>Issued <a href="">ELA 533-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-12020">CVE-2018-12020</a>, for <a href="https://tracker.debian.org/pkg/python-gnupg">python-gnupg</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.3.6-1+deb8u2.</li>
<li>Issued <a href="">ELA 536-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-43818">CVE-2021-43818</a>, for <a href="https://tracker.debian.org/pkg/lxml">lxml</a>.<br>
For Debian 8 jessie, these problems have been fixed in version Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain.</li>
<li>Started working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.<br>
The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. I’ve talked to Anton to work something out. \o/</li>
<li>Found the problem w/ libjdom1-java. Will have to roll the regression upload.<br>
I’ve prepared the patch but needs some testing to be finally rolled out. Same for stretch.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 29-11 to 05-12 and 20-12 to 26-12 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/ffmpeg">ffmpeg</a>,
<a href="https://tracker.debian.org/pkg/git">git</a>,
<a href="https://tracker.debian.org/pkg/gpac">gpac</a>,
<a href="https://tracker.debian.org/pkg/inetutils">inetutils</a>,
<a href="https://tracker.debian.org/pkg/mc">mc</a>,
<a href="https://tracker.debian.org/pkg/modsecurity-crs">modsecurity-crs</a>,
<a href="https://tracker.debian.org/pkg/node-object-path">node-object-path</a>,
<a href="https://tracker.debian.org/pkg/php-pear">php-pear</a>,
<a href="https://tracker.debian.org/pkg/systemd-cron">systemd-cron</a>,
<a href="https://tracker.debian.org/pkg/node-tar">node-tar</a>,
<a href="https://tracker.debian.org/pkg/ruby2.3">ruby2.3</a>,
<a href="https://tracker.debian.org/pkg/gst-plugins-bad0.10">gst-plugins-bad0.10</a>,
<a href="https://tracker.debian.org/pkg/npm">npm</a>,
<a href="https://tracker.debian.org/pkg/nltk">nltk</a>,
<a href="https://tracker.debian.org/pkg/request-tracker4">request-tracker4</a>,
<a href="https://tracker.debian.org/pkg/ros-ros-comm">ros-ros-comm</a>,
<a href="https://tracker.debian.org/pkg/mediawiki">mediawiki</a>,
<a href="https://tracker.debian.org/pkg/ruby2.1">ruby2.1</a>,
<a href="https://tracker.debian.org/pkg/ckeditor">ckeditor</a>,
<a href="https://tracker.debian.org/pkg/ntfs-3g">ntfs-3g</a>,
<a href="https://tracker.debian.org/pkg/tiff">tiff</a>,
<a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>, and
<a href="https://tracker.debian.org/pkg/jsoup">jsoup</a>,
<a href="https://tracker.debian.org/pkg/udisks2">udisks2</a>,
<a href="https://tracker.debian.org/pkg/libgit2">libgit2</a>,
<a href="https://tracker.debian.org/pkg/python3.5">python3.5</a>,
<a href="https://tracker.debian.org/pkg/python3.4">python3.4</a>, and
<a href="https://tracker.debian.org/pkg/openssh">openssh</a>.</li>
<li>Mark CVE-2021-38171/ffmpeg as postponed for stretch.</li>
<li>Mark CVE-2021-40330/git as no-dsa for stretch and jessie.</li>
<li>Mark CVE-2020-19481/gpac as ignored for stretch.</li>
<li>Mark CVE-2021-40491/inetutils as no-dsa for stretch.</li>
<li>Mark CVE-2021-36370/mc as no-dsa for stretch and jessie.</li>
<li>Mark CVE-2021-35368/modsecurity-crs as no-dsa for stretch.</li>
<li>Mark CVE-2021-23434/node-object-path as end-of-life for stretch.</li>
<li>Mark CVE-2021-32610/php-pear as no-dsa for stretch.</li>
<li>Mark CVE-2017-9525/systemd-cron as no-dsa for stretch.</li>
<li>Mark CVE-2021-37701/node-tar as end-of-life for stretch.</li>
<li>Mark CVE-2021-37712/node-tar as end-of-life in stretch.</li>
<li>Mark CVE-2021-39201/wordpress as not-affected for jessie.</li>
<li>Mark CVE-2020-19143/tiff as not-affected for stretch and jessie.</li>
<li>Mark CVE-2021-38562/request-tracker4 as no-dsa for stretch.</li>
<li>Mark CVE-2021-37146/ros-ros-comm as no-dsa for stretch.</li>
<li>Mark CVE-2021-28965/ruby2.1 as ignored for jessie.</li>
<li>Mark CVE-2021-37714/jsoup as ignored for jessie.</li>
<li>Mark CVE-2021-41617/openssh as no-dsa for jessie.</li>
<li>Auto EOL’ed ardour, nltk, request-tracker4, python-scrapy, webkit2gtk, and linux for jessie.</li>
<li>Attended monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/12/threads.html">public mailing list</a>.</li>
</ul>
<h4 id="debian-lts-survey">Debian LTS Survey</h4>
<p>I’ve spent 5 hours on the LTS survey on the following bits:</p>
<ul>
<li>Went through the old content on the previous survey.</li>
<li>Reviewed the new content - still more work to do.</li>
<li>Discussed the survey bits in the team meeting.</li>
<li>Partly reviewing the questions of the survey.</li>
<li>Walking through the instance to find the doability of the tasks discussed in the meeting.</li>
<li>Segregating and staging questions. More work to do here.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in November 2021 https://utkarsh2102.org/posts/foss-in-nov-21/Tue, 30 Nov 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-nov-21/ <p>Here’s my (twenty-sixth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 35th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Just churning through the backlog again this month. Ugh.</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.1.4.1+dfsg-3) - No-change rebuild for unstable.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 10th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I’ve joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from next year onward, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-sixth month as a Debian LTS and seventeenth month as a Debian ELTS paid contributor.<br>
I was assigned 30.00 hours for LTS and 45.00 hours for ELTS and worked on the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="">DLA 2813-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33829">CVE-2021-33829</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-37695">CVE-2021-37695</a>, for <a href="https://tracker.debian.org/pkg/ckeditor">ckeditor</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.5.7+dfsg-2+deb9u1.</li>
<li>Issued <a href="">DLA 2817-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-23214">CVE-2021-23214</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-23222">CVE-2021-23222</a>, for <a href="https://tracker.debian.org/pkg/postgresql-9.6">postgresql-9.6</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 9.6.24-0+deb9u1.</li>
<li>Issued <a href="">DLA 2836-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-43527">CVE-2021-43527</a>, for <a href="https://tracker.debian.org/pkg/nss">nss</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u3.</li>
<li>Started working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.<br>
The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. I’ve talked to Anton to work something out. \o/</li>
<li>Found the problem w/ libjdom1-java. Will have to roll the regression upload.<br>
I’ve prepared the patch but needs some testing to be finally rolled out. Same for jessie.</li>
<li>Started working on libgit2.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="">ELA 523-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33285">CVE-2021-33285</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-33286">CVE-2021-33286</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-33287">CVE-2021-33287</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-33289">CVE-2021-33289</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-35266">CVE-2021-35266</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-35267">CVE-2021-35267</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-35268">CVE-2021-35268</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-35269">CVE-2021-35269</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39251">CVE-2021-39251</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39252">CVE-2021-39252</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39253">CVE-2021-39253</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39254">CVE-2021-39254</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39255">CVE-2021-39255</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39256">CVE-2021-39256</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39257">CVE-2021-39257</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39258">CVE-2021-39258</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39259">CVE-2021-39259</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39260">CVE-2021-39260</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39261">CVE-2021-39261</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-39262">CVE-2021-39262</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-39263">CVE-2021-39263</a>, for <a href="https://tracker.debian.org/pkg/ntfs-3g">ntfs-3g</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1:2014.2.15AR.2-1+deb8u5.</li>
<li>Issued <a href="">ELA 524-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-43618">CVE-2021-43618</a>, for <a href="https://tracker.debian.org/pkg/gmp">gmp</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2:6.0.0+dfsg-6+deb8u1.</li>
<li>Issued <a href="">ELA 525-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-43527">CVE-2021-43527</a>, for <a href="https://tracker.debian.org/pkg/nss">nss</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u14.</li>
<li>Started working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.<br>
The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. I’ve talked to Anton to work something out. \o/</li>
<li>Found the problem w/ libjdom1-java. Will have to roll the regression upload.<br>
I’ve prepared the patch but needs some testing to be finally rolled out. Same for stretch.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 29-11 to 05-12 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/udisks2">udisk2</a>,
<a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>,
<a href="https://tracker.debian.org/pkg/samba">samba</a>,
<a href="https://tracker.debian.org/pkg/gmp">gmp</a>,
<a href="https://tracker.debian.org/pkg/nss">nss</a>,
<a href="https://tracker.debian.org/pkg/ntfs-3g">ntfs-3g</a>, and
<a href="https://tracker.debian.org/pkg/openssh">openssh</a>.</li>
<li>Auto EOL’ed dwarfutils, radare2, mongodb, linux for jessie.</li>
<li>As FD, did a deep dive into the no-pu-update issue. Will write to list shortly.</li>
<li>Attended monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/11/threads.html">public mailing list</a>.</li>
</ul>
<h4 id="debian-lts-survey">Debian LTS Survey</h4>
<p>I’ve spent 3 hours on the LTS survey on the following bits:</p>
<ul>
<li>Talking to Laura to revive the old a/c on survey.d.net.</li>
<li>Setting up stuff there.</li>
<li>Discussing the survey questions and other bits w/ Jeremiah.</li>
<li>Partly reviewing the questions of the survey.</li>
<li>Doing a walkthru of the LimeSurvey instance we have to make sure there are no “changes”.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in October 2021 https://utkarsh2102.org/posts/foss-in-oct-21/Sat, 30 Oct 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-oct-21/ <p>Here’s my (twenty-fifth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 34th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Just churning through the backlog again this month. Ugh.</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<p>Hah, as a surprise, I did no uploads or bug fixes this month. :(</p>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 9th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I’ve joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from next year onward, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-fifth month as a Debian LTS and sixteenth month as a Debian ELTS paid contributor.<br>
I was assigned 28.50 hours for LTS and 40.00 hours for ELTS and worked on the following things:<br>
(however, I only worked for 35h on ELTS work, thereby, carrying over a few hours.)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/10/msg00009.html">DLA 2780-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-31799">CVE-2021-31799</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-31810">CVE-2021-31810</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-32066">CVE-2021-32066</a>, for <a href="https://tracker.debian.org/pkg/ruby2.3">ruby2.3</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.3.3-1+deb9u10.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/10/msg00012.html">DLA 2743-2</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2017-5715">CVE-2017-5715</a>, for <a href="https://tracker.debian.org/pkg/amd64-microcode">amd64-microcode</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.20181128.1~deb9u2.<br>
This update took the most time as this had to be co-ordinated w/ multiple people and teams. But finally got this sorted! \o/</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/11/msg00003.html">DLA 2808-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3733">CVE-2021-3733</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-3737">CVE-2021-3737</a>, for <a href="https://tracker.debian.org/pkg/python3.5">python3.5</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.5.3-1+deb9u5.</li>
<li>Prepped the debian-archive-keyring update, however the build fails because of Jonathan’s GPG keys.
Wrote to <a href="https://lists.debian.org/debian-release/2021/10/msg00174.html">the list</a> and Jonathan replied that they’ll prep a branch that I can land later. So waiting on that.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-510-1-python3.4/">ELA 510-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3426">CVE-2021-3426</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-3733">CVE-2021-3733</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-3737">CVE-2021-3737</a>, for <a href="https://tracker.debian.org/pkg/python3.4">python3.4</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 3.4.2-1+deb8u11.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-513-1-ckeditor/">ELA 513-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33829">CVE-2021-33829</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-37695">CVE-2021-37695</a>, for <a href="https://tracker.debian.org/pkg/ckeditor">ckeditor</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 4.4.4+dfsg1-3+deb8u1.</li>
<li>Took a look at jsoup again. Post-discussion, the customer did not revert, so we decided to ignore the CVEs.</li>
<li>Worked on openssh’s reported regression (<a href="https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1934501">via LP: #1934501</a>) and found that Debian
jessie, stretch, buster, and bullseye aren’t affected. Informed the security team as well (whom I woked along with). Given that all seemed in order,
we decided to postpone the new CVE since that was a minor issue which can be piggy-backed later with a more severe issue.</li>
<li>Co-ordinated with Abhijith who unclaimed ntfs-3g and started working on the update. A high number of CVEs are open. Work still in progress.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 27-09 to 03-10 and 25-10 to 31-10 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/rpm">rpm</a>,
<a href="https://tracker.debian.org/pkg/npm">npm</a>,
<a href="https://tracker.debian.org/pkg/nltk">nltk</a>,
<a href="https://tracker.debian.org/pkg/request-tracker4">request-tracker4</a>,
<a href="https://tracker.debian.org/pkg/ros-ros-comm">ros-ros-comm</a>,
<a href="https://tracker.debian.org/pkg/mediawiki">mediawiki</a>,
<a href="https://tracker.debian.org/pkg/ruby2.1">ruby2.1</a>,
<a href="https://tracker.debian.org/pkg/ckeditor">ckeditor</a>,
<a href="https://tracker.debian.org/pkg/ntfs-3g">ntfs-3g</a>,
<a href="https://tracker.debian.org/pkg/jsoup">jsoup</a>,
<a href="https://tracker.debian.org/pkg/udisks2">udisks2</a>,
<a href="https://tracker.debian.org/pkg/libgit2">libgit2</a>,
<a href="https://tracker.debian.org/pkg/python3.5">python3.5</a>,
<a href="https://tracker.debian.org/pkg/python3.4">python3.4</a>, and
<a href="https://tracker.debian.org/pkg/openssh">openssh</a>.</li>
<li>Mark CVE-2021-3521/rpm as postponed for stretch and jessie.</li>
<li>Mark CVE-2021-3913{4,5}/npm as no-dsa.</li>
<li>Mark CVE-2021-3828/nltk as no-dsa for stretch.</li>
<li>Mark CVE-2021-38562/request-tracker4 as no-dsa for stretch.</li>
<li>Mark CVE-2021-37146/ros-ros-comm as no-dsa for stretch.</li>
<li>Mark CVE-2021-28965/ruby2.1 as ignored for jessie.</li>
<li>Mark CVE-2021-37714/jsoup as ignored for jessie.</li>
<li>Mark CVE-2021-41617/openssh as no-dsa for jessie.</li>
<li>Auto EOL’ed ardour, nltk, request-tracker4, python-scrapy, webkit2gtk, and linux for jessie.</li>
<li>Drop wordpress from dla-needed for stretch and jessie. No update needed.</li>
<li>Attended monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/10/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in September 2021 https://utkarsh2102.org/posts/foss-in-sept-21/Thu, 30 Sep 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-sept-21/ <p>Here’s my (twenty-fourth) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 33rd month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Just churning through the backlog this month. Ugh.</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<p>Hah, as a surprise, I did no uploads or bug fixes this month. :(</p>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 8th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I’ve joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s
no concrete list atm. Maybe I’ll get back to this section later or
will start to list stuff from next year onward, as I was doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-fourth month as a Debian LTS and twelfth month as a Debian ELTS paid contributor.<br>
I was assigned 24.75 hours for LTS and 40.00 hours for ELTS and worked on the following things:<br>
(however, I worked for 6.75h more on ELTS work, thereby, making a total of 46.75h)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html">DLA 2751-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3449">CVE-2021-3449</a>, for <a href="https://tracker.debian.org/pkg/postgresql-9.6">postgresql-9.6</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.20181128.1~deb9u1.<br>
However, please note that the update was prepped by the maintainer, Christoph Berg. \o/</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/10/msg00004.html">DLA 2777-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-19131">CVE-2020-19131</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-19144">CVE-2020-19144</a>, for <a href="https://tracker.debian.org/pkg/tiff">tiff</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.0.8-2+deb9u7.</li>
<li>Still discussing salt DLA/DSA uploads with Fredrico, Damien, and the maintainer.<br>
I reviewed the patch and it looks good but we’ve been having build issues on buster, so have postponed the update/upload for a bit. Will need a fresh look.</li>
<li>Philipp Hann raised <a href="https://lists.debian.org/debian-lts/2021/08/msg00033.html">the issue</a> for incomplete uploads of amd64-microcode, where the binaries haven’t been pusblished yet.<br>
I took a look and that seems to be a valid bug/report, I’ve further discussed with the buildd admins and the security team to see what we can do here.</li>
<li>Raphael Hertzog raised a <a href="https://bugs.debian.org/992966">bug</a> for debian-archive-keyring, which needs an update prepped for stretch.<br>
I’ve been looking at the same and mildly prepped the update, but still work-in-progress.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-486-1-gst-plugins-bad0.10/">ELA 486-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3185">CVE-2021-3185</a>, for <a href="https://tracker.debian.org/pkg/gst-plugins-bad0.10">gst-plugins-bad0.10</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.10.23-7.4+deb8u5.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-492-1-tiff/">ELA 492-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-19131">CVE-2020-19131</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-19144">CVE-2020-19144</a>, for <a href="https://tracker.debian.org/pkg/tiff">tiff</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 4.0.3-12.3+deb8u12.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-495-1-ruby2.1/">ELA 495-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-31799">CVE-2021-31799</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-31810">CVE-2021-31810</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-32066">CVE-2021-32066</a>, for <a href="https://tracker.debian.org/pkg/ruby2.1">ruby2.1</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.1.5-2+deb8u12.</li>
<li>Discussed the libjdom1-java regression plausiblity with the security team, where the last uploader forgot to include a regression fix and thus warrants a regression upload now.<br>
Working on checking the severity w/ upstream to see how urgent it is.</li>
<li>Worked on jsoup intensively. Discussed w/ upstream via <a href="https://github.com/jhy/jsoup/issues/1627">issue #1627</a>.<br>
Further checked how plausible this is and discussed this on the internal list w/ Markus and Raphael.</li>
<li>Whilst a separate section (below), it’s also worth noting here that this time’s front-desk triages had to be precise as there were really close calls to be made w.r.t. to the decisions made by the Debian’s security and Ubuntu’s security team.<br>
More on that below.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 30-08 until 05-09 and 27-09 to 03-10 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/ffmpeg">ffmpeg</a>,
<a href="https://tracker.debian.org/pkg/git">git</a>,
<a href="https://tracker.debian.org/pkg/gpac">gpac</a>,
<a href="https://tracker.debian.org/pkg/inetutils">inetutils</a>,
<a href="https://tracker.debian.org/pkg/mc">mc</a>,
<a href="https://tracker.debian.org/pkg/modsecurity-crs">modsecurity-crs</a>,
<a href="https://tracker.debian.org/pkg/node-object-path">node-object-path</a>,
<a href="https://tracker.debian.org/pkg/php-pear">php-pear</a>,
<a href="https://tracker.debian.org/pkg/systemd-cron">systemd-cron</a>,
<a href="https://tracker.debian.org/pkg/node-tar">node-tar</a>,
<a href="https://tracker.debian.org/pkg/ruby2.3">ruby2.3</a>,
<a href="https://tracker.debian.org/pkg/gst-plugins-bad0.10">gst-plugins-bad0.10</a>,
<a href="https://tracker.debian.org/pkg/ntfs-3g">ntfs-3g</a>,
<a href="https://tracker.debian.org/pkg/tiff">tiff</a>,
<a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>, and
<a href="https://tracker.debian.org/pkg/openssh">openssh</a>.</li>
<li>Mark CVE-2021-38171/ffmpeg as postponed for stretch.</li>
<li>Mark CVE-2021-40330/git as no-dsa for stretch and jessie.</li>
<li>Mark CVE-2020-19481/gpac as ignored for stretch.</li>
<li>Mark CVE-2021-40491/inetutils as no-dsa for stretch.</li>
<li>Mark CVE-2021-36370/mc as no-dsa for stretch and jessie.</li>
<li>Mark CVE-2021-35368/modsecurity-crs as no-dsa for stretch.</li>
<li>Mark CVE-2021-23434/node-object-path as end-of-life for stretch.</li>
<li>Mark CVE-2021-32610/php-pear as no-dsa for stretch.</li>
<li>Mark CVE-2017-9525/systemd-cron as no-dsa for stretch.</li>
<li>Mark CVE-2021-37701/node-tar as end-of-life for stretch.</li>
<li>Mark CVE-2021-37712/node-tar as end-of-life in stretch.</li>
<li>Mark CVE-2021-39201/wordpress as not-affected for jessie.</li>
<li>Mark CVE-2020-19143/tiff as not-affected for stretch and jessie.</li>
<li>Auto EOL’ed gpac, nltk, request-tracker4, and linux for jessie.</li>
<li>Drop wordpress from {d,e}la-needed for stretch and jessie. No update needed.</li>
<li>Drop qtbase-opensource-src from dla-needed for stretch. CVE-2020-24742 has the same fix as CVE-2020-0569.</li>
<li>A backporting error for CVE-2018-15473 was reported in Ubuntu (and can see the same code differences here). This needs further deeper investigation w/ Ubuntu and Debian security teams involved.</li>
<li>Attended monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/09/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in August 2021 https://utkarsh2102.org/posts/foss-in-aug-21/Mon, 30 Aug 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-aug-21/ <p>Here’s my (twenty-third) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 32nd month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Tough month but I mostly spent on it churning through the immense backlog. But that
somewhat backfired and I have even more backlog than ever. :D</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby3.0">ruby3.0</a> (3.0.0-2) - Upload to unstable! \o/</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 7th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I’ve joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess. But mostly on packaging <a href="https://github.com/utkarsh2102/python-keylime">keylime</a> and some Google Agents upload(s) and SRU(s). Also did a lot of reviewing, et al.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from next month onward, as I’ve been doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-third month as a Debian LTS and eleventh month as a Debian ELTS paid contributor.<br>
I was assigned 23.75 hours for LTS and 40.00 hours for ELTS and worked on the following things:<br>
(however, I only worked for 23.75h on ELTS work, thereby, carrying the rest to next month)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html">DLA 2743-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2017-5715">CVE-2017-5715</a>, for <a href="https://tracker.debian.org/pkg/amd64-microcode">amd64-microcode</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.20181128.1~deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/08/msg00021.html">DLA 2744-1</a>, fixing the <a href="https://bugs.debian.org/991808">versioning issue</a>, for <a href="https://tracker.debian.org/pkg/usermode">usermode</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.109-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html">DLA 2750-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-20421">CVE-2019-20421</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-3482">CVE-2021-3482</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-29457">CVE-2021-29457</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-29473">CVE-2021-29473</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-31291">CVE-2021-31291</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-31292">CVE-2021-31292</a>, for <a href="https://tracker.debian.org/pkg/exiv2">exiv2</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.25-3.1+deb9u3.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-479-1-exiv2/">ELA 479-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-20421">CVE-2019-20421</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-3482">CVE-2021-3482</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-29457">CVE-2021-29457</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-29473">CVE-2021-29473</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-31291">CVE-2021-31291</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-31292">CVE-2021-31292</a>, for <a href="https://tracker.debian.org/pkg/exiv2">exiv2</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.24-4.1+deb8u6.</li>
<li>Noticed that there’s a fallout of CVE-2021-3185, where an update was issued for gst-plugins-bad1.0, however, not for gst-plugins-bad0.10.<br>
Thanks to Sylvain’s script, this came up and I prepped an update for that.</li>
<li>Started to work on libjdom1-java’s regression.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 26-07 until 01-08 and from 30-08 until 05-09 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/haproxy">haproxy</a>,
<a href="https://tracker.debian.org/pkg/ntfs-3g">ntfs-3g</a>, and
<a href="https://tracker.debian.org/pkg/cyrus-imapd">cyrus-imapd</a>, and
<a href="https://tracker.debian.org/pkg/exiv2">exiv2</a>,
<a href="https://tracker.debian.org/pkg/jsoup">jsoup</a>,
<a href="https://tracker.debian.org/pkg/libxstream-java">libxstream-java</a>,
<a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/tomcat7">tomcat7</a>,
<a href="https://tracker.debian.org/pkg/ruby2.1">ruby2.1</a>,
<a href="https://tracker.debian.org/pkg/prototypejs">prototypejs</a>,
<a href="https://tracker.debian.org/pkg/pillow">pillow</a>,
<a href="https://tracker.debian.org/pkg/cpio">cpio</a>, and
<a href="https://tracker.debian.org/pkg/qtbase-opensource-src">qtbase-opensource-src</a>, and
<a href="https://tracker.debian.org/pkg/amd64-microcode">amd64-microcode</a>.</li>
<li>Mark CVE-2021-39240/haproxy as not-affected for stretch and jessie.</li>
<li>Mark CVE-2021-39241/haproxy as not-affected for stretch and jessie.</li>
<li>Mark CVE-2021-39242/haproxy as not-affected for stretch and jessie.</li>
<li>Mark CVE-2021-33582/cyrus-imapd as no-dsa for stretch.</li>
<li>Mark CVE-2020-18771/exiv2 as no-dsa for exiv2 for stretch.</li>
<li>Mark CVE-2020-18899/exiv2 as no-dsa for exiv2 for stretch.</li>
<li>Mark CVE-2021-3750/qemu as postponsed for jessie.</li>
<li>Mark CVE-2021-27511/prototypejs as postponsed for jessie.</li>
<li>Mark CVE-2021-23437/pillow as postponed for stretch and jessie.</li>
<li>Auto EOL’ed gpac, cacti, openscad, cgal, cyrus-imapd-2.4, libsolv, mosquitto, atomicparsley, gtkpod, node-tar, libapache2-mod-auth-openidc, neutron, inetutils and linux for jessie.</li>
<li>Drop cpio from ela-needed; open issues don’t warrant an ELA.</li>
<li>Attended monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/08/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in July 2021 https://utkarsh2102.org/posts/foss-in-july-21/Fri, 30 Jul 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-july-21/ <p>Here’s my (twenty-second) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 31st month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>I spent most of my free time on Clubhouse but still did everything I usually do (but did not go much beyond that, really).</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/libjdom1-java">libjdom1-java</a> (1.1.3-2.1) - Fix for <a href="https://security-tracker.debian.org/tracker/CVE-2021-33813">CVE-2021-33813</a>/<a href="https://bugs.debian.org/990672">#990672</a>.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.0.3.7+dfsg-2) - Relax dependecny on ruby-marcel for Bullseye migration.</li>
<li><a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a> (2.7.4-1) - Fix for {<a href="https://security-tracker.debian.org/tracker/CVE-2021-31799">CVE-2021-31799</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-31810">CVE-2021-31810</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-32066">CVE-2021-32066</a>}/<a href="https://bugs.debian.org/990815">#990815</a>.</li>
<li><a href="https://tracker.debian.org/pkg/libpam-tacplus">libpam-tacplus</a> (1.3.8-2.1) - Fix for <a href="https://security-tracker.debian.org/tracker/CVE-2020-13881">CVE-2020-13881</a>/<a href="https://bugs.debian.org/962830">#962830</a> for Debian unstable, a.k.a. sid.</li>
<li><a href="https://tracker.debian.org/pkg/libpam-tacplus">libpam-tacplus</a> (1.3.8-2+deb10u1) - Fix for <a href="https://security-tracker.debian.org/tracker/CVE-2020-13881">CVE-2020-13881</a>/<a href="https://bugs.debian.org/962830">#962830</a> for Debian 10, a.k.a. buster.</li>
<li><a href="https://tracker.debian.org/pkg/libjdom2-java">libjdom2-java</a> (2.0.6-2.1) - Fix for <a href="https://security-tracker.debian.org/tracker/CVE-2021-33813">CVE-2021-33813</a>/<a href="https://bugs.debian.org/990671">#990671</a>.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 6th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I’ve joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>I mostly worked on different things, I guess. But mostly on packaging <a href="https://github.com/utkarsh2102/python-keylime">keylime</a> and some Google Agents upload(s) and SRU(s). Also did a lot of reviewing, et al.</p>
<p>I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from next month onward, as I’ve been doing before. :D</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-second month as a Debian LTS and eleventh month as a Debian ELTS paid contributor.<br>
I was assigned 39.75 hours for LTS and 40.00 hours for ELTS and worked on the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00002.html">DLA 2702-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3630">CVE-2021-3630</a>, for <a href="https://tracker.debian.org/pkg/djvulibre">djvulibre</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.5.27.1-7+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00003.html">DLA 2703-1</a>, fixing <a href="https://bugs.debian.org/908623">bug #908623</a> and <a href="https://bugs.debian.org/932711">bug #932711</a>, for <a href="https://tracker.debian.org/pkg/ieee-data">ieee-data</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 20160613.1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00022.html">DLA 2718-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-24489">CVE-2020-24489</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-24511">CVE-2020-24511</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-24512">CVE-2020-24512</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-24513">CVE-2020-24513</a>, for <a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.20210608.2~deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/08/msg00006.html">DLA 2730-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-13881">CVE-2020-13881</a>, for <a href="https://tracker.debian.org/pkg/libpam-tacplus">libpam-tacplus</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.3.8-2+deb9u1.
<ul>
<li>Also, uploaded <a href="https://tracker.debian.org/news/1245344/accepted-libpam-tacplus-138-21-source-into-unstable/">libpam-tacplus/1.3.8-2.1 to Debian unstable/sid</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-13881">CVE-2020-13881</a>/<a href="https://bugs.debian.org/962830">#962830</a>.</li>
<li>Simultaneously, uploaded <a href="https://tracker.debian.org/news/1245501/accepted-libpam-tacplus-138-2deb10u1-source-amd64-into-proposed-updates-stable-new-proposed-updates/">libpam-tacplus/1.3.8-2+deb10u1 to Debian 10/buster</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-13881">CVE-2020-13881</a>/[#962830](<a href="https://bugs.debian.org/962830">https://bugs.debian.org/962830</a>.</li>
</ul>
</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/08/msg00007.html">DLA 2731-1</a>, though CVEs aren’t assigned yet, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.7.21+dfsg-0+deb9u1.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-465-1-intel-microcode/">ELA 465-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-24489">CVE-2020-24489</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-24511">CVE-2020-24511</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-24512">CVE-2020-24512</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-24513">CVE-2020-24513</a>, for <a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 3.20210608.2~deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-466-1-libjdom1-java/">ELA 466-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33813">CVE-2021-33813</a>, for <a href="https://tracker.debian.org/pkg/libjdom1-java">libjdom1-java</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.1.3-1+deb8u1.
<ul>
<li>Also, uploaded <a href="https://tracker.debian.org/news/1245334/accepted-libjdom1-java-113-21-source-into-unstable/">libjdom1-java/1.1.3-2.1 to Debian unstable/sid</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33813">CVE-2021-33813</a>/<a href="https://bugs.debian.org/990672">#990672</a>.</li>
<li>Simultaneously, uploaded <a href="https://tracker.debian.org/news/1245371/accepted-libjdom2-java-206-21-source-into-unstable/">libjdom2-java/2.0.6-2.1 to Debian unstable/sid</a> fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33813">CVE-2021-33813</a>/<a href="https://bugs.debian.org/990672">#990672</a>.</li>
</ul>
</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-467-1-wordpress/">ELA 467-1</a>, though CVEs aren’t assigned yet, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.
For Debian 8 jessie, these problems have been fixed in version 4.1.33+dfsg-0+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-468-1-libkohana2-php/">ELA 468-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2016-10510">CVE-2016-10510</a>, for <a href="https://tracker.debian.org/pkg/libkohana2-php">libkohana2-php</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.3.4-2+deb8u1.</li>
<li>Started working on src:usermode for fixing <a href="https://bugs.debian.org/991808">bug #991808</a> but will probably fix src:libuser first, since it’s also one of the supported packages.</li>
<li>Started working on exiv2 issues but waiting for more CVEs to be alloted.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 26-07 until 01-08 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/nodejs">nodejs</a>,
<a href="https://tracker.debian.org/pkg/mongodb">mongodb</a>,
<a href="https://tracker.debian.org/pkg/bluez">bluez</a>,
<a href="https://tracker.debian.org/pkg/libmatio">libmatio</a>,
<a href="https://tracker.debian.org/pkg/mbedtls">mbedtls</a>,
<a href="https://tracker.debian.org/pkg/node-url-parse">node-url-parse</a>,
<a href="https://tracker.debian.org/pkg/otrs2">otrs2</a>,
<a href="https://tracker.debian.org/pkg/polipo">polipo</a>,
<a href="https://tracker.debian.org/pkg/ruby-bindata">ruby-bindata</a>,
<a href="https://tracker.debian.org/pkg/util-linux">util-linux</a>,
<a href="https://tracker.debian.org/pkg/exiv2">exiv2</a>,
<a href="https://tracker.debian.org/pkg/ruby2.3">ruby2.3</a>,
<a href="https://tracker.debian.org/pkg/varnish">varnish</a>,
<a href="https://tracker.debian.org/pkg/gdal">gdal</a>,
<a href="https://tracker.debian.org/pkg/prosody">prosody</a>,
<a href="https://tracker.debian.org/pkg/glibc">glibc</a>,
<a href="https://tracker.debian.org/pkg/gdal">gdal</a>,
<a href="https://tracker.debian.org/pkg/rpm">rpm</a>,
<a href="https://tracker.debian.org/pkg/icu">icu</a>,
<a href="https://tracker.debian.org/pkg/ckeditor">ckeditor</a>,
<a href="https://tracker.debian.org/pkg/libvirt">libvirt</a>,
<a href="https://tracker.debian.org/pkg/libjdom1-java">libjdom1-java</a>,
<a href="https://tracker.debian.org/pkg/libjdom2-java">libjdom2-java</a>,
<a href="https://tracker.debian.org/pkg/tesseract">tesseract</a>,
<a href="https://tracker.debian.org/pkg/util-linux">util-linux</a>,
<a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/pillow">pillow</a>,
<a href="https://tracker.debian.org/pkg/tomcat8">tomcat8</a>,
<a href="https://tracker.debian.org/pkg/libcommons-compress-java">libcommons-compress-java</a>,
<a href="https://tracker.debian.org/pkg/389-ds-base">389-ds-base</a>, and
<a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>.</li>
<li>Mark CVE-2021-22930/nodejs as end-of-life for stretch.</li>
<li>Mark CVE-2021-20333/mongodb as end-of-life for stretch.</li>
<li>Mark CVE-2021-3652/389-ds-base as no-dsa for stretch.</li>
<li>Mark CVE-2021-3658/bluez as no-dsa for stretch.</li>
<li>Mark CVE-2020-19497/libmatio as no-dsa for stretch.</li>
<li>Mark CVE-2021-24119/mbedtls as no-dsa for stretch.</li>
<li>Mark CVE-2021-3664/node-url-parse as end-of-life for stretch.</li>
<li>Mark CVE-2021-36091/otrs2 as no-dsa for stretch.</li>
<li>Mark CVE-2021-36092/otrs2 as no-dsa for stretch.</li>
<li>Mark CVE-2020-36420/polipo as ignored for stretch.</li>
<li>Mark CVE-2021-32823/ruby-bindata as no-dsa for stretch.</li>
<li>Mark CVE-2021-37600/util-linux as no-dsa for stretch.</li>
<li>Mark CVE-2019-25050/gdal as not-affected for stretch.</li>
<li>Mark CVE-2021-37601/prosody as not-affected for stretch instead.</li>
<li>Mark CVE-2021-35942/glibc as no-dsa for jessie.</li>
<li>Mark CVE-2021-36081/tesseract as not-affected for jessie.</li>
<li>Mark CVE-2021-35939/rpm as no-dsa for jessie.</li>
<li>Mark CVE-2021-35938/rpm as no-dsa for jessie.</li>
<li>Mark CVE-2021-35937/rpm as no-dsa for jessie.</li>
<li>Mark CVE-2021-30535/icu as not-affected for jessie.</li>
<li>Mark CVE-2021-3667/libvirt as not-affected for jessie.</li>
<li>Mark CVE-2021-3631/libvirt as no-dsa for jessie.</li>
<li>Mark CVE-2021-21391/ckeditor as no-dsa for jessie.</li>
<li>Mark CVE-2021-36090/libcommons-compress-java as no-dsa for jessie.</li>
<li>Mark CVE-2021-3638/qemu as not-affected for jessie.</li>
<li>Mark CVE-2021-34552/pillow as no-dsa for jessie.</li>
<li>Mark CVE-2021-37600/util-linux as no-dsa for jessie.</li>
<li>Mark CVE-2019-25050/gdal as not-affected for jessie.</li>
<li>Mark CVE-2021-3658/bluez as no-dsa for jessie.</li>
<li>Auto EOL’ed tiff, dcraw, libspring-security-2.0-java, rabbitmq-server, unrar-nonfree, darktable, mruby, htslib, ndpi, sam2p, libmatio, webkit2gtk, mongodb, otrs2, nodejs, vlc, jruby, asterisk, drupal7, libapache2-mod-auth-openidc, mosquitto, sylpheed, claws-mail, prosody, libapache2-mod-auth-mellon, and linux for jessie.</li>
<li>Fix version of libjdom2-java’s ELA.</li>
<li>Attended monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/07/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in June 2021 https://utkarsh2102.org/posts/foss-in-june-21/Wed, 30 Jun 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-june-21/ <p>Here’s my (twenty-first) monthly but brief update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 30th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>However, this wasn’t really a good month for mental health. And so apparently lesser work but still more than nothing, heh. :D</p>
<p>As a side note, this month, I spent a lot of time on Clubhouse, the new social audio app, at least in India. (I am sure you’d have heard?) Anyway, I made some friends there; more on that later, maybe? (ik, I say that a lot, but ugh, I’ll get to it!)</p>
<p>Anyway, I did the following stuff in Debian:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:5.2.2.1+dfsg-1+deb10u3) - Fix for <a href="https://security-tracker.debian.org/tracker/CVE-2021-22904">CVE-2021-22885</a>/<a href="https://bugs.debian.org/988214">#988214</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-22904">CVE-2021-22904</a>/<a href="https://bugs.debian.org/988214">#988214</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-22880">CVE-2021-22880</a>.</li>
<li><a href="https://tracker.debian.org/pkg/eterm">eterm</a> (0.9.6-6.1) - Fix <a href="https://security-tracker.debian.org/tracker/CVE-2021-33477">CVE-2021-33477</a>/<a href="https://bugs.debian.org/989041">#989041</a> for Debian unstable, a.k.a. sid.</li>
<li><a href="https://tracker.debian.org/pkg/eterm">eterm</a> (0.9.6-5+deb10u1) - Fix <a href="https://security-tracker.debian.org/tracker/CVE-2021-33477">CVE-2021-33477</a>/<a href="https://bugs.debian.org/989041">#989041</a> for Debian 10, buster.</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.9-1) - New upstream version, v2.0.9.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-httpclient">ruby-httpclient</a> (2.8.3-3) - Disable tests related to <code>HTTP_PROXY</code> as Launchpad builders don’t like them.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 5th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I’ve joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>This month, again, was dedicated to PHP 8.0, transitioning from PHP 7.4 to 8.0.
And finally, I and Bryce were able to complete the transition! \o/</p>
<p>This month, I also became an Ubuntu Core Developer. :D
I’ll write about it in sometime; lol, yet another promise. Heh.</p>
<p>That said, the things that I mostly worked on are:</p>
<h4 id="uploads--syncs">Uploads & Syncs:</h4>
<ul>
<li>[2021-06-01] No-change rebuild for <a href="https://launchpad.net/ubuntu/+source/php-email-validator/3.1.1-2build1">php-email-validator/3.1.1-2build1</a>.</li>
<li>[2021-06-01] <a href="https://launchpad.net/ubuntu/+source/php-cache-integration-tests/0.17.0-1ubuntu1">php-cache-integration-tests/0.17.0-1ubuntu1</a> (fix build w/ symfony & php-twig.</li>
<li>[2021-06-02] <a href="https://launchpad.net/ubuntu/+source/php-league-mime-type-detection/1.5.1+ds-2ubuntu1">php-league-mime-type-detection/1.5.1+ds-2ubuntu1</a> (fix tests w/ PHP 8.0).</li>
<li>[2021-06-02] <a href="https://launchpad.net/ubuntu/+source/php-sabredav/1.8.12-9ubuntu1">php-sabredav/1.8.12-9ubuntu1</a> (fix autopkgtest w/ PHP 8.0).</li>
<li>[2021-06-03] sync-request/php-doctrine-annotations (1.12.1-1) (from experimental) - <a href="https://bugs.launchpad.net/ubuntu/+source/php-doctrine-annotations/+bug/1929738">LP: #1929738</a>.</li>
<li>[2021-06-03] <a href="https://launchpad.net/ubuntu/+source/php-twig/3.3.2-1ubuntu2">php-twig/3.3.2-1ubuntu2</a> (make it build; circular-dependency breakthrough! \o/).</li>
<li>[2021-06-03] <a href="https://launchpad.net/ubuntu/+source/symfony/5.2.6+dfsg-1ubuntu1/">symfony/5.2.6+dfsg-1ubuntu1</a> (make it build; circular-dependency breakthrough! \o/).</li>
<li>[2021-06-04] <a href="https://launchpad.net/ubuntu/+source/php-cache-tag-interop/1.0.1-1ubuntu1">php-cache-tag-interop/1.0.1-1ubuntu1</a> (fix FTBFS w/ Psr/Cache).</li>
<li>[2021-06-04] <a href="https://launchpad.net/ubuntu/+source/php-doctrine-bundle/2.2.3-1ubuntu1">php-doctrine-bundle/2.2.3-1ubuntu1</a> (make it build; circular-test-dependency breakthrough! \o/).</li>
<li>[2021-06-07] <a href="https://launchpad.net/ubuntu/+source/symfony/5.2.6+dfsg-1ubuntu2">symfony/5.2.6+dfsg-1ubuntu2</a> (fix FTBFS & tests w/ PHP 8 & Psr/Cache).</li>
<li>[2021-06-09] No-change rebuild for <a href="https://launchpad.net/ubuntu/+source/phpmyadmin/4:5.0.4+dfsg2-2ubuntu3">phpmyadmin/4:5.0.4+dfsg2-2ubuntu3</a>.</li>
<li>[2021-06-09] <a href="https://launchpad.net/ubuntu/+source/php-twig/3.3.2-1ubuntu3">php-twig/3.3.2-1ubuntu3</a> (re-enable tests & re-add symfony-based extensions).</li>
<li>[2021-06-11] No-change rebuild for <a href="https://launchpad.net/ubuntu/+source/zeroc-ice/3.7.5-2build1">zeroc-ice/3.7.5-2build1</a>.</li>
<li>[2021-06-11] No-change rebuild for <a href="https://launchpad.net/ubuntu/+source/php-uopz/6.1.2-4build2">php-uopz/6.1.2-4build2</a>.</li>
<li>[2021-06-17] <a href="https://launchpad.net/ubuntu/+source/php-text-captcha/1.0.2-8ubuntu1">php-text-captcha/1.0.2-8ubuntu1</a> (fix FTBFS w/ PHP 8).</li>
<li>[2021-06-17] <a href="https://launchpad.net/ubuntu/+source/php-imagick/3.4.4+php8.0+3.4.4-2+deb11u2ubuntu1">php-imagick/3.4.4+php8.0+3.4.4-2+deb11u2ubuntu1</a> (fix FTBFS w/ PHP 8).</li>
<li>[2021-06-18] sync’d/doctrine (<a href="https://launchpad.net/ubuntu/+source/doctrine/2.8.4+dfsg-1">2.8.4+dfsg-1</a>) (from experimental).</li>
<li>[2021-06-18] <a href="https://launchpad.net/ubuntu/+source/php-symfony-security-acl/3.1.1-1ubuntu1">php-symfony-security-acl/3.1.1-1ubuntu1</a> (fix FTBFS w/ PHP 8).</li>
<li>[2021-06-19] <a href="https://launchpad.net/ubuntu/+source/phpmyadmin/4:5.0.4+dfsg2-2ubuntu5">phpmyadmin/4:5.0.4+dfsg2-2ubuntu5</a> (fix uninstallability issues for php-defaults).</li>
<li>[2021-06-19] <a href="https://launchpad.net/ubuntu/+source/php-zend-stdlib/3.3.1-3ubuntu1">php-zend-stdlib/3.3.1-3ubuntu1</a> (fix tests w/ PHP 8).</li>
<li>[2021-06-21] <a href="https://launchpad.net/ubuntu/+source/phpseclib/1.0.19-3ubuntu2">phpseclib/1.0.19-3ubuntu2</a> (fix build & tests w/ PHP 8).</li>
<li>[2021-06-22] filed hints w/ Iain (laney) to make php-defaults migrate - <a href="https://code.launchpad.net/~utkarsh/britney/+git/britney/+merge/404519">MP #404519</a>.</li>
<li>[2021-06-23] announced the end of PHP 8.0’s successful tranisition on ubuntu-devel@. Thread <a href="https://lists.ubuntu.com/archives/ubuntu-devel/2021-June/041519.html">here</a>! \o/</li>
</ul>
<h4 id="1-maintenance">+1 Maintenance:</h4>
<ul>
<li>Shadowed Christian Ehrhardt on his +1. My report <a href="https://lists.ubuntu.com/archives/ubuntu-devel/2021-June/041512.html">here</a>.
<ul>
<li>Added hints for schleuder; <a href="https://code.launchpad.net/~utkarsh/britney/+git/britney/+merge/404025">MP #404025</a>.</li>
<li>Fixed <a href="https://tracker.debian.org/news/1242716/accepted-ruby-httpclient-283-3-source-into-unstable/">ruby-httpclient via 2.8.3-3</a> in Debian.</li>
<li>Requested removal of ruby-gitlab-pg-query from Impish (-proposed) - <a href="https://bugs.launchpad.net/ubuntu/+source/ruby-gitlab-pg-query/+bug/1931257">LP: #1931257</a>.</li>
<li>Re-triggered python-django-debug-toolbar/1:3.2.1-1 for amd64 and it passed & migrated.</li>
<li>Fixed <a href="https://tracker.debian.org/news/1242685/accepted-ruby-rails-html-sanitizer-130-2-source-into-unstable/">ruby-rails-html-sanitizer via 1.3.0-2</a> in Debian to make it work with newer API of ruby-loofah.</li>
<li>Re-triggered ruby-stackprof with glibc as triggers on amd64; it passed & unblocked glibc.</li>
<li>Re-triggered ruby-ferret with glibc as triggers on amd64; it passed & unblocked glibc.</li>
<li>Re-triggered ruby-hiredis with glibc as triggers on armhf; it passed & unblocked glibc.</li>
<li>Added hints for ruby-excon on s390x; <a href="https://code.launchpad.net/~utkarsh/britney/+git/britney/+merge/404113">MP #404113</a>.</li>
</ul>
</li>
</ul>
<h4 id="seed-operations">Seed Operations:</h4>
<ul>
<li>[2021-06-01] MP #403562/prips for Impish - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/403562">MP: #403562</a>.
<ul>
<li>[2021-06-02] MP #403602/prips for Hirsute - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/403602">MP: #403602</a>.</li>
<li>[2021-06-02] MP #403603/prips for Groovy - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/403603">MP: #403603</a>.</li>
<li>[2021-06-02] MP #403604/prips for Focal - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/403604">MP: #403604</a>.</li>
<li>[2021-06-02] MP #403605/prips for Bionic - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/403605">MP: #403605</a>.</li>
</ul>
</li>
<li>[2021-06-17] MP #404326/python-aws-requests-auth for Impish - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/404326">MP #404326</a>.
<ul>
<li>[2021-06-22] MP #404489/python-aws-requests-auth for Hirsute - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/404489">MP #404489</a>.</li>
<li>[2021-06-22] MP #404490/python-aws-requests-auth for Groovy - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/404490">MP #404490</a>.</li>
<li>[2021-06-22] MP #404491/python-aws-requests-auth for Focal - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/404491">MP #404491</a>.</li>
<li>[2021-06-22] MP #404492/python-aws-requests-auth for Bionic - <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/404492">MP #404492</a>.</li>
</ul>
</li>
</ul>
<h4 id="bug-triages">Bug Triages:</h4>
<ul>
<li>[2021-06-04] <a href="https://lists.ubuntu.com/archives/ubuntu-server/2021-June/008838.html">Friday bug triage</a>.</li>
<li>[2021-06-14] <a href="https://lists.ubuntu.com/archives/ubuntu-server/2021-June/008849.html">Friday bug triage</a>.</li>
<li>[2021-06-18] <a href="https://lists.ubuntu.com/archives/ubuntu-server/2021-June/008856.html">Friday bug triage</a>.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twenty-first month as a Debian LTS and eleventh month as a Debian ELTS paid contributor.<br>
I was assigned 40.00 hours for LTS and 40.00 hours for ELTS and worked on the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/05/msg00025.html">DLA 2670-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-23017">CVE-2021-23017</a>, for <a href="https://tracker.debian.org/pkg/nginx">nginx</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.10.3-1+deb9u6.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/05/msg00026.html">DLA 2671-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33477">CVE-2021-33477</a>, for <a href="https://tracker.debian.org/pkg/rxvt-unicode">rxvt-unicode</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 9.22-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/06/msg00010.html">DLA 2681-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33477">CVE-2021-33477</a>, for <a href="https://tracker.debian.org/pkg/eterm">eterm</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.9.6-5+deb9u1.</li>
<li>Prepped and uploaded a fix for <a href="https://security-tracker.debian.org/tracker/CVE-2021-33477">CVE-2021-33477</a> to Debian unstable. News <a href="https://tracker.debian.org/news/1242592/accepted-eterm-096-61-source-into-unstable/">here</a>.<br>
For Debian unstable, these problems have been fixed in version 0.9.6-6.1.</li>
<li>Prepped and uploaded a fix for <a href="https://security-tracker.debian.org/tracker/CVE-2021-33477">CVE-2021-33477</a> to Debian buster-pu. News <a href="https://tracker.debian.org/news/1242616/accepted-eterm-096-5deb10u1-source-into-proposed-updates-stable-new-proposed-updates/">here</a>.<br>
For Debian 10 buster, these problems have been fixed in version 0.9.6-5+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/06/msg00011.html">DLA 2682-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-33477">CVE-2021-33477</a>, for <a href="https://tracker.debian.org/pkg/mrxvt">mrxvt</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.5.4-2+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/06/msg00012.html">DLA 2683-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2017-7483">CVE-2017-7483</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-33477">CVE-2021-33477</a>, for <a href="https://tracker.debian.org/pkg/rxvt">rxvt</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1:2.7.10-7+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/07/msg00000.html">DLA 2700-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-19630">CVE-2019-19630</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20308">CVE-2021-20308</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23158">CVE-2021-23158</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23165">CVE-2021-23165</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23180">CVE-2021-23180</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23191">CVE-2021-23191</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23206">CVE-2021-23206</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-26252">CVE-2021-26252</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-26259">CVE-2021-26259</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-26948">CVE-2021-26948</a>, for <a href="https://tracker.debian.org/pkg/htmldoc">htmldoc</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.8.27-8+deb9u1.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-437-1-nginx/">ELA 437-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-23017">CVE-2021-23017</a>, for <a href="https://tracker.debian.org/pkg/nginx">nginx</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.6.2-5+deb8u8.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-448-1-cloud-int/">ELA 448-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3429">CVE-2021-3429</a>, for <a href="https://tracker.debian.org/pkg/cloud-int">cloud-int</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.7.6~bzr976-2+deb8u3.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-451-1-htmldoc/">ELA 451-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-20308">CVE-2021-20308</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23158">CVE-2021-23158</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23165">CVE-2021-23165</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23180">CVE-2021-23180</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23191">CVE-2021-23191</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23206">CVE-2021-23206</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-26252">CVE-2021-26252</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-26259">CVE-2021-26259</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-26948">CVE-2021-26948</a>, for <a href="https://tracker.debian.org/pkg/htmldoc">htmldoc</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.8.27-8+deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-452-1-python-pip/">ELA 452-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3572">CVE-2021-3572</a>, for <a href="https://tracker.debian.org/pkg/python-pip">python-pip</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.5.6-5+deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-454-1-djvulibre/">ELA 454-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3630">CVE-2021-3630</a>, for <a href="https://tracker.debian.org/pkg/djvulibre">djvulibre</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 3.5.25.4-4+deb8u4.</li>
<li>Started working on intel-microcode fixes; have been waiting to see if there are any regressions noticed on sid, bullseye, and buster. Except for 0x906ea processors, everything seems fine so far, at least.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 28-06 until 04-07 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/rails">rails</a>,
<a href="https://tracker.debian.org/pkg/nginx">nginx</a>,
<a href="https://tracker.debian.org/pkg/eterm">eterm</a>,
<a href="https://tracker.debian.org/pkg/mrxvt">mrxvt</a>,
<a href="https://tracker.debian.org/pkg/rxvt">rxvt</a>,
<a href="https://tracker.debian.org/pkg/ieee-data">ieee-data</a>,
<a href="https://tracker.debian.org/pkg/cloud-init">cloud-init</a>,
<a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>,
<a href="https://tracker.debian.org/pkg/htmldoc">htmldoc</a>,
<a href="https://tracker.debian.org/pkg/djvulibre">djvulibre</a>,
<a href="https://tracker.debian.org/pkg/composter">composter</a>, and
<a href="https://tracker.debian.org/pkg/curl">curl</a>.</li>
<li>Mark CVE-2021-30535/icu as not-affected for stretch.</li>
<li>Mark CVE-2017-7483 as fixed via +deb9u2 upload.</li>
<li>Auto EOL’ed unrar-nonfree, darktable, mruby, htslib, ndpi, dcraw, libspring-security-2.0-java, rabbitmq-server, and linux for jessie.</li>
<li>[LTS] Discussed ieee-data’s fix for LTS. Thread <a href="https://lists.debian.org/debian-lts/2021/06/msg00004.html">here</a>.</li>
<li>[ELTS] Discussed cloud-init’s logs w/ Raphael and ask for a rebuild.</li>
<li>[(E)LTS] Discussed intel-microcode’s status w/ the maintainer and track regressions, et al.</li>
<li>[(E)LTS] Discussed htmldoc’s situation; about upgrade problems and prep a fix for that.</li>
<li>Attended monthly Debian LTS meeting.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/06/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> Graduating, from bedroom, on a random Tuesday afternoon! https://utkarsh2102.org/posts/graduating-in-lockdown/Tue, 15 Jun 2021 22:00:00 +0530 https://utkarsh2102.org/posts/graduating-in-lockdown/ <p>Whilst lockdown has made a lot of things go “remote”, never had I thought that so would be
my graduation! Completing my undergrad, from bedroom, on a random Tuesday afternoon is a
different feeling altogether. I am not even sure if things have sunk in yet?</p>
<p>[…]</p>
<h2 id="the-news">The News</h2>
<figure>
<img src="https://utkarsh2102.org/images/canonical-small-logo.png"/>
</figure>
<p>I joined <a href="https://canonical.com/">Canonical</a>, this February, to work on Ubuntu full-time! \o/<br>
Those who know, they know that this is really very exciting for me because Canonical has
been a dream company for me, for real (more about this below!). And hey, this is my first
job, <strong>ever</strong>, so all the more reason to be psyched about, isn’t it? ^_^</p>
<p>P.S. Keep reading and we’ll meet my <em>squad</em> really sooon!</p>
<h2 id="the-story">The Story</h2>
<p>Being an undergrad student (batch 2017-2021), I’ve been <em>slightly</em> worried during my last
two semesters, naturally, thinking about how’s it all gonna pan out and what will I be doing,
et al, because I’ve been seeing all my friends and batchmates getting “placed” in companies
or going for masters or at least having some sort of “plans” for their future and I, on the
other hand, was hopelessly clueless. :D</p>
<p>Well, to be fair, I did <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a> twice,
in <a href="https://summerofcode.withgoogle.com/archive/2019/projects/6014695855620096/">2019</a> and
<a href="https://summerofcode.withgoogle.com/archive/2020/projects/4736285727522816/">2020</a>, became a
<a href="https://wiki.debian.org/DebianDeveloper">Debian Developer</a> in 2019, been a part of
<a href="https://codein.withgoogle.com/">GCI</a> and <a href="https://www.outreachy.org/">Outreachy</a>, contributed
to over dozens of open-source projects, et al, et al. So I wasn’t all completely “hopeless”
but for sure was completely “clueless”, heh.</p>
<p>And for full disclosure, I was <em>only</em> slightly panicking because firstly, I <strong>did</strong> get placed
in several companies and secondly, I didn’t really need a job immediately since I was already
getting paid to work on Debian stuff by Freexian, which was good enough. :)<br>
(and honestly, Freexian has my whole heart! 😭❤️️ - more on that later sometime.)</p>
<p>But that’s not the point. I was still confused and worried and my mom & dad, more so than
anyone. Ugh. We were all figuring out and she asked me places that I was interested to work
in. And whilst I wasn’t clear about things I wanted to do (and still am!) but I was (very)
clear about this and so I told her about Canonical and also did tell her that it’s a bit too
ambitious for me to think about it now so I’ll probably apply after some experience or something.</p>
<p>…and as they say, the world works in mysterious ways and well, it did for me! So back during
the Ruby sprints (Feb ‘20), Kanashiro, <strong>the</strong> guy (😄), mentioned that his team was hiring and
has a vacant position <em>but</em> I won’t be eligible since I was still in my junior year. It was
since then I’ve been actively praying for Cronus, the god of time, to wave his magic wand and
align it in such a way that the next opening should be somewhere near my graduation. And guess
what? IT HAPPENED! 🙊</p>
<p>9 months later, in November ‘20, Kanashiro told me his team is hiring yet again and that I
could apply this time! Without much (since there was “some”) delay, I applied and started
asking all sorts of questions to Kanashiro. No words are enough for him, he literally helped
me throughout the process; from referring me to answering all sorts of doubts I had! 😭❤️️</p>
<p>And roughly after 2½ months of interviewing, et al, my “ambitious dream” did come true and I
finalyyyy signed my contract! \o/<br>
(the interview process and what went on during those 10 weeks is a story for later ;))</p>
<h2 id="the-server-team-o">The Server Team! \o</h2>
<p>This position, which I didn’t mention earlier, was for the “Server Team” which is a team of
15 people, working to make Ubuntu server the best! And as I
<a href="https://twitter.com/utkarsh2102/status/1383420034467332107">tweeted</a> sometime back, the team
is absolutely lovely, super kind, and consists of the best of teammates one could possibly
ask for! 🥰</p>
<p>Here’s a quick sneak peek into our weekly team meeting. Thanks to
<a href="https://twitter.com/rafaeldtinoco">Rafael</a> for taking such a lovely picture. And yes,
<del>the cat</del> Luna is a part of our squad! 🐾</p>
<p><img src="https://utkarsh2102.org/images/server-team-meeting-cat.jpg#center" alt=""></p>
<p>And oh, did I mention that we’re completely remote and distributed?<br>
<strong>FUN FACT</strong>: Our team covers all the TZs, that is, at any point of time (during weekdays),
you’ll find someone or the other from the team around! \o/</p>
<p>Anyway, our squad, managed by Rick is divided into two halves: <strong>Squeaky Wheels</strong> and
<strong>Table Flip</strong>. Cool names, right?<br>
Squeaky Wheels does the distro side of stuff and consists of Christian, Andreas, Rafael, Robie,
Bryce, Sergio, Kanashiro, Athos, and now myself as well! And OTOH, Table Flip consists of Dan,
Chad, Paride, Lucas, James, and Grant.</p>
<p>Even though I interact w/ Squeaky Wheels more (basically daily), each of my teammates is
absolutely lovely and equally awesome!</p>
<p>Whilst I’ll talk more about things here in the upcoming months, this is it for now! If there’s
anything, in particular, you’d like to know more about, let me know!</p>
<p>And lastly, here’s us vibing our way through, making Ubuntu server better, ‘cause that’s how
we roll! 😎</p>
<p><img src="https://utkarsh2102.org/images/server-team-vibing-small.gif#center" alt=""></p>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in May 2021 https://utkarsh2102.org/posts/foss-in-may-21/Sun, 30 May 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-may-21/ <p>Here’s my (twentieth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 29th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Interesting month, surprisingly. Lots of things happening and lots of moving parts; becoming the “new normal”, I believe.
Anyhow, working on Ubuntu full-time has its own advantage and one of them is being able to work on Debian stuff! 🥰</p>
<p>So whilst I couldn’t upload a lot of packages because of the freeze, here’s what I worked on:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby-rack-cors">ruby-rack-cors</a> (1.0.2-1+deb10u1) - Fix for <a href="https://security-tracker.debian.org/tracker/CVE-2019-18978">CVE-2019-18978</a>/<a href="https://bugs.debian.org/944849">#944849</a>.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.0.3.7+dfsg-1) - New upstream version, fixing {<a href="https://security-tracker.debian.org/tracker/CVE-2021-22904">CVE-2021-22904</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-22902">CVE-2021-22902</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-22885">CVE-2021-22885</a>}/<a href="https://bugs.debian.org/988214">#988214</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-marcel">ruby-marcel</a> (1.0.1+dfsg-2) - Upload to unstable for rails.</li>
<li><a href="https://tracker.debian.org/pkg/python-aws-requests-auth">python-aws-requests-auth</a> (0.4.3-2) - Enable build-time tests.</li>
<li><a href="https://tracker.debian.org/pkg/gist">gist</a> (6.0.0-2) - Add patch to skip test when <code>$HTTP_PROXY</code> isn’t set.</li>
<li><a href="https://tracker.debian.org/pkg/php-cache-lite">php-cache-lite</a> (1.8.3-1) - New upstream version, fixing FTBFS w/ PHP 8.0.</li>
<li>Sponsored upload of <a href="https://tracker.debian.org/pkg/htmldoc">htmldoc</a> (1.9.3-1+deb10u1) to <a href="https://tracker.debian.org/news/1241189/accepted-htmldoc-193-1deb10u1-source-all-amd64-into-proposed-updates-stable-new-proposed-updates/">buster-pu</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-19630">CVE-2019-19630</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-20308">CVE-2021-20308</a> for Håvard Flaget Aasen.</li>
<li>Sponsored upload of <a href="https://tracker.debian.org/pkg/libbusiness-us-usps-webtools-perl">libbusiness-us-usps-webtools-perl</a> (1.125-1) to <a href="https://tracker.debian.org/news/1241495/accepted-libbusiness-us-usps-webtools-perl-1125-1-source-into-unstable/">unstable</a>, fixing <a href="https://bugs.debian.org/988330">#988330</a> for Yadd.</li>
<li>Sponsored upload of <a href="https://tracker.debian.org/pkg/radsecproxy">radsecproxy</a> (1.8.2-4) to <a href="https://tracker.debian.org/news/1241891/accepted-radsecproxy-182-4-source-into-unstable/">unstable</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-32642">CVE-2021-32642</a> for Sven Hartge.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers and assisting people in BSP.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="ubuntu">Ubuntu</h2>
<figure>
<img src="https://utkarsh2102.org/images/ubuntu-logo-small.png"/>
</figure>
<p>This was my 4th month of actively contributing to <a href="https://ubuntu.com/about">Ubuntu</a>.
Now that I’ve joined <a href="https://utkarsh2102.org/posts/hello-canonical/">Canonical to work on Ubuntu full-time</a>, there’s a bunch of things I do! \o/</p>
<p>This month, by all means, was dedicated mostly to PHP 8.0, transitioning from PHP 7.4 to 8.0.
Naturally, it had so many moving parts and moments of utmost frustration, shared w/ Bryce. :D</p>
<p>So even though I can’t upload anything, I worked on the following stuff & asked for sponsorship.<br>
But before, I’d like to take a moment to stress how kind and awesome <a href="https://launchpad.net/~costamagnagianfranco">Gianfranco Costamagna</a>,
a.k.a. <a href="https://nm.debian.org/person/locutusofborg">LocutusOfBorg</a> is! He’s been sponsoring a
bunch of my things & helping with re-triggers, et al. Thanks a bunch, Gianfranco; beers on me
whenever we meet! 🍻</p>
<h4 id="merges">Merges:</h4>
<ul>
<li>[2021-05-05] <a href="https://code.launchpad.net/~utkarsh/ubuntu/+source/ruby2.7/+git/ruby2.7/+merge/402253">ruby2.7 (2.7.3-2ubuntu1)</a>.</li>
<li>[2021-05-11] <a href="https://code.launchpad.net/~utkarsh/ubuntu/+source/exim4/+git/exim4/+merge/402442">exim4 (4.94.2-2ubuntu1)</a>.</li>
<li>[2021-05-17] <a href="https://code.launchpad.net/~utkarsh/ubuntu/+source/openvpn/+git/openvpn/+merge/402809">openvpn (2.5.1-3ubuntu1)</a>.</li>
<li>[2021-05-19] <a href="https://code.launchpad.net/~utkarsh/ubuntu/+source/autofs/+git/autofs/+merge/398955">autofs (5.1.7-1)</a>.</li>
<li>[2021-05-25] <a href="https://code.launchpad.net/~utkarsh/ubuntu/+source/xterm/+git/xterm/+merge/403238">xterm (366-1ubuntu1)</a>.</li>
</ul>
<h4 id="uploads--syncs">Uploads & Syncs:</h4>
<ul>
<li>[2021-05-20] <a href="https://launchpad.net/ubuntu/+source/php-net-url2/2.2.1-0.2build2">php-net-url2/2.2.1-0.2build2</a> - no-change rebuild.</li>
<li>[2021-05-26] <a href="https://code.launchpad.net/~utkarsh/ubuntu/+source/phpmyadmin/+git/phpmyadmin/+merge/403226">phpmyadmin/4:5.0.4+dfsg2-2ubuntu1</a> - fix build w/ PHP 8.</li>
<li>[2021-05-26] <a href="https://bugs.launchpad.net/ubuntu/+source/php-async-aws-core/+bug/1929692">php-async-aws-core/1.7.2-1build1</a> - no-change rebuild.</li>
<li>[2021-05-26] <a href="https://bugs.launchpad.net/ubuntu/+source/php-async-aws-ses/+bug/1929692">php-async-aws-ses/1.3.0-1build1</a> - no-change rebuild.</li>
<li>[2021-05-26] <a href="https://bugs.launchpad.net/ubuntu/+source/php-async-aws-sqs/+bug/1929692">php-async-aws-sqs/1.3.2-1build1</a> - no-change rebuild.</li>
<li>[2021-05-26] <a href="https://bugs.launchpad.net/ubuntu/+source/php-http-interop-http-factory-tests/+bug/1929692">php-http-interop-http-factory-tests/0.9.0-1build1</a> - no-change rebuild.</li>
<li>[2021-05-26] <a href="https://bugs.launchpad.net/ubuntu/+source/php-twig/+bug/1929738">php-twig/3.3.2-1</a> - sync’d from experimental.</li>
<li>[2021-05-26] <a href="https://launchpad.net/ubuntu/+source/php-doctrine-cache/1.10.2-2ubuntu1">php-doctrine-cache/1.10.2-2ubuntu1</a> - fix build w/ PHP 8.</li>
<li>[2021-05-26] <a href="https://bugs.launchpad.net/ubuntu/+source/php-symfony-contracts/+bug/1929738">php-symfony-contracts/2.4.0-1</a> - sync’d from experimental.</li>
<li>[2021-05-26] <a href="https://launchpad.net/ubuntu/+source/php-phpseclib/2.0.30-2ubuntu1">php-phpseclib/2.0.30-2ubuntu1</a> - fix build w/ PHP 8.</li>
<li>[2021-05-27] <a href="https://bugs.launchpad.net/ubuntu/+source/php-email-validator/+bug/1929738">php-email-validator/3.1.1-2</a> - sync’d from experimental.</li>
<li>[2021-05-27] <a href="https://bugs.launchpad.net/ubuntu/+source/php-async-aws-core/+bug/1929738">php-async-aws-core/1.10.0-1</a> - sync’d from experimental.</li>
<li>[2021-05-27] <a href="https://bugs.launchpad.net/ubuntu/+source/php-async-aws-ses/+bug/1929738">php-async-aws-ses/1.4.0-1</a> - sync’d from experimental.</li>
<li>[2021-05-27] <a href="https://bugs.launchpad.net/ubuntu/+source/php-async-aws-sqs/+bug/1929738">php-async-aws-sqs/1.5.0-1</a> - sync’d from experimental.</li>
<li>[2021-05-27] <a href="https://launchpad.net/ubuntu/+source/libphp-swiftmailer/6.2.4-1ubuntu1">libphp-swiftmailer/6.2.4-1ubuntu1</a> - fix build w/ PHP 8.</li>
<li>[2021-05-27] <a href="https://bugs.launchpad.net/ubuntu/+source/phpunit/+bug/1929738">phpunit/9.5.4-1</a> - sync’d from experimental.</li>
<li>[2021-05-27] <a href="https://bugs.launchpad.net/ubuntu/+source/php-psr-cache/+bug/1929738">php-psr-cache/3.0.0-1</a> - sync’d from experimental.</li>
<li>[2021-05-27] <a href="https://bugs.launchpad.net/ubuntu/+source/php-psr-container/+bug/1929738">php-psr-container/2.0.1-1</a> - sync’d from experimental.</li>
<li>[2021-05-28] <a href="https://launchpad.net/ubuntu/+source/php-wmerrors/2.0.0~git20190628.183ef7d-2ubuntu1">php-wmerrors/2.0.0~git20190628.183ef7d-2ubuntu1</a> - fix build w/ PHP 8.</li>
<li>[2021-05-28] <a href="https://bugs.launchpad.net/ubuntu/+source/php-monolog/+bug/1929738">php-monolog/2.2.0-1</a> - sync’d from experimental.</li>
<li>[2021-05-28] <a href="https://bugs.launchpad.net/ubuntu/+source/php-amqplib/+bug/1929738">php-amqplib/3.0.0-1</a> - sync’d from experimental.</li>
<li>[2021-05-28] <a href="https://tracker.debian.org/news/1241923/accepted-php-cache-lite-183-1-source-into-experimental/">php-cache-lite/1.8.3-1</a> - uploaded to Debian.</li>
<li>[2021-05-28] <a href="https://bugs.launchpad.net/ubuntu/+source/php-cache-lite/+bug/1929738">php-cache-lite/1.8.3-1</a> - sync’d from experimental.</li>
<li>[2021-05-29] <a href="https://launchpad.net/ubuntu/+source/php-symfony-contracts/2.4.0-1ubuntu1">php-symfony-contracts/2.4.0-1ubuntu1</a> - fix build w/ PHP 8.</li>
<li>[2021-05-31] <a href="https://launchpad.net/ubuntu/+source/php-symfony-contracts/2.4.0-1ubuntu2">php-symfony-contracts/2.4.0-1ubuntu2</a> - fix build w/ php-cache-container.</li>
</ul>
<h4 id="mirs">MIRs:</h4>
<ul>
<li>[2021-05-16] <a href="https://bugs.launchpad.net/ubuntu/+source/python-aws-requests-auth/+bug/1915445">LP: #1915445/python-aws-requests-auth</a>.</li>
<li>[2021-05-20] <a href="https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1152187/comments/19">LP: #1152187/systemd-container</a>.</li>
<li>[2021-05-31] <a href="https://bugs.launchpad.net/ubuntu/+source/prips/+bug/1930207">LP: #1930207/prips</a>.</li>
</ul>
<h4 id="seed-operations">Seed Operations:</h4>
<ul>
<li>[2021-05-31] <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/403505">MP #403505/systemd-container for Bionic</a>.</li>
<li>[2021-06-01] <a href="https://code.launchpad.net/~utkarsh/ubuntu-seeds/+git/ubuntu-seeds/+merge/403562">MP #403562/prips for Impish</a>.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twentieth month as a Debian LTS and eleventh month as a Debian ELTS paid contributor.<br>
I was assigned 29.75 hours for LTS and 40.00 hours for ELTS and worked on the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/05/msg00009.html">DLA 2654-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-29472">CVE-2021-29472</a>, for <a href="https://tracker.debian.org/pkg/composer">composer</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.2.2-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/05/msg00010.html">DLA 2655-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-22885">CVE-2021-22885</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-22904">CVE-2021-22904</a>, for <a href="https://tracker.debian.org/pkg/rails">rails</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2:4.2.7.1-1+deb9u5.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/05/msg00011.html">DLA 2656-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3504">CVE-2021-3504</a>, for <a href="https://tracker.debian.org/pkg/hivex">hivex</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.3.13-2+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/05/msg00014.html">DLA 2659-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-10196">CVE-2018-10196</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-18032">CVE-2020-18032</a>, for <a href="https://tracker.debian.org/pkg/graphviz">graphviz</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.38.0-17+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/05/msg00017.html">DLA 2662-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-32027">CVE-2021-32027</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-32028">CVE-2021-32028</a>, for <a href="https://tracker.debian.org/pkg/postgresql-9.6">postgresql-9.6</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 9.6.22-0+deb9u1. This update for done by the maintainer, Christoph Berg. I just took care of announcing and publishing the update.</li>
<li>Uploaded <a href="https://tracker.debian.org/news/1241341/accepted-ruby-rack-cors-102-1deb10u1-source-all-into-stable-embargoed-stable/">ruby-rack-cors</a> to buster-security, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-18978">CVE-2019-18978</a>.
For Debian 10 buster, these problems have been fixed in version 1.0.2-1+deb10u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html">DLA 2663-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-22204">CVE-2021-22204</a>, for <a href="https://tracker.debian.org/pkg/libimage-exiftool-perl">libimage-exiftool-perl</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 10.40-1+deb9u1.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-425-1-rails/">ELA 425-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-22885">CVE-2021-22885</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-22904">CVE-2021-22904</a>, for <a href="https://tracker.debian.org/pkg/rails">rails</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2:4.1.8-1+deb8u9.</li>
<li>Uploaded <a href="https://tracker.debian.org/news/1241147/accepted-rails-26037dfsg-1-source-into-unstable/">rails</a> to unstable, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-22885">CVE-2021-22885</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-22902">CVE-2021-22902</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-22904">CVE-2021-22904</a>.<br>
For Debian sid, these problems have been fixed in version 2:6.0.3.7+dfsg-1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-426-1-hivex/">ELA 426-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3504">CVE-2021-3504</a>, for <a href="https://tracker.debian.org/pkg/hivex">hivex</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.3.10-2+deb8u3.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-428-1-graphviz/">ELA 428-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-10196">CVE-2018-10196</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-18032">CVE-2020-18032</a>, for <a href="https://tracker.debian.org/pkg/graphviz">graphviz</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.38.0-7+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-430-1-libimage-exiftool-perl/">ELA 430-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-22204">CVE-2021-22204</a>, for <a href="https://tracker.debian.org/pkg/libimage-exiftool-perl">libimage-exiftool-perl</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 9.74-1+deb8u1.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 24-05 until 30-05 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/rails">rails</a>,
<a href="https://tracker.debian.org/pkg/libimage-exiftool-perl">libimage-exiftool-perl</a>,
<a href="https://tracker.debian.org/pkg/hivex">hivex</a>,
<a href="https://tracker.debian.org/pkg/graphviz">graphviz</a>,
<a href="https://tracker.debian.org/pkg/glibc">glibc</a>,
<a href="https://tracker.debian.org/pkg/libexosip2">libexosip2</a>,
<a href="https://tracker.debian.org/pkg/impacket">impacket</a>,
<a href="https://tracker.debian.org/pkg/node-ws">node-ws</a>,
<a href="https://tracker.debian.org/pkg/thunar">thunar</a>,
<a href="https://tracker.debian.org/pkg/libgrss">libgrss</a>,
<a href="https://tracker.debian.org/pkg/nginx">nginx</a>,
<a href="https://tracker.debian.org/pkg/postgresql-9.6">postgresql-9.6</a>,
<a href="https://tracker.debian.org/pkg/ffmpeg">ffmpeg</a>,
<a href="https://tracker.debian.org/pkg/composter">composter</a>, and
<a href="https://tracker.debian.org/pkg/curl">curl</a>.</li>
<li>Mark CVE-2019-9904/graphviz as ignored for stretch and jessie.</li>
<li>Mark CVE-2021-32029/postgresql-9.6 as not-affected for stretch.</li>
<li>Mark CVE-2020-24020/ffmpeg as not-affected for stretch.</li>
<li>Mark CVE-2020-22020/ffmpeg as postponed for stretch.</li>
<li>Mark CVE-2020-22015/ffmpeg as ignored for stretch.</li>
<li>Mark CVE-2020-21041/ffmpeg as postponed for stretch.</li>
<li>Mark CVE-2021-33574/glibc as no-dsa for stretch & jessie.</li>
<li>Mark CVE-2021-31800/impacket as no-dsa for stretch.</li>
<li>Mark CVE-2021-32611/libexosip2 as no-dsa for stretch.</li>
<li>Mark CVE-2016-20011/libgrss as ignored for stretch.</li>
<li>Mark CVE-2021-32640/node-ws as no-dsa for stretch.</li>
<li>Mark CVE-2021-32563/thunar as no-dsa for stretch.</li>
<li>[LTS] Help test and review bind9 update for Emilio.</li>
<li>[LTS] Suggest and add DEP8 tests for bind9 for stretch.</li>
<li>[LTS] Sponsored upload of htmldoc to buster for Havard as a consequence of <a href="https://bugs.debian.org/988289">#988289</a>.</li>
<li>[ELTS] Fix triage order for jetty and graphviz.</li>
<li>[ELTS] Raise issue upstream about cloud-init; mock tests instead.</li>
<li>[ELTS] Write to private ELTS list about triage ordering.</li>
<li>[ELTS] Review Emilio’s new script and write back feedback, mentioning extra file created, et al.</li>
<li>[ELTS/LTS] Raise upgrade problems from LTS -> LTS+1 to the list. Thread <a href="https://lists.debian.org/debian-lts/2021/05/msg00021.html">here</a>.
<ul>
<li>Further help review and raise problems that could occur, et al.</li>
</ul>
</li>
<li>[LTS] Help explain path forward for firmware-nonfree update to Ola. Thread <a href="https://lists.debian.org/debian-lts/2021/05/msg00030.html">here</a>.</li>
<li>[ELTS] Revert entries of TEMP-0000000-16B7E7 and TEMP-0000000-1C4729; CVEs assigned & fix ELTS tracker build.</li>
<li>Auto EOL’ed linux, libgrss, node-ws, and inspircd for jessie.</li>
<li>Attended monthly Debian LTS meeting, which didn’t happen, heh.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/05/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> Hello, Canonical! o/ https://utkarsh2102.org/posts/hello-canonical/Sat, 15 May 2021 11:11:11 +0530 https://utkarsh2102.org/posts/hello-canonical/ <p>Today marks the <strong>90th</strong> day of me joining Canonical to work on Ubuntu full-time! So since
it’s been a while already, this blog post is long due. :)</p>
<h2 id="the-news">The News</h2>
<figure>
<img src="https://utkarsh2102.org/images/canonical-small-logo.png"/>
</figure>
<p>I joined <a href="https://canonical.com/">Canonical</a>, this February, to work on Ubuntu full-time! \o/<br>
Those who know, they know that this is really very exciting for me because Canonical has
been a dream company for me, for real (more about this below!). And hey, this is my first
job, <strong>ever</strong>, so all the more reason to be psyched about, isn’t it? ^_^</p>
<p>P.S. Keep reading and we’ll meet my <em>squad</em> really sooon!</p>
<h2 id="the-story">The Story</h2>
<p>Being an undergrad student (batch 2017-2021), I’ve been <em>slightly</em> worried during my last
two semesters, naturally, thinking about how’s it all gonna pan out and what will I be doing,
et al, because I’ve been seeing all my friends and batchmates getting “placed” in companies
or going for masters or at least having some sort of “plans” for their future and I, on the
other hand, was hopelessly clueless. :D</p>
<p>Well, to be fair, I did <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a> twice,
in <a href="https://summerofcode.withgoogle.com/archive/2019/projects/6014695855620096/">2019</a> and
<a href="https://summerofcode.withgoogle.com/archive/2020/projects/4736285727522816/">2020</a>, became a
<a href="https://wiki.debian.org/DebianDeveloper">Debian Developer</a> in 2019, been a part of
<a href="https://codein.withgoogle.com/">GCI</a> and <a href="https://www.outreachy.org/">Outreachy</a>, contributed
to over dozens of open-source projects, et al, et al. So I wasn’t all completely “hopeless”
but for sure was completely “clueless”, heh.</p>
<p>And for full disclosure, I was <em>only</em> slightly panicking because firstly, I <strong>did</strong> get placed
in several companies and secondly, I didn’t really need a job immediately since I was already
getting paid to work on Debian stuff by Freexian, which was good enough. :)<br>
(and honestly, Freexian has my whole heart! 😭❤️️ - more on that later sometime.)</p>
<p>But that’s not the point. I was still confused and worried and my mom & dad, more so than
anyone. Ugh. We were all figuring out and she asked me places that I was interested to work
in. And whilst I wasn’t clear about things I wanted to do (and still am!) but I was (very)
clear about this and so I told her about Canonical and also did tell her that it’s a bit too
ambitious for me to think about it now so I’ll probably apply after some experience or something.</p>
<p>…and as they say, the world works in mysterious ways and well, it did for me! So back during
the Ruby sprints (Feb ‘20), Kanashiro, <strong>the</strong> guy (😄), mentioned that his team was hiring and
has a vacant position <em>but</em> I won’t be eligible since I was still in my junior year. It was
since then I’ve been actively praying for Cronus, the god of time, to wave his magic wand and
align it in such a way that the next opening should be somewhere near my graduation. And guess
what? IT HAPPENED! 🙊</p>
<p>9 months later, in November ‘20, Kanashiro told me his team is hiring yet again and that I
could apply this time! Without much (since there was “some”) delay, I applied and started
asking all sorts of questions to Kanashiro. No words are enough for him, he literally helped
me throughout the process; from referring me to answering all sorts of doubts I had! 😭❤️️</p>
<p>And roughly after 2½ months of interviewing, et al, my “ambitious dream” did come true and I
finalyyyy signed my contract! \o/<br>
(the interview process and what went on during those 10 weeks is a story for later ;))</p>
<h2 id="the-server-team-o">The Server Team! \o</h2>
<p>This position, which I didn’t mention earlier, was for the “Server Team” which is a team of
15 people, working to make Ubuntu server the best! And as I
<a href="https://twitter.com/utkarsh2102/status/1383420034467332107">tweeted</a> sometime back, the team
is absolutely lovely, super kind, and consists of the best of teammates one could possibly
ask for! 🥰</p>
<p>Here’s a quick sneak peek into our weekly team meeting. Thanks to
<a href="https://twitter.com/rafaeldtinoco">Rafael</a> for taking such a lovely picture. And yes,
<del>the cat</del> Luna is a part of our squad! 🐾</p>
<p><img src="https://utkarsh2102.org/images/server-team-meeting-cat.jpg#center" alt=""></p>
<p>And oh, did I mention that we’re completely remote and distributed?<br>
<strong>FUN FACT</strong>: Our team covers all the TZs, that is, at any point of time (during weekdays),
you’ll find someone or the other from the team around! \o/</p>
<p>Anyway, our squad, managed by Rick is divided into two halves: <strong>Squeaky Wheels</strong> and
<strong>Table Flip</strong>. Cool names, right?<br>
Squeaky Wheels does the distro side of stuff and consists of Christian, Andreas, Rafael, Robie,
Bryce, Sergio, Kanashiro, Athos, and now myself as well! And OTOH, Table Flip consists of Dan,
Chad, Paride, Lucas, James, and Grant.</p>
<p>Even though I interact w/ Squeaky Wheels more (basically daily), each of my teammates is
absolutely lovely and equally awesome!</p>
<p>Whilst I’ll talk more about things here in the upcoming months, this is it for now! If there’s
anything, in particular, you’d like to know more about, let me know!</p>
<p>And lastly, here’s us vibing our way through, making Ubuntu server better, ‘cause that’s how
we roll! 😎</p>
<p><img src="https://utkarsh2102.org/images/server-team-vibing-small.gif#center" alt=""></p>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in April 2021 https://utkarsh2102.org/posts/foss-in-april-21/Fri, 30 Apr 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-april-21/ <p>Here’s my (nineteenth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 28th month of actively contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>Crazy month, as always. Lots of things happening and lots of moving parts.<br>
Now that I am working on Ubuntu full-time, I barely get much time to do any extra stuff. Then the massive COVID wave that has plunged India had made this month further crazier. More on that later, maybe. IDK.</p>
<p>Anyway, I did some Debian stuff, thanks to Salzburg BSP (more down below). I worked on the following stuff:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a> (2.7.3-1) - New upstream version, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28965">CVE-2021-28965</a>/<a href="https://bugs.debian.org/986807">#986807</a>.</li>
<li><a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a> (2.9.8-3+deb10u3) - buster-pu upload, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-24616">CVE-2020-24616</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-24750">CVE-2020-24750</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-25649">CVE-2020-25649</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35490">CVE-2020-35490</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35491">CVE-2020-35491</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35728">CVE-2020-35728</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36179">CVE-2020-36179</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36180">CVE-2020-36180</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36181">CVE-2020-36181</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36182">CVE-2020-36182</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36183">CVE-2020-36183</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36184">CVE-2020-36184</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36185">CVE-2020-36185</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36186">CVE-2020-36186</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36187">CVE-2020-36187</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36188">CVE-2020-36188</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36189">CVE-2020-36189</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-20190">CVE-2021-20190</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-librarian">ruby-librarian</a> (0.6.4-3) - Fixing autpkgtest; cf: <a href="https://bugs.debian.org/987113">#987113</a>.</li>
<li><a href="https://tracker.debian.org/pkg/opendmarc">opendmarc</a> (1.3.2-6+deb10u2) - buster-pu upload, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-12460">CVE-2020-12460</a>/<a href="https://bugs.debian.org/966464">#966464</a>.</li>
<li>Sponsored upload of <a href="https://tracker.debian.org/pkg/fluidsynth">fluidsynth</a> (2.1.7-1.1) to <a href="https://tracker.debian.org/news/1239551/accepted-fluidsynth-217-11-source-into-unstable/">unstable</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28421">CVE-2021-28421</a>/<a href="https://bugs.debian.org/987168">#987168</a> for Reiner Herrmann.</li>
<li>Sponsored upload of <a href="https://tracker.debian.org/pkg/fluidsynth">fluidsynth</a> (1.1.11-1+deb10u1) to <a href="https://tracker.debian.org/news/1240246/accepted-fluidsynth-1111-1deb10u1-source-amd64-into-proposed-updates-stable-new-proposed-updates/">buster</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28421">CVE-2021-28421</a>/<a href="https://bugs.debian.org/987168">#987168</a> for Reiner Herrmann.</li>
<li>Sponsored upload of <a href="https://tracker.debian.org/pkg/libpam-alreadyloggedin">libpam-alreadyloggedin</a> (0.3-9) to <a href="https://tracker.debian.org/news/1239618/accepted-libpam-alreadyloggedin-03-9-source-into-unstable/">unstable</a>, fixing <a href="https://bugs.debian.org/958224">#958224</a>, <a href="https://bugs.debian.org/986247">#986247</a>, and <a href="https://bugs.debian.org/969122">#969122</a> for Reiner Herrmann.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers and assisting people in BSP.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="salzburg-bsp-2021">Salzburg BSP 2021</h2>
<p>This was my first virtual BSP and the first BSP in Salzburg and it was absolutely amazing!<br>
Many kudos to Bernd Zeimetz for organizing it so smoothly and wonderfully, for real! \o/</p>
<p>We had a bunch of amazing sessions, besides hacking, of course, like:</p>
<ul>
<li>yoga,</li>
<li>sports,</li>
<li>games, and</li>
<li>datacenter tour -> which was super!</li>
</ul>
<p>We also had lots of things happening at #debian-bsp-2021-szg and did a lot of work.<br>
Whilst everything we did is available on the <a href="https://pad.riseup.net/p/bsp-2021-04-AT-Salzburg">pad</a>, I work on the following things:</p>
<ul>
<li>[deki/utkarsh]: CVE-2021-28421/fluidsynth (sid); cf: #987168/#987471.</li>
<li>[deki/utkarsh]: CVE-2021-28421/fluidsynth (buster); cf: #987168/#987494.</li>
<li>[utkarsh]: 18 CVEs for jackson-databind (buster); cf: #987489.</li>
<li>[utkarsh]: fix for ruby-librarian/#987113 (unblock request: #987501).</li>
<li>[utkarsh]: 17 CVEs for jackson-databind (stretch); LTS upload.</li>
<li>[utkarsh]: CVE-2020-12460/opendmarc (stretch); LTS upload.</li>
<li>[utkarsh]: CVE-2020-12460/opendmarc (buster); cf: #987531.</li>
<li>[deki/utkarsh]: libpam-alreadyloggedin, broken autopkgtest; #958224</li>
<li>[deki/utkarsh]: libpam-alreadyloggedin, installed in wrong directory; #986247</li>
<li>[deki/utkarsh]: libpam-alreadyloggedin, FTCBFS; #969122</li>
<li>[donfede/utkarsh] 10 CVEs for salt (buster)</li>
<li>[donfede/utkarsh] 10 CVEs for salt (bullseye)</li>
</ul>
<p>And finally, we clicked a picture! \o/
<img src="https://utkarsh2102.org/images/salzburg_bsp.png#center" alt=""></p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my nineteenth month as a Debian LTS and tenth month as a Debian ELTS paid contributor.<br>
I was assigned 60.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html">DLA 2615-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-1946">CVE-2020-1946</a>, for <a href="https://tracker.debian.org/pkg/spamassassin">spamassassin</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.4.2-1~deb9u4.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/04/msg00010.html">DLA 2624-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-20307">CVE-2021-20307</a>, for <a href="https://tracker.debian.org/pkg/libpano13">libpano13</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.9.19+dfsg-2+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/04/msg00011.html">DLA 2625-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28374">CVE-2021-28374</a>, for <a href="https://tracker.debian.org/pkg/courier-authlib">courier-authlib</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.66.4-9+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/04/msg00012.html">DLA 2626-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-1405">CVE-2021-1405</a>, for <a href="https://tracker.debian.org/pkg/clamav">clamav</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.102.4+dfsg-0+deb9u2.</li>
<li>Uploaded <a href="https://tracker.debian.org/news/1239104/accepted-ruby27-273-1-source-into-unstable/">ruby2.7</a> to <a href="https://bugs.debian.org/986807">sid</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28965">CVE-2021-28965</a>.<br>
For Debian sid, these problems have been fixed in version 2.7.3-1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/04/msg00017.html">DLA 2630-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-29447">CVE-2021-29447</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-29450">CVE-2021-29450</a>, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.7.20+dfsg-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/04/msg00020.html">DLA 2633-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-23961">CVE-2021-23961</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23994">CVE-2021-23994</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23995">CVE-2021-23995</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23998">CVE-2021-23998</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-23999">CVE-2021-23999</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-24002">CVE-2021-24002</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-29945">CVE-2021-29945</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-29946">CVE-2021-29946</a>, for <a href="https://tracker.debian.org/pkg/firefox-esr">firefox-esr</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 78.10.0esr-1~deb9u1. Thanks, Emilio, for all your help on this! \o/</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html">DLA 2638-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-24616">CVE-2020-24616</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-24750">CVE-2020-24750</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35490">CVE-2020-35490</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35491">CVE-2020-35491</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35728">CVE-2020-35728</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36179">CVE-2020-36179</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36180">CVE-2020-36180</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36181">CVE-2020-36181</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36182">CVE-2020-36182</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36183">CVE-2020-36183</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36184">CVE-2020-36184</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36185">CVE-2020-36185</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36186">CVE-2020-36186</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36187">CVE-2020-36187</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36188">CVE-2020-36188</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36189">CVE-2020-36189</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20190">CVE-2021-20190</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-25649">CVE-2020-25649</a>, for <a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.8.6-1+deb9u9.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/04/msg00026.html">DLA 2639-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-12460">CVE-2020-12460</a>, for <a href="https://tracker.debian.org/pkg/opendmarc">opendmarc</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u3.</li>
<li>Uploaded <a href="https://tracker.debian.org/news/1239551/accepted-fluidsynth-217-11-source-into-unstable/">fluidsynth</a> to <a href="https://bugs.debian.org/987168">sid</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28421">CVE-2021-28421</a>.<br>
For Debian sid, these problems have been fixed in version 2.1.7-1.1. Thanks to Reiner Herrmann for their work.</li>
<li>Uploaded <a href="https://tracker.debian.org/pkg/fluidsynth">fluidsynth</a> to <a href="https://bugs.debian.org/987494">buster-pu</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28421">CVE-2021-28421</a>.<br>
For Debian sid, these problems have been fixed in version 2.1.7-1.1. Thanks to Reiner Herrmann for their work.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-396-1-underscore/">ELA 396-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-23358">CVE-2021-23358</a>, for <a href="https://tracker.debian.org/pkg/underscore">underscore</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.7.0~dfsg-1+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-397-1-spamassassin/">ELA 397-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-1946">CVE-2020-1946</a>, for <a href="https://tracker.debian.org/pkg/spamassassin">spamassassin</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 3.4.2-0+deb8u4.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-400-1-wordpress/">ELA 400-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25286">CVE-2020-25286</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28032">CVE-2020-28032</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28033">CVE-2020-28033</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28034">CVE-2020-28034</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28035">CVE-2020-28035</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28036">CVE-2020-28036</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28037">CVE-2020-28037</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28038">CVE-2020-28038</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28039">CVE-2020-28039</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-28040">CVE-2020-28040</a>, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 4.1.32+dfsg-0+deb8u1.</li>
<li>Help issued <a href="https://deb.freexian.com/extended-lts/updates/ela-401-1-tomcat7/">ELA 401-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-25329">CVE-2021-25329</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-9484">CVE-2020-9484</a>, for <a href="https://tracker.debian.org/pkg/tomcat7">tomcat7</a>, along with Markus.<br>
For Debian 8 jessie, these problems have been fixed in version 7.0.56-3+really7.0.100-1+deb8u3.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-403-1-jackson-databind/">ELA 403-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-24616">CVE-2020-24616</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-24750">CVE-2020-24750</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-25649">CVE-2020-25649</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35490">CVE-2020-35490</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35491">CVE-2020-35491</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35728">CVE-2020-35728</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36179">CVE-2020-36179</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36180">CVE-2020-36180</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36181">CVE-2020-36181</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36182">CVE-2020-36182</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36183">CVE-2020-36183</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36184">CVE-2020-36184</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36185">CVE-2020-36185</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36186">CVE-2020-36186</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36187">CVE-2020-36187</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36188">CVE-2020-36188</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36189">CVE-2020-36189</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-20190">CVE-2021-20190</a>, for <a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.4.2-2+deb8u16.</li>
<li>Uploaded <a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a> to <a href="https://bugs.debian.org/987489">buster-pu</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-24616">CVE-2020-24616</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-24750">CVE-2020-24750</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-25649">CVE-2020-25649</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35490">CVE-2020-35490</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35491">CVE-2020-35491</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-35728">CVE-2020-35728</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36179">CVE-2020-36179</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36180">CVE-2020-36180</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36181">CVE-2020-36181</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36182">CVE-2020-36182</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36183">CVE-2020-36183</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36184">CVE-2020-36184</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36185">CVE-2020-36185</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36186">CVE-2020-36186</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36187">CVE-2020-36187</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36188">CVE-2020-36188</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36189">CVE-2020-36189</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-20190">CVE-2021-20190</a>.<br>
For Debian 10 buster, these problems have been fixed in version 2.9.8-3+deb10u3.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-404-1-clamav/">ELA 404-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-1405">CVE-2021-1405</a>, for <a href="https://tracker.debian.org/pkg/clamav">clamav</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.102.4+dfsg-0+deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-409-1-opendmarc/">ELA 409-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-16378">CVE-2019-16378</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-12460">CVE-2020-12460</a>, for <a href="https://tracker.debian.org/pkg/opendmarc">opendmarc</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.3.0+dfsg-1+deb8u1.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 29-03 until 04-04 and then from 26-04 until 02-05 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/spamassassin">spamassassin</a>,
<a href="https://tracker.debian.org/pkg/codemirror-js">codemirror-js</a>,
<a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a>,
<a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>,
<a href="https://tracker.debian.org/pkg/gstreamer">gstreamer</a>,
<a href="https://tracker.debian.org/pkg/underscore">underscore</a>,
<a href="https://tracker.debian.org/pkg/python-bleach">python-bleach</a>,
<a href="https://tracker.debian.org/pkg/plinth">plinth</a>,
<a href="https://tracker.debian.org/pkg/libpano13">libpano13</a>,
<a href="https://tracker.debian.org/pkg/salt">salt</a>,
<a href="https://tracker.debian.org/pkg/dojo">dojo</a>,
<a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a>,
<a href="https://tracker.debian.org/pkg/firefox-esr">firefox-esr</a>,
<a href="https://tracker.debian.org/pkg/clamav">clamav</a>,
<a href="https://tracker.debian.org/pkg/composter">composter</a>,
<a href="https://tracker.debian.org/pkg/courier-authlib">courier-authlib</a>,
<a href="https://tracker.debian.org/pkg/opendmarc">opendmarc</a>,
<a href="https://tracker.debian.org/pkg/openexr">openexr</a>,
<a href="https://tracker.debian.org/pkg/libimage-exiftool-perl">libimage-exiftool-perl</a>,
<a href="https://tracker.debian.org/pkg/tomcat7">tomcat7</a>,
<a href="https://tracker.debian.org/pkg/libjs-handlebars">libjs-handlebars</a>,
<a href="https://tracker.debian.org/pkg/libnet-netmask-perl">libnet-netmask-perl</a>,
<a href="https://tracker.debian.org/pkg/network-manager">network-manager</a>, and
<a href="https://tracker.debian.org/pkg/curl">curl</a>.</li>
<li>Mark CVE-2021-20297/network-manager as not-affected for jessie.</li>
<li>Mark CVE-2021-22890/curl as not-affected for jessie and stretch.</li>
<li>Mark CVE-2020-7760/codemirror-js as not-affected for jessie.</li>
<li>Mark CVE-2021-25122/tomcat8 as not-affected for jessie.</li>
<li>Mark CVE-2021-XXXX/plinth as no-dsa for stretch.</li>
<li>Mark CVE-2021-29424/libnet-netmask-perl as no-dsa for stretch.</li>
<li>Mark CVE-2021-28374/courier-authlib as fixed in 0.58-3.1 for jessie.</li>
<li>Mark CVE-2021-1252/clamav as not-affected for jessie.</li>
<li>Mark CVE-2021-1404/clamav as not-affected for jessie.</li>
<li>Mark CVE-2020-4051/dojo as no-dsa for jessie.</li>
<li>Mark CVE-2021-29447/wordpress as not-affected for jessie.</li>
<li>Mark CVE-2021-29450/wordpress as not-affected for jessie.</li>
<li>Mark CVE-2019-20920/libjs-handlebars as ignored for stretch and jessie.</li>
<li>Mark CVE-2021-23369/libjs-handlebars as ignored for stretch and jessie.</li>
<li>Mark CVE-2020-4051/dojo as fixed in 1.15.4+dfsg1-1 for sid and bullseye.</li>
<li>Mark CVE-2021-28965/ruby2.7 fixed in 2.7.3-1 for sid.</li>
<li>Mark CVE-2020-12272/opendmarc as postponed for jessie.</li>
<li>Mark CVE-2021-20296, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, and CVE-2021-3479, affecting openexr, as no-dsa for jessie and stretch.</li>
<li>Suggest proposed fixes for <a href="https://lists.debian.org/debian-lts/2021/04/msg00002.html">CVE-2021-22876/curl on LTS public list</a>.</li>
<li>Publish the missing DLA update for the website on behalf of the community contribution. Thread <a href="https://lists.debian.org/debian-lts/2021/04/msg00017.html">here</a>.</li>
<li>Help suggest and unblock work if FD is missing or something. Thread <a href="https://lists.debian.org/debian-lts/2021/04/msg00009.html">here</a>.</li>
<li>Suggest marking CVE-2021-23369/{node,libjs}-handlebars as no-dsa/ignored for all suites. Thread <a href="https://lists.debian.org/debian-lts/2021/04/msg00026.html">here</a>.</li>
<li>Help unblock Anton with the failed python2.7 build on i386 by coordinating with the sec team. Thread <a href="https://lists.debian.org/debian-lts/2021/04/msg00034.html">here</a>.</li>
<li>Private ELTS-related discussion on the ELTS list (+ w/ Raphael).</li>
<li>Auto EOL’ed webkit2gtk, python-bleach, tika, linux, ircii, spice-vdagent, libspring-security-2.0-java, file-roller, rustc, python-django-registration, gsoap, thunderbird, mosquitto, ruby-sidekiq, gnuchess, libpodofo, unbound, drupal7, 389-ds-base, and scrollz for jessie.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/02/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in March 2021 https://utkarsh2102.org/posts/foss-in-march-21/Tue, 30 Mar 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-march-21/ <p>Here’s my (eighteenth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 27th month of active contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>This month was a bit exhausting; lots of moving parts. With the financial year ending, it was even more crazy, with me running around to banks, CA, et al.<br>
Anyway, with now working on Ubuntu full-time, I did little of Debian this month. Here are the following things I worked on:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/polybar">polybar</a> (3.5.5-1) - New upstream version, v3.5.5.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-http-parser">ruby-http-parser</a> (1.2.1-5) - Disable tests causing FTBFS on s390x architecture.</li>
<li><a href="https://tracker.debian.org/pkg/debian-security-support">debian-security-support</a> (1:11+2021.03.19) - Fix for <a href="https://bugs.debian.org/984539">bug #984539</a>: dpkg hook should never fail.</li>
<li>Filed <a href="https://bugs.debian.org/985314">bug #985314</a> against asterisk (systemd misconfiguration) and added a patch as well.</li>
<li>Filed <a href="https://bugs.debian.org/985421">bug #985421</a> against at (add DEP8 tests) and added a patch as well.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Attended the Debian LTS team meeting.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my eighteenth month as a Debian LTS and ninth month as a Debian ELTS paid contributor.<br>
I was assigned 60.00 hours for LTS and 39.00 hours for ELTS and worked on the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html">DLA 2580-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-21311">CVE-2021-21311</a>, for <a href="https://tracker.debian.org/pkg/adminer">adminer</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.2.5-3+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00003.html">DLA 2581-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-27803">CVE-2021-27803</a>, for <a href="https://tracker.debian.org/pkg/wpa">wpa</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2:2.4-1+deb9u9.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00007.html">DLA 2585-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-13848">CVE-2020-13848</a>, for <a href="https://tracker.debian.org/pkg/libupnp">libupnp</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1:1.6.19+git20160116-1.2+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00012.html">DLA 2589-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-26519">CVE-2020-26519</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-3407">CVE-2021-3407</a>, for <a href="https://tracker.debian.org/pkg/mupdf">mupdf</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.9a+ds1-4+deb9u6.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00016.html">DLA 2593-1</a>, fixing <a href="https://bugs.debian.org/962596">bug #962596</a>, for <a href="https://tracker.debian.org/pkg/ca-certificates">ca-certificates</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 20200601~deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00017.html">DLA 2589-2</a>, fixing regression caused by DLA 2589-1, for <a href="https://tracker.debian.org/pkg/mupdf">mupdf</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.9a+ds1-4+deb9u7.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00022.html">DLA 2598-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25097">CVE-2020-25097</a>, for <a href="https://tracker.debian.org/pkg/squid3">squid3</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.5.23-5+deb9u6.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00023.html">DLA 2599-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28963">CVE-2021-28963</a>, for <a href="https://tracker.debian.org/pkg/shibboleth-sp2">shibboleth-sp2</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.6.0+dfsg1-4+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00025.html">DLA 2601-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3429">CVE-2021-3429</a>, for <a href="https://tracker.debian.org/pkg/cloud-init">cloud-init</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.7.9-2+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/03/msg00026.html">DLA 2558-2</a>, fixing regression caused by DLA 2558-1, for <a href="https://tracker.debian.org/pkg/xterm">xterm</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 327-2+deb9u2.</li>
<li>Released <a href="https://tracker.debian.org/news/1236782/accepted-debian-security-support-11120210319-source-into-unstable/">debian-security-support to unstable</a> via Holger to fix <a href="https://bugs.debian.org/984539">bug #984539</a>.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-374-1-wpa/">ELA 374-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-27803">CVE-2021-27803</a>, for <a href="https://tracker.debian.org/pkg/wpa">wpa</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.3-1+deb8u13.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-375-1-libcaca/">ELA 375-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3410">CVE-2021-3410</a>, for <a href="https://tracker.debian.org/pkg/libcaca">libcaca</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.99.beta19-2+deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-376-1-libhibernate3-java/">ELA 376-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25638">CVE-2020-25638</a>, for <a href="https://tracker.debian.org/pkg/libhibernate3-java">libhibernate3-java</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 3.6.10.Final-3+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-382-1-squid3/">ELA 382-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25097">CVE-2020-25097</a>, for <a href="https://tracker.debian.org/pkg/squid3">squid3</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 3.5.23-5+deb8u3.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-385-1-shibboleth-sp2/">ELA 385-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-28963">CVE-2021-28963</a>, for <a href="https://tracker.debian.org/pkg/shibboleth-sp2">shibboleth-sp2</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.5.3+dfsg-2+deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-363-2-xterm/">ELA 363-2</a>, fixing regression caused by ELA 363-1, for <a href="https://tracker.debian.org/pkg/xterm">xterm</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 312-2+deb8u2.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 01-03 until 07-03 for ELTS and then from 29-03 until 04-04 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/wpa">wpa</a>,
<a href="https://tracker.debian.org/pkg/python-aiohttp">python-aiohttp</a>,
<a href="https://tracker.debian.org/pkg/spip">spip</a>,
<a href="https://tracker.debian.org/pkg/wpa">wpa</a>,
<a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/tomcat7">tomcat7</a>,
<a href="https://tracker.debian.org/pkg/tomcat8">tomcat8</a>,
<a href="https://tracker.debian.org/pkg/grub2">grub2</a>,
<a href="https://tracker.debian.org/pkg/mupdf">mupdf</a>,
<a href="https://tracker.debian.org/pkg/openssh">openssh</a>,
<a href="https://tracker.debian.org/pkg/tiff">tiff</a>,
<a href="https://tracker.debian.org/pkg/spice">spice</a>,
<a href="https://tracker.debian.org/pkg/pillow">pillow</a>,
<a href="https://tracker.debian.org/pkg/xmlgraphics-commons">xmlgraphics-commons</a>,
<a href="https://tracker.debian.org/pkg/batik">batik</a>,
<a href="https://tracker.debian.org/pkg/libupnp">libupnp</a>,
<a href="https://tracker.debian.org/pkg/ca-certificates">ca-certificates</a>,
<a href="https://tracker.debian.org/pkg/salt">salt</a>,
<a href="https://tracker.debian.org/pkg/squid3">squid3</a>,
<a href="https://tracker.debian.org/pkg/shibboleth-sp2">shibboleth-sp2</a>,
<a href="https://tracker.debian.org/pkg/courier-authlib">courier-authlib</a>,
<a href="https://tracker.debian.org/pkg/cloud-init">cloud-init</a>,
<a href="https://tracker.debian.org/pkg/spamassassin">spamassassin</a>,
<a href="https://tracker.debian.org/pkg/openssl">openssl</a>,
<a href="https://tracker.debian.org/pkg/libcaca">libcaca</a>, and
<a href="https://tracker.debian.org/pkg/openjpeg2">openjpeg2</a>.</li>
<li>Marked CVE-2021-21330/python-aiohttp as not-affected for stretch.</li>
<li>Marked CVE-2021-20233, CVE-2021-20225, CVE-2020-27779, CVE-2020-27778, CVE-2020-27749, CVE-2020-27748, CVE-2020-25647, CVE-2020-25632, CVE-2020-25631, and CVE-2020-14372, affecting grub2, as ignored for stretch and jessie.</li>
<li>Marked CVE-2020-27842/openjpeg2 as no-dsa for jessie.</li>
<li>Marked CVE-2020-27843/openjpeg2 as no-dsa for jessie.</li>
<li>Marked CVE-2021-28041/openssh as not-affect for jessie.</li>
<li>Marked CVE-2020-3552{3,4}/tiff as no-dsa for jessie.</li>
<li>Marked CVE-2021-20201/spice as no-dsa for jessie.</li>
<li>Marked CVE-2020-11988/xmlgraphics-commons as postponed for jessie.</li>
<li>Marked CVE-2020-11987/batik as postponed for jessie.</li>
<li>Marked CVE-2020-12695/libupnp as no-dsa for stretch.</li>
<li>Marked CVE-2021-25122/tomcat7 as not-affected for stretch.</li>
<li>Marked CVE-2021-25329/tomcat7 as ignored for stretch.</li>
<li>Marked CVE-2021-28116/squid3 as postponed for stretch and jessie.</li>
<li>Marked CVE-2021-3449/openssl as not-affected for stretch.</li>
<li>Document extra notes for grub2 for LTS and co-ordinate with the sec-team.</li>
<li>Document extra notes for pillow about piled-up issues in jessie.</li>
<li>Issued DLA-2593-1 for ca-certificates on Microsoft’s request; co-ordinating w/ them.</li>
<li>Co-ordinating w/ maintainer of courier-authlib for stretch and jessie update.</li>
<li>Fixing build failures of ELTS’ security tracker and re-ordering entries in data/CVE-EXTENDED-LTS/list file.</li>
<li>Answer queries of dupondje and mikap about openssl on IRC; and it being not-affected for stretch.</li>
<li>Help review the status of CVE-2021-3121/golang-github-gogo-protobuf-dev for Ola.</li>
<li>Co-ordinating w/ Noah for cloud-init and setuptools.</li>
<li>Auto EOL’ed mongodb, linux, guacamole-client, node-xmlhttprequest, newlib, neutron, privoxy, glpi, and zabbix for jessie.</li>
<li>Attended monthly meeting for Debian LTS.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/03/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in February 2021 https://utkarsh2102.org/posts/foss-in-feb-21/Sun, 28 Feb 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-feb-21/ <p>Here’s my (seventeenth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 26th month of active contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>This month was a nice mix of amusement, excitement, nervousness, and craziness. More on it below.<br>
Anyway, whilst I was super-insanely busy this month, I still did some Debian stuff here and there. Here are the following things I worked on:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby-mechanize">ruby-mechanize</a> (2.7.7-1) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-21289">CVE-2021-21289</a>.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.0.3.4+dfsg-3) - Fixing silent build failure, <a href="https://bugs.debian.org/979133">bug #979133</a>.</li>
<li><a href="https://tracker.debian.org/pkg/tiledb">tiledb</a> (1.7.7-1.1) - NMU + source-only upload for migration.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-launchy">ruby-launchy</a> (2.5.0-3) - Add Breaks+Replaces for launchy; fixing <a href="https://bugs.debian.org/974046">bug #974046</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-upr">ruby-upr</a> (0.3.0-3) - Fixing FTBFS + autopkgtest; cf: <a href="https://bugs.debian.org/883370">bug #883370</a>.</li>
<li><a href="https://tracker.debian.org/pkg/gdisk">gdisk</a> (1.0.6-1.1) - Add Restrictions: allow-stderr for autopkgtest; fixing <a href="https://bugs.debian.org/981231">bug #981231</a>.</li>
<li><a href="https://tracker.debian.org/pkg/test-check-clojure">test-check-clojure</a> (0.9.0-4) - Fixing FTBFS + autpkgtest; cf: <a href="https://bugs.debian.org/982721">bug #982721</a>.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.0.3.5+dfsg-1) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-22880">CVE-2021-22880</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-22881">CVE-2021-22881</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-mechanize">ruby-mechanize</a> (2.7.6-1+deb10u1) - pu-upload, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-21289">CVE-2021-21289</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-handlebars-assets">ruby-handlebars-assets</a> (2:0.23.8+dfsg-3) - Fixing autpkgtest by embedding a dummy rails app.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rails-assets-emojione">ruby-rails-assets-emojione</a> (2.2.6-5) - Fixing autpkgtest by embedding a dummy rails app.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rails-assets-jquery-colorbox">ruby-rails-assets-jquery-colorbox</a> (1.6.3~dfsg-7) - Fixing autpkgtest by embedding a dummy rails app.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rails-assets-jquery.slimscroll">ruby-rails-assets-jquery.slimscroll</a> (1.3.6+dfsg-3) - Fixing autpkgtest by embedding a dummy rails app.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rails-assets-markdown-it">ruby-rails-assets-markdown-it</a> (8.4.2-5) - Fixing autpkgtest by embedding a dummy rails app.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-mousetrap-rails">ruby-mousetrap-rails</a> (1.4.6-7) - Fixing autpkgtest by embedding a dummy rails app.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rails-assets-jquery-fullscreen-plugin">ruby-rails-assets-jquery-fullscreen-plugin</a> (0.5.0+dfsg-4) - Fixing autpkgtest by embedding a dummy rails app.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Attended the Debian LTS team meeting.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>ruby-rspec-stubbed-env</code> for Cédric Boutillier, heh :P</li>
</ul>
<hr>
<h2 id="interesting-bits">Interesting Bits!</h2>
<ul>
<li>
<p>Last month, I wrote:</p>
<blockquote>
<p>Besides, there’s something more that is in the pipelines. Can’t talk about it now, shh. But
hopefully very sooooooon!</p>
</blockquote>
<p>And now I <em>can</em> talk about it! So here it is..<br>
I’ve joined Canonical as a SDE to work on Ubuntu, full time!!! \o/<br>
Fully remote + dream job/work + most of the work is in the open-source domain + the <strong>beessstttt</strong> co-workers one could ever ask for! 💖</p>
<p>It’s been an amazing time so far and I’ll talk more about it later this month.<br>
But for now, here’s our <em>team monitor selfie</em>™ (with Rick missing because of his “secret plan”! 🤦♂️)<br>
<img src="https://utkarsh2102.org/images/server-team-meeting.png#center" alt=""><br>
<em>We’ll soon e-meet them in a more detailed manner in the next blog post, that is, later this month!</em></p>
</li>
<li>
<p>In another exciting news, I got 2 more CVEs assigned!!! \o/<br>
No, it is not something that I found, it was discovered by Tavis Ormandy. I just assigned
them a CVE ID, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26937">CVE-2021-26937</a>
for screen and <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135">CVE-2021-27135</a> for xterm.<br>
This is my 2nd and 3rd, so I am (still) very excited about this! ^_^</p>
</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my sixteenth month as a Debian LTS and eighth month as a Debian ELTS paid contributor.<br>
I was assigned 60.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:<br>
(however, I had overworked for 9 hours for both, LTS and ELTS, last month so I had to work for 51 hours for both this month!)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html">DLA 2544-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-36221">CVE-2020-36221</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36222">CVE-2020-36222</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36223">CVE-2020-36223</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36224">CVE-2020-36224</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36225">CVE-2020-36225</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36226">CVE-2020-36226</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36227">CVE-2020-36227</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36228">CVE-2020-36228</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36229">CVE-2020-36229</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-36230">CVE-2020-36230</a>, for <a href="https://tracker.debian.org/pkg/openldap">openldap</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.4.44+dfsg-5+deb9u7.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00006.html">DLA 2545-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8020">CVE-2020-8020</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-8021">CVE-2020-8021</a>, for <a href="https://tracker.debian.org/pkg/open-build-service">open-build-service</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.7.1-10+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html">DLA 2546-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8695">CVE-2020-8695</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-8696">CVE-2020-8696</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-8698">CVE-2020-8698</a>, for <a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.20201118.1~deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00009.html">DLA 2548-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-35502">CVE-2020-35502</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20209">CVE-2021-20209</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20210">CVE-2021-20210</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20211">CVE-2021-20211</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20212">CVE-2021-20212</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20213">CVE-2021-20213</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20215">CVE-2021-20215</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2021-20216">CVE-2021-20216</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2021-20217">CVE-2021-20217</a>, for <a href="https://tracker.debian.org/pkg/privoxy">privoxy</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 3.0.26-3+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00010.html">DLA 2549-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-0256">CVE-2020-0256</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-0308">CVE-2021-0308</a>, for <a href="https://tracker.debian.org/pkg/gdisk">gdisk</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.0.1-1+deb9u1.</li>
<li>Released a <a href="https://tracker.debian.org/news/1230167/accepted-gdisk-106-11-source-into-unstable/">non-maintainer upload</a>, fixing <a href="https://bugs.debian.org/981231">#981231</a>, autopkgtest regression for <a href="https://security-tracker.debian.org/tracker/CVE-2020-0256">CVE-2020-0256</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-0308">CVE-2021-0308</a>, for <a href="https://tracker.debian.org/pkg/gdisk">gdisk</a>.<br>
For Debian sid, these problems have been fixed in version 1.0.6-1.1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00015.html">DLA 2554-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-26910">CVE-2021-26910</a>, for <a href="https://tracker.debian.org/pkg/firejail">firejail</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 0.9.44.8-2+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00019.html">DLA 2558-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-27135">CVE-2021-27135</a>, for <a href="https://tracker.debian.org/pkg/xterm">xterm</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 327-2+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00021.html">DLA 2561-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-21289">CVE-2021-21289</a>, for <a href="https://tracker.debian.org/pkg/ruby-mechanize">ruby-mechanize</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.7.5-1+deb9u1.</li>
<li>Released <a href="https://tracker.debian.org/pkg/ruby-mechanize">buster-pu update</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-21289">CVE-2021-21289</a>, for <a href="https://tracker.debian.org/pkg/ruby-mechanize">ruby-mechanize</a>.<br>
For Debian 10 Buster, these problems have been fixed in version 2.7.6-1+deb10u1.</li>
<li>Released <a href="https://tracker.debian.org/news/1227462/accepted-ruby-mechanize-277-1-source-into-unstable/">team/maintainer upload</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-21289">CVE-2021-21289</a>, for <a href="https://tracker.debian.org/pkg/ruby-mechanize">ruby-mechanize</a>.<br>
For Debian sid, these problems have been fixed in version 2.7.7-1.</li>
<li>Released <a href="https://tracker.debian.org/news/1231598/accepted-rails-26035dfsg-1-source-into-unstable/">team/maintainer upload</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-22880">CVE-2021-22880</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-22881">CVE-2021-22881</a>, for <a href="https://tracker.debian.org/pkg/rails">rails</a>.<br>
For Debian sid, these problems have been fixed in version 2:6.0.3.5+dfsg-1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00031.html">DLA 2570-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-26937">CVE-2021-26937</a>, for <a href="https://tracker.debian.org/pkg/screen">screen</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 4.5.0-6+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00034.html">DLA 2573-1</a>, fixing <a href="https://bugs.debian.org/981404">#981404</a> and <a href="https://bugs.debian.org/982519">#982519</a>, for <a href="https://tracker.debian.org/pkg/libzstd">libzstd</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 1.1.2-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/02/msg00035.html">DLA 2574-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-27212">CVE-2021-27212</a>, for <a href="https://tracker.debian.org/pkg/openldap">openldap</a>.<br>
For Debian 9 stretch, these problems have been fixed in version 2.4.44+dfsg-5+deb9u8.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-357-1-jasper/">ELA 357-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3272">CVE-2021-3272</a>, for <a href="https://tracker.debian.org/pkg/jasper">jasper</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.900.1-debian1-2.4+deb8u7.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-358-1-openldap/">ELA 358-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-36221">CVE-2020-36221</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36222">CVE-2020-36222</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36223">CVE-2020-36223</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36224">CVE-2020-36224</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36225">CVE-2020-36225</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36226">CVE-2020-36226</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36227">CVE-2020-36227</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36228">CVE-2020-36228</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-36229">CVE-2020-36229</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-36230">CVE-2020-36230</a>, for <a href="https://tracker.debian.org/pkg/openldap">openldap</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.4.40+dfsg-1+deb8u9.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-359-1-python-apt/">ELA 359-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-27351">CVE-2020-27351</a>, for <a href="https://tracker.debian.org/pkg/python-apt">python-apt</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.9.3.14.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-360-1-gdisk/">ELA 360-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-0256">CVE-2020-0256</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-0308">CVE-2021-0308</a>, for <a href="https://tracker.debian.org/pkg/gdisk">gdisk</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 0.8.10-2+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-361-1-jasper/">ELA 361-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-26926">CVE-2021-26926</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2021-26927">CVE-2021-26927</a>, for <a href="https://tracker.debian.org/pkg/jasper">jasper</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 1.900.1-debian1-2.4+deb8u9.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-362-1-intel-microcode/">ELA 362-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8695">CVE-2020-8695</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-8696">CVE-2020-8696</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-8698">CVE-2020-8698</a>, for <a href="https://tracker.debian.org/pkg/intel-microcode">intel-microcode</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 3.20201118.1~deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-363-1-xterm/">ELA 363-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-27135">CVE-2021-27135</a>, for <a href="https://tracker.debian.org/pkg/xterm">xterm</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 312-2+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-371-1-openldap/">ELA 371-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-27212">CVE-2021-27212</a>, for <a href="https://tracker.debian.org/pkg/openldap">openldap</a>.<br>
For Debian 8 jessie, these problems have been fixed in version 2.4.40+dfsg-1+deb8u10.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 22-02 until 28-02 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/privoxy">privoxy</a>,
<a href="https://tracker.debian.org/pkg/dnsmasq">dnsmasq</a>,
<a href="https://tracker.debian.org/pkg/openldap">openldap</a>,
<a href="https://tracker.debian.org/pkg/libzstd">libzstd</a>,
<a href="https://tracker.debian.org/pkg/ruby-mechanize">ruby-mechanize</a>,
<a href="https://tracker.debian.org/pkg/firefox-esr">firefox-esr</a>,
<a href="https://tracker.debian.org/pkg/thunderbird">thunderbird</a>,
<a href="https://tracker.debian.org/pkg/screen">screen</a>,
<a href="https://tracker.debian.org/pkg/xterm">xterm</a>,
<a href="https://tracker.debian.org/pkg/glibc">glibc</a>,
<a href="https://tracker.debian.org/pkg/isync">isync</a>,
<a href="https://tracker.debian.org/pkg/rails">rails</a>,
<a href="https://tracker.debian.org/pkg/openscad">openscad</a>,
<a href="https://tracker.debian.org/pkg/imagemagick">imagemagick</a>,
<a href="https://tracker.debian.org/pkg/avahi">avahi</a>,
<a href="https://tracker.debian.org/pkg/gdk-pixbuf">gdk-pixbuf</a>,
<a href="https://tracker.debian.org/pkg/python-reportlab">python-reportlab</a>,
<a href="https://tracker.debian.org/pkg/python-aiohttp">python-aiohttp</a>,
<a href="https://tracker.debian.org/pkg/spip">spip</a>,
<a href="https://tracker.debian.org/pkg/gdisk">gdisk</a>, and
<a href="https://tracker.debian.org/pkg/jasper">jasper</a>.</li>
<li>Marked CVE-2021-20214/privoxy as not-affected for stretch.</li>
<li>Marked CVE-2021-27645/glibc as no-dsa for stretch.</li>
<li>Marked CVE-2021-20247/isync as no-dsa for stretch.</li>
<li>Marked CVE-2020-28599/openscad as no-dsa for stretch.</li>
<li>Markec CVE-2021-2024{1,4-6}/imagemagick as ignored for stretch.</li>
<li>Marked CVE-2021-26720/avahi as postponed for jessie.</li>
<li>Marked CVE-2021-20240/gdk-pixbuf as not-affected for jessie.</li>
<li>Marked CVE-2021-27645/glibc as no-dsa for jessie.</li>
<li>Marked CVE-2020-28463/python-reportlab as postponed for jessie.</li>
<li>Document extra CVEs as notes for imagemagick in jessie.</li>
<li>Auto EOL’ed libupnp, webkit2gtk, libraw, jackson-dataformat-cbor, node-lodash, linux, asterisk, yara, python-django, botan1.10, smarty3, xen, u-boot, steghide, mumble, gsoap, ruby-twitter-stream, isync, nodejs, openscad, mupdf, mongo-java-driver, firefox-esr, thunderbird, and salt for jessie.</li>
<li>Sponsored upload for php-horde-text-filter for Sylvain and published its DLA announcement.</li>
<li>Got <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26937">CVE-2021-26937</a> for <a href="https://www.gnu.org/software/screen/">screen</a>. Yay, this is the 2nd one I got assigned! \o/</li>
<li>Got <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135">CVE-2021-27135</a> for <a href="https://invisible-island.net/xterm/">xterm</a>. Woah, this is the 3rd one, am I on a roll or what? \o/</li>
<li>Co-ordinated with package maintainer (and upstream) of ca-certificates for backporting patch to stretch.</li>
<li>Co-ordinated with package maintainer of ca-certificates for backporting patch to stretch.</li>
<li>Co-ordinated with package maintainer of screen for fixing vulnerabilites in stretch.</li>
<li>Attended monthly meeting for Debian LTS.</li>
<li>Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).</li>
<li>Cross-checked LTS survey results, emailed Ola about the problems found.</li>
<li>General and other discussions on LTS private and <a href="https://lists.debian.org/debian-lts/2021/02/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in January 2021 https://utkarsh2102.org/posts/foss-in-jan-21/Sat, 30 Jan 2021 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-jan-21/ <p>Here’s my (sixteenth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 25th month of contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March 2019 and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> on Christmas ‘19! \o/</p>
<p>This month was bat-shit crazy. Why? We’ll come to it later, probably 15th of this month?<br>
Anyway, besides being crazy, hectic, adventerous, and the first of 2021, this month I was super-insanely busy. With what? Hm, more about this later this month! ^_^</p>
<p>However, I still did some Debian stuff here and there. Here are the following things I worked on:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a> (2.1.1-6) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8184">CVE-2020-8184</a>/<a href="https://bugs.debian.org/963477">bug #963477</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-faye-websocket">ruby-faye-websocket</a> (0.11.0-1) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-15133">CVE-2020-15133</a>/<a href="https://bugs.debian.org/967061">bug #967061</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-faye">ruby-faye</a> (1.4.0-1) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-11020">CVE-2020-11020</a>/<a href="https://bugs.debian.org/959392">bug #959392</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-15134">CVE-2020-15134</a>/<a href="https://bugs.debian.org/967063">bug #967063</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a> (2.1.4-2) - Fix failing tests and new upstream version, v2.1.4.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rake-ant">ruby-rake-ant</a> (1.0.4-1) - Initial release, <a href="https://bugs.debian.org/979498">bug #979498</a>.</li>
<li><a href="https://tracker.debian.org/pkg/libgit2">libgit2</a> (1.1.0+dfsg.1-4) - Source-only upload for migration.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-scanf">ruby-scanf</a> (1.0.0-1) - Initial release, <a href="https://bugs.debian.org/979497">bug #979497</a>.</li>
<li><a href="https://tracker.debian.org/pkg/polybar">polybar</a> (3.5.4-1) - New upstream version, v3.5.4.</li>
<li><a href="https://tracker.debian.org/pkg/fpc">fpc</a> (3.2.0+dfsg-10) - Severe crash fix for bugs <a href="https://bugs.debian.org/979850">#979850</a>, <a href="https://bugs.debian.org/979853">#979853</a>, <a href="https://bugs.debian.org/979862">#979862</a>, and <a href="979851">#979851</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-em-redis">ruby-em-redis</a> (0.3.0+gh-3) - Fixing FTBFS, <a href="https://bugs.debian.org/978975">bug #978975</a>, as requested by Holger! :)</li>
<li><a href="https://tracker.debian.org/pkg/gdebi">gdebi</a> (0.9.5.7+nmu4) - Fixing FTBFS, <a href="https://bugs.debian.org/951923">bug #951923</a>, as requested by Holger! :)</li>
<li><a href="https://tracker.debian.org/pkg/ruby-redcarpet">ruby-redcarpet</a> (3.4.0-4+deb10u1) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-26298">CVE-2020-26298</a>/<a href="https://bugs.debian.org/980057">bug #980057</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-in-parallel">ruby-in-parallel</a> (0.1.17-1.2) - Fixing autopkgtest, <a href="https://bugs.debian.org/979700">bug #979700</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-in-parallel">ruby-in-parallel</a> (0.1.17-1.3) - Fixing random test failures, <a href="https://bugs.debian.org/980585">bug #980585</a>.</li>
<li><a href="https://tracker.debian.org/pkg/python-bottle">python-bottle</a> (0.12.15-2+deb10u1) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-28473">CVE-2020-28473</a>.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Attended the Debian Ruby team meeting.</li>
<li>Mentoring for newcomers.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>golang-github-gorilla-css</code> for Fedrico.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my sixteenth month as a Debian LTS and seventh month as a Debian ELTS paid contributor.<br>
I was assigned 26.00 hours for LTS and 36.75 hours for ELTS and worked on the following things:<br>
(however, I worked extra for 9 hours for LTS and 9 hours for ELTS this month, which I intend to balance from the next month!)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/01/msg00006.html">DLA 2518-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-35492">CVE-2020-35492</a>, for <a href="https://tracker.debian.org/pkg/cairo">cairo</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.14.8-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/01/msg00013.html">DLA 2525-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-19840">CVE-2018-19840</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2018-19841">CVE-2018-19841</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-11498">CVE-2019-11498</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-1010315">CVE-2019-1010315</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-1010317">CVE-2019-1010317</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-1010319">CVE-2019-1010319</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-35738">CVE-2020-35738</a>, for <a href="https://tracker.debian.org/pkg/wavpack">wavpack</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 5.0.0-2+deb9u3.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/01/msg00014.html">DLA 2526-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-26298">CVE-2020-26298</a>, for <a href="https://tracker.debian.org/pkg/ruby-redcarpet">ruby-redcarpet</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 3.3.4-2+deb9u1.</li>
<li>Prepared <a href="https://lists.debian.org/debian-security-announce/2021/msg00010.html">DSA 4831-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-26298">CVE-2020-26298</a>, for <a href="https://tracker.debian.org/pkg/ruby-redcarpet">ruby-redcarpet</a>.
For Debian 10 Buster, these problems have been fixed in version 3.4.0-4+deb10u1. The announcement was released by the Security Team.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/01/msg00016.html">DLA 2528-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3185">CVE-2021-3185</a>, for <a href="https://tracker.debian.org/pkg/gst-plugins-bad1.0">gst-plugins-bad1.0</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.10.4-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html">DLA 2529-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3181">CVE-2021-3181</a>, for <a href="https://tracker.debian.org/pkg/mutt">mutt</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.7.2-1+deb9u5.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2021/01/msg00019.html">DLA 2531-1</a>), fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-28473">CVE-2020-28473</a>, for <a href="https://tracker.debian.org/pkg/python-bottle">python-bottle</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 0.12.13-1+deb9u1.</li>
<li>Released <a href="https://tracker.debian.org/news/1225804/accepted-python-bottle-01215-2deb10u1-source-all-into-proposed-updates-stable-new-proposed-updates/">buster-pu update</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-28473">CVE-2020-28473</a>, for <a href="https://tracker.debian.org/pkg/python-bottle">python-bottle</a>.
For Debian 10 Buster, these problems have been fixed in version 0.12.15-2+deb10u1.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-344-1-apt/">ELA 344-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-27350">CVE-2020-27350</a>, for <a href="https://tracker.debian.org/pkg/apt">apt</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.0.9.8.7.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-346-1-wavpack/">ELA 346-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2016-10169">CVE-2016-10169</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2018-19840">CVE-2018-19840</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-1010319">CVE-2019-1010319</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-35738">CVE-2020-35738</a>, for <a href="https://tracker.debian.org/pkg/wavpack">wavpack</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 4.70.0-1+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-347-1-ruby-redcarpet/">ELA 347-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-26298">CVE-2020-26298</a>, for <a href="https://tracker.debian.org/pkg/ruby-redcarpet">ruby-redcarpet</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 3.1.2-1+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-348-1-gst-plugins-bad1.0/">ELA 348-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3185">CVE-2021-3185</a>, for <a href="https://tracker.debian.org/pkg/gst-plugins-bad1.0">gst-plugins-bad1.0</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.4.4-2.1+deb8u3.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-349-1-mutt/">ELA 349-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2021-3181">CVE-2021-3181</a>, for <a href="https://tracker.debian.org/pkg/mutt">mutt</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.5.23-3+deb8u5.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-350-1-python-bottle/">ELA 350-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-28473">CVE-2020-28473</a>, for <a href="https://tracker.debian.org/pkg/python-bottle">python-bottle</a>.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 28-12 until 03-01 and from 25-01 until 31-01 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/dropbear">dropbear</a>,
<a href="https://tracker.debian.org/pkg/gst-plugins-bad1.0">gst-plugins-bad1.0</a>,
<a href="https://tracker.debian.org/pkg/phpmyadmin">phpmyadmin</a>,
<a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/firefox-esr">firefox-esr</a>,
<a href="https://tracker.debian.org/pkg/thunderbird">thunderbird</a>,
<a href="https://tracker.debian.org/pkg/openldap">openldap</a>,
<a href="https://tracker.debian.org/pkg/libdatetime-timezone-perl">libdatetime-timezone-perl</a>,
<a href="https://tracker.debian.org/pkg/tzdata">tzdata</a>,
<a href="https://tracker.debian.org/pkg/jasper">jasper</a>,
<a href="https://tracker.debian.org/pkg/ckeditor">ckeditor</a>,
<a href="https://tracker.debian.org/pkg/liblivemedia">liblivemedia</a>,
<a href="https://tracker.debian.org/pkg/wavpack">wavpack</a>, and
<a href="https://tracker.debian.org/pkg/ruby-redcarpet">ruby-redcarpet</a>.</li>
<li>Marked CVE-2019-12953/dropbear as postponed for jessie.</li>
<li>Marked CVE-2019-12953/dropbear as postponed for stretch.</li>
<li>Marked CVE-2018-19841/wavpack as not-affected for jessie.</li>
<li>Marked CVE-2019-1010315/wavpack as not-affected for jessie.</li>
<li>Marked CVE-2019-1010317/wavpack as not-affected for jessie.</li>
<li>Marked CVE-2021-21252/phpmyadmin as no-dsa for stretch.</li>
<li>Marked CVE-2021-20196/qemu as postponed for stretch.</li>
<li>Marked CVE-2021-21252/phpmyadmin as no-dsa for jessie.</li>
<li>Marked CVE-2021-20196/qemu as postponed for jessie.</li>
<li>Marked CVE-2020-11947/qemu as postponed for jessie.</li>
<li>Marked CVE-2021-3326/glibc as no-dsa for jessie.</li>
<li>Marked CVE-2021-3326/glibc as no-dsa for stretch.</li>
<li>Marked CVE-2020-35517/qemu as not-affected instead of postponed for jessie.</li>
<li>Marked CVE-2021-2627{1,2}/ckeditor as postponed for jessie.</li>
<li>Marked CVE-2020-24027/liblivemedia as no-dsa for stretch.</li>
<li>Marked CVE-2021-2627{1,2}/ckeditor as postponed for stretch.</li>
<li>Auto EOL’ed csync2, firefox-esr, linux, thunderbird, collabtive, activemq, and xen for jessie.</li>
<li>Got my <strong>first ever</strong> CVE assigned - <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181">CVE-2021-3181</a> for mutt. Weeeehooooo! \o/</li>
<li>Attended the monthly LTS meeting. Logs <a href="https://meetbot.debian.net/debian-lts/2021/debian-lts.2021-01-28-14.58.html">here</a>.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2021/01/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<h2 id="interesting-bits">Interesting Bits!</h2>
<ul>
<li>
<p>This January, on 23rd and 24th, we had <a href="https://in2021.mini.debconf.org/">Mini DebConf India 2021 online</a>.<br>
I had a talk as well, titled, “<a href="https://in2021.mini.debconf.org/talks/18-why-point-releases-are-important-and-how-you-can-help-prepare-them/">Why Point Releases are important and how you can help
prepare them?</a>".</p>
<p>It was a fun and a very short talk, where I just list out the reasons and ways to help in
the preparation of “point releases”. I did some experimentation with this talk, figuring
out what works for the audience and what doesn’t and where can I improve for the next time
I talk about this topic! \o/<br>
You can listen to the talk <a href="https://ftp.acc.umu.se/pub/debian-meetings/2021/MiniDebConf-India/18-why-point-releases-are-important-and-how-you-can-help-prepare-them.webm">here</a>
and let me know if you have any feedback!</p>
<p>Anyway, the conference lasted for 2 days and I also did some volunteering (talk director,
talk miester) in Hindi and English, both! It was all so fun and new. Anyway, here’s the picture we took:
<img src="https://utkarsh2102.org/images/minidebconf_india2021.png#center" alt=""></p>
</li>
<li>
<p>In another exciting news, I got my first CVE assigned!!! \o/<br>
No, it is not something that I found, it was discovered by Tavis Ormandy. I just assigned
this a CVE ID, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181">CVE-2021-3181</a>.<br>
This is my first, so I am very excited about this! ^_^</p>
</li>
<li>
<p>Besides, there’s something more that is in the pipelines. Can’t talk about it now, shh. But
hopefully very sooooooon!</p>
</li>
</ul>
<hr>
<h2 id="other-things-o">Other $things! \o/</h2>
<p>This month was tiresome, with most of the time being spent on the Debian stuff, I did
very little work outside it, really. The issues and patches that I sent are:</p>
<ul>
<li><a href="https://github.com/vmg/redcarpet/issues/700">Issue #700</a> for redcarpet, asking for a reproducer for CVE-2020-26298 and some additional patch related queries.</li>
<li><a href="https://github.com/samwoods1/in-parallel/issues/7">Issue #7</a> for in-parallel, asking them to not use relative paths for tests.</li>
<li><a href="https://github.com/samwoods1/in-parallel/issues/8">Issue #8</a> for in-parallel, reporting a test failure for the library.</li>
<li><a href="https://github.com/jruby/rake-ant/issues/2">Issue #2</a> for rake-ant, asking them to bump their dependencies to a newer version.</li>
<li><a href="https://github.com/jruby/rake-ant/pull/3">PR #3</a> for rake-ant, bumping the dependencies to a newer version, fixing the above issue, heh.</li>
<li><a href="https://github.com/jruby/rake-ant/issues/4">Issue #4</a> for rake-ant, requesting to drop <code>git</code> from their gemspec.</li>
<li><a href="https://github.com/jruby/rake-ant/pull/5">PR #5</a> for rake-ant, dropping <code>git</code> from gemspec, fixing the above issue, heh.</li>
<li><a href="https://github.com/dbry/WavPack/issues/95">Issue #95</a> for WavPack, asking for a review of past security vulnerabilites wrt v4.70.0.</li>
<li>Reviewed <a href="https://github.com/openid/ruby-openid/pull/128">PR #128</a> for ruby-openid, addressing the past regression with CVE fix merge.</li>
<li>Reviewed <a href="https://github.com/CocoaPods/cocoapods-acknowledgements/pull/63">PR #63</a> for cocoapods-acknowledgements, updating redcarpet to v3.5.1, as a safety measure due to recently discovered vulnerability.</li>
<li><a href="https://github.com/bottlepy/bottle/issues/1331">Issue #1331</a> for bottle, asking for relevant commits for CVE-2020-28473 and clarifying other things.</li>
<li><a href="https://github.com/libc/em-redis/issues/5">Issue #5</a> for em-redis, reporting test failures on IPv6-only build machines.</li>
<li><a href="https://github.com/eventmachine/eventmachine/issues/939">Issue #939</a> for eventmachine, reporting test failures for em-redis on IPv6-only build machines.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in December 2020 https://utkarsh2102.org/posts/foss-in-dec-20/Wed, 30 Dec 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-dec-20/ <p>Here’s my (fifteenth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 24th month of contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March last year and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> last Christmas! \o/</p>
<p>Amongs a lot of things, this was month was crazy, hectic, adventerous, and the last of 2020 – more on some parts later this month.<br>
I finally finished my 7th semester (FTW!) and moved onto my last one! That said, I had been busy with other things™ but still did a bunch of Debian stuff</p>
<p>Here are the following things I did this month:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/leiningen-clojure">leiningen-clojure</a> (2.9.1-3) - Fixing FTBFS, <a href="https://bugs.debian.org/973094">bug #973094</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-gh">ruby-gh</a> (0.18.0-2) - Fixing FTBFS, <a href="https://bugs.debian.org/976163">bug #976163</a>.</li>
<li><a href="https://tracker.debian.org/pkg/libgit2">libgit2</a> (1.0.1+dfsg.1-3) - libgit2 transition; cf: <a href="https://bugs.debian.org/971571">bug #971571</a>.</li>
<li><a href="https://tracker.debian.org/pkg/libgit-raw-perl">libgit-raw-perl</a> (0.87+ds-1) - Transition upload for <a href="https://bugs.debian.org/971567">bug #971567</a>.</li>
<li><a href="https://tracker.debian.org/pkg/python-pygit2">python-pygit2</a> (1.3.0+dfsg1-2) - Transition upload for <a href="https://bugs.debian.org/971564">bug #971564</a>.</li>
<li><a href="https://tracker.debian.org/pkg/golang-gopkg-libgit2-git2go.v30">golang-gopkg-libgit2-git2go.v30</a> (30.3.2-1) - Transition upload for <a href="https://bugs.debian.org/976522">bug #976522</a>.</li>
<li><a href="https://tracker.debian.org/pkg/libgit2">libgit2</a> (1.1.0+dfsg.1-1) - New upstream version, v1.1.0.</li>
<li><a href="https://tracker.debian.org/pkg/golang-gopkg-libgit2-git2go.v31">golang-gopkg-libgit2-git2go.v31</a> (31.4.3-1) - Transition upload for <a href="https://bugs.debian.org/976522">bug #976522</a>.</li>
<li><a href="https://tracker.debian.org/pkg/libgit2">libgit2</a> (1.1.0+dfsg.1-2) - libgit2 transition; cf: <a href="https://bugs.debian.org/971571">bug #971571</a>.</li>
<li><a href="https://tracker.debian.org/pkg/python-pygit2">python-pygit2</a> (1.4.0+dfsg1-1) - New upstream version, v1.4.0.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rugged">ruby-rugged</a> (1.1.0+ds-1) - Transition upload for <a href="https://bugs.debian.org/971565">bug #971565</a>.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.0.3.4+dfsg-2) - Fixes for <a href="https://bugs.debian.org/976291">bug #976291</a> and <a href="https://bugs.debian.org/974065">974065</a>. Thanks, Praveen!</li>
<li><a href="https://tracker.debian.org/pkg/ruby3.0">ruby3.0</a> (3.0.0~preview2-1) - New upstream version, v3.0.0~preview2.</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-robertkrimen-otto">golang-github-robertkrimen-otto</a> (0.0~git20200922.ef014fd-1) - Fixing FTBFS, <a href="https://bugs.debian.org/976549">bug #976549</a>.</li>
<li><a href="https://tracker.debian.org/pkg/bidi-clojure">bidi-clojure</a> (2.1.3-2) - Fixing FTBFS, <a href="https://bugs.debian.org/975224">bug #975224</a>.</li>
<li><a href="https://tracker.debian.org/pkg/comidi-clojure">comidi-clojure</a> (0.3.2-2) - Fixing FTBFS, <a href="https://bugs.debian.org/975218">bug #975218</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby3.0">ruby3.0</a> (3.0.0~rc1-1) - New upstream version, v3.0.0~rc1.</li>
<li><a href="https://tracker.debian.org/pkg/polybar">polybar</a> (3.5.3-1) - New upstream version, v3.5.3.</li>
<li><a href="https://tracker.debian.org/pkg/ruby3.0">ruby3.0</a> (3.0.0-1) - New upstream version, v3.0.0. Merry Christmas! \o/</li>
<li><a href="https://tracker.debian.org/pkg/pathetic-clojure">pathetic-clojure</a> (0.5.1-2) - Source-only upload for migration.</li>
<li><a href="https://tracker.debian.org/pkg/url-clojure">url-clojure</a> (0.1.1-2) - Source-only upload for migration.</li>
<li><a href="https://tracker.debian.org/pkg/libgit2">libgit2</a> (1.1.0+dfsg.1-3) - Fix for <a href="https://bugs.debian.org/972574">bug #972574</a>. Thanks, Cedric!</li>
<li><a href="https://tracker.debian.org/pkg/ruby-paper-trail">ruby-paper-trail</a> (11.1.0-1) - New upstream version, 11.1.0.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Attended the Debian Ruby team meeting.</li>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>golang-github-gorilla-css</code> for Fedrico.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my fifteenth month as a Debian LTS and sixth month as a Debian ELTS paid contributor.<br>
I was assigned 26.00 hours for LTS and 38.25 hours for ELTS and worked on the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html">DLA 2474-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-28928">CVE-2020-28928</a>, for <a href="https://tracker.debian.org/pkg/musl">musl</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.1.16-3+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html">DLA 2481-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25709">CVE-2020-25709</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-25710">CVE-2020-25710</a>, for <a href="https://tracker.debian.org/pkg/openldap">openldap</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 2.4.44+dfsg-5+deb9u6.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00010.html">DLA 2484-1</a>, fixing <a href="https://bugs.debian.org/969126">#969126</a>, for <a href="https://tracker.debian.org/pkg/python-certbot">python-certbot</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 0.28.0-1~deb9u3.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00013.html">DLA 2487-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-27350">CVE-2020-27350</a>, for <a href="https://tracker.debian.org/pkg/apt">apt</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.4.11. The update was prepared by the maintainer, Julian.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00014.html">DLA 2488-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-27351">CVE-2020-27351</a>, for <a href="https://tracker.debian.org/pkg/python-apt">python-apt</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.4.2. The update was prepared by the maintainer, Julian.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00022.html">DLA 2495-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-17527">CVE-2020-17527</a>, for <a href="https://tracker.debian.org/pkg/tomcat8">tomcat8</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 8.5.54-0+deb9u5.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00037.html">DLA 2488-2</a>, for <a href="https://tracker.debian.org/pkg/python-apt">python-apt</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.4.3. The update was prepared by the maintainer, Julian.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00038.html">DLA 2508-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-35730">CVE-2020-35730</a>, for <a href="https://tracker.debian.org/pkg/roundcube">roundcube</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.2.3+dfsg.1-4+deb9u8. The update was prepared by the maintainer, Guilhem.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-324-1-musl/">ELA 324-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-28928">CVE-2020-28928</a>, for <a href="https://tracker.debian.org/pkg/musl">musl</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.1.5-2+deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-325-1-mutt/">ELA 325-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-28896">CVE-2020-28896</a>, for <a href="https://tracker.debian.org/pkg/mutt">mutt</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.5.23-3+deb8u4.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-327-1-openldap/">ELA 327-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25709">CVE-2020-25709</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-25710">CVE-2020-25710</a>, for <a href="https://tracker.debian.org/pkg/openldap">openldap</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.4.40+dfsg-1+deb8u8.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-335-1-flac/">ELA 335-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-0499">CVE-2020-0499</a>, for <a href="https://tracker.debian.org/pkg/flac">flac</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.3.0-3+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-340-1-cairo/">ELA 340-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-35492">CVE-2020-35492</a>, for <a href="https://tracker.debian.org/pkg/cairo">cairo</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.14.0-2.1+deb8u3.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 21-12 until 27-12 and from 28-12 until 03-01 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/openldap">openldap</a>,
<a href="https://tracker.debian.org/pkg/python-certbot">python-certbot</a>,
<a href="https://tracker.debian.org/pkg/lemonldap-ng">lemonldap-ng</a>,
<a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/gdm3">gdm3</a>,
<a href="https://tracker.debian.org/pkg/open-iscsi">open-iscsi</a>,
<a href="https://tracker.debian.org/pkg/gobby">gobby</a>,
<a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a>,
<a href="https://tracker.debian.org/pkg/wavpack">wavpack</a>,
<a href="https://tracker.debian.org/pkg/cairo">cairo</a>,
<a href="https://tracker.debian.org/pkg/nsd">nsd</a>,
<a href="https://tracker.debian.org/pkg/tomcat8">tomcat8</a>, and
<a href="https://tracker.debian.org/pkg/bountycastle">bountycastle</a>.</li>
<li>Marked CVE-2020-17527/tomcat8 as not-affected for jessie.</li>
<li>Marked CVE-2020-28052/bountycastle as not-affected for jessie.</li>
<li>Marked CVE-2020-14394/qemu as postponed for jessie.</li>
<li>Marked CVE-2020-35738/wavpack as not-affected for jessie.</li>
<li>Marked CVE-2020-3550{3-6}/qemu as postponed for jessie.</li>
<li>Marked CVE-2020-3550{3-6}/qemu as postponed for stretch.</li>
<li>Marked CVE-2020-16093/lemonldap-ng as no-dsa for stretch.</li>
<li>Marked CVE-2020-27837/gdm3 as no-dsa for stretch.</li>
<li>Marked CVE-2020-{13987, 13988, 17437}/open-iscsi as no-dsa for stretch.</li>
<li>Marked CVE-2020-35450/gobby as no-dsa for stretch.</li>
<li>Marked CVE-2020-35728/jackson-databind as no-dsa for stretch.</li>
<li>Marked CVE-2020-28935/nsd as no-dsa for stretch.</li>
<li>Auto EOL’ed libpam-tacplus, open-iscsi, wireshark, gdm3, golang-go.crypto, jackson-databind, spotweb, python-autobahn, asterisk, nsd, ruby-nokogiri, linux, and motion for jessie.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2020/12/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<h2 id="other-things-o">Other $things! \o/</h2>
<h4 id="bugs-and-patches">Bugs and Patches</h4>
<p>Well, I did report some bugs and issues and also sent some patches:</p>
<ul>
<li><a href="https://github.com/jamesgeorge007/github-activity-readme/issues/44">Issue #44</a> for github-activity-readme, asking for a feature request to set custom committer’s email address.</li>
<li><a href="https://github.com/libgit2/git2go/issues/711">Issue #711</a> for git2go, reporting build failure for the library.</li>
<li><a href="https://github.com/toshimaru/rubocop-rails_config/pull/89">PR #89</a> for rubocop-rails_config, bumping <code>RuboCop::Packaging</code> to v0.5.</li>
<li><a href="https://github.com/utkarsh2102/rubocop-packaging/issues/36">Issue #36</a> for rubocop-packaging, asking to try out mutant :)</li>
<li><a href="https://github.com/cucumber/cucumber-ruby-core/pull/212">PR #212</a> for cucumber-ruby-core, bumping <code>RuboCop::Packaging</code> to v0.5.</li>
<li><a href="https://github.com/cucumber/cucumber-ruby-core/pull/213">PR #213</a> for cucumber-ruby-core, enabling <code>RuboCop::Packaging</code>.</li>
<li><a href="https://github.com/amedrz/behance/issues/19">Issue #19</a> for behance, asking to relax constraints on <code>faraday</code> and <code>faraday_middleware</code>.</li>
<li><a href="https://github.com/utkarsh2102/rubocop-packaging/pull/37">PR #37</a> for rubocop-packaging, enabling tests against ruby3.0! \o/</li>
<li><a href="https://github.com/cucumber/cucumber-rails/pull/489">PR #489</a> for cucumber-rails, bumping <code>RuboCop::Packaging</code> to v0.5.</li>
<li><a href="https://github.com/Nheko-Reborn/nheko/issues/362">Issue #362</a> for nheko, reporting a crash when opening the application.</li>
<li><a href="https://github.com/paper-trail-gem/paper_trail/pull/1282">PR #1282</a> for paper_trail, adding <code>RuboCop::Packaging</code> amongst other used extensions.</li>
<li><a href="https://bugs.debian.org/978640">Bug #978640</a> for nheko Debian package, reporting a crash, as a result of libfmt7 regression.</li>
</ul>
<h4 id="misc-and-fun">Misc and Fun</h4>
<p>Besides squashing bugs and submitting patches, I did some other things as well!</p>
<ul>
<li>Participated in my first <a href="https://adventofcode.com/">Advent of Code</a> event! :)<br>
Whilst it was indeed fun, I didn’t really complete it. No reason, really. But I’ll definitely come back stronger next year, heh! :)<br>
All the solutions thus far could be found <a href="https://github.com/utkarsh2102/AdventOfCode/">here</a>.</li>
<li>Did a couple of reviews for some PRs and triaged some bugs here and there, meh.</li>
<li>Also did some cloud debugging, not so fun if you ask me, but cool enough to make me want to do it again! ^_^</li>
<li>Worked along with pollo, zigo, ehashman, rlb, et al for puppet and puppetserver in Debian. OMG, they’re so lovely! <3</li>
<li>Ordered some interesting books to read January onward. New year resolution? Meh, not really. Or maybe. But nah.</li>
<li>Also did some interesting stuff this month but can’t really talk about it now. Hopefully sooooon.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in November 2020 https://utkarsh2102.org/posts/foss-in-nov-20/Mon, 30 Nov 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-nov-20/ <p>Here’s my (fourteenth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 23rd month of contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March last year and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> last Christmas! \o/</p>
<p>Apart from doing a bunch of activities like attending KubeCon + RubyConf (blog to follow!), et al and simultaneously giving
my undergrad exams, I did (relatively) more work than I had really anticipated!</p>
<p>Here are the following things I did in Debian this month:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/slingshot-clojure">slingshot-clojure</a> (0.12.2-3) - Fix for <a href="https://bugs.debian.org/891311">bug #891311</a>.</li>
<li><a href="https://tracker.debian.org/pkg/clj-stacktrace-clojure">clj-stacktrace-clojure</a> (0.2.7-1) - New upstream version, v0.2.7, fixing <a href="https://bugs.debian.org/852249">bug #852249</a>.</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-xo-terminfo">golang-github-xo-terminfo</a> (0.0~git20200218.454e5b6-2) - New package + source-only upload.</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-zyedidia-tcell">golang-github-zyedidia-tcell</a> (2.0.6-1) - New upstream version, v2.0.6.</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-zyedidia-clipboard">golang-github-zyedidia-clipboard</a> (1.0.3-1) - New upstream version, 1.0.3.</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.8-1) - New upstream version, v2.0.8. Finally! \o/</li>
<li><a href="https://tracker.debian.org/pkg/ruby-zeitwerk">ruby-zeitwerk</a> (2.4.2-1) - New upstream version, v2.4.2.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Attended the Debian Ruby team meeting.</li>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>phpmyadmin</code> for William and <code>libexif</code> for Hugh.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my fourteenth month as a Debian LTS and fifth month as a Debian ELTS paid contributor.<br>
I was assigned 22.75 hours for LTS and 45.00 hours for ELTS and worked on the following things:<br>
(for ELTS, I worked for 5.25 hours last month, so I had to work for 39.75 (+1 extra) hours this month)<br>
(also, I did over-work by 5.00 hours for LTS this month, but I’ll re-compensate it later to avoid so much fuss!)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00000.html">DLA 2425-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25692">CVE-2020-25692</a>, for <a href="https://tracker.debian.org/pkg/openldap">openldap</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 2.4.44+dfsg-5+deb9u5.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00001.html">DLA 2427-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-14355">CVE-2020-14355</a>, for <a href="https://tracker.debian.org/pkg/spice">spice</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 0.12.8-2.1+deb9u4.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00002.html">DLA 2428-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-14355">CVE-2020-14355</a>, for <a href="https://tracker.debian.org/pkg/spice-gtk">spice-gtk</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 0.33-3.3+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html">DLA 2429-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-28032">CVE-2020-28032</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28033">CVE-2020-28033</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28034">CVE-2020-28034</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28035">CVE-2020-28035</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28036">CVE-2020-28036</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28037">CVE-2020-28037</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28038">CVE-2020-28038</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-28039">CVE-2020-28039</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-28040">CVE-2020-28040</a>, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 4.7.19+dfsg-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00005.html">DLA 2430-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-15238">CVE-2020-15238</a>, for <a href="https://tracker.debian.org/pkg/blueman">blueman</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 2.0.4-1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00013.html">DLA 2439-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-0452">CVE-2020-0452</a>, for <a href="https://tracker.debian.org/pkg/libexif">libexif</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 0.6.21-2+deb9u5.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00017.html">DLA 2443-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-15166">CVE-2020-15166</a>, for <a href="https://tracker.debian.org/pkg/zeromq3">zeromq3</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 4.2.1-4+deb9u3.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html">DLA 2444-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8037">CVE-2020-8037</a>, for <a href="https://tracker.debian.org/pkg/tcpdump">tcpdump</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 4.9.3-1~deb9u2.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-306-1-openldap/">ELA 306-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25692">CVE-2020-25692</a>, for <a href="https://tracker.debian.org/pkg/openldap">openldap</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.4.40+dfsg-1+deb8u7.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-310-1-libexif/">ELA 310-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-0452">CVE-2020-0452</a>, for <a href="https://tracker.debian.org/pkg/libexif">libexif</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 0.6.21-2+deb8u5.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-311-1-tcpdump/">ELA 311-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8037">CVE-2020-8037</a>, for <a href="https://tracker.debian.org/pkg/tcpdump">tcpdump</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 4.9.3-1~deb8u2.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-312-1-tzdata/">ELA 312-1</a>, backporting a new upstream release, 2020d, for <a href="https://tracker.debian.org/pkg/tzdata">tzdata</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2020d-0+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-313-1-zeromq3/">ELA 313-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-15166">CVE-2020-15166</a>, for <a href="https://tracker.debian.org/pkg/zeromq3">zeromq3</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 4.0.5+dfsg-2+deb8u3.</li>
<li>Prepared a debdiff for lxml (3.4.0-1+deb8u2) upload, which Emilio completed and rolled out later.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 26-10 until 01-10 and from 23-11 until 29-11 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/openldap">openldap</a>,
<a href="https://tracker.debian.org/pkg/python-cryptography">python-cryptography</a>,
<a href="https://tracker.debian.org/pkg/motion">motion</a>,
<a href="https://tracker.debian.org/pkg/nvidia-cuda-toolkit">nvidia-cuda-toolkit</a>,
<a href="https://tracker.debian.org/pkg/samba">samba</a>,
<a href="https://tracker.debian.org/pkg/lxml">lxml</a>,
<a href="https://tracker.debian.org/pkg/highlight.js">highlight.js</a>,
<a href="https://tracker.debian.org/pkg/imagemagick">imagemagick</a>,
<a href="https://tracker.debian.org/pkg/mongodb">mongodb</a>,
<a href="https://tracker.debian.org/pkg/poppler">poppler</a>,
<a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>,
<a href="https://tracker.debian.org/pkg/raptor2">raptor2</a>, and
<a href="https://tracker.debian.org/pkg/blueman">blueman</a>.</li>
<li>Marked CVE-2020-25659/python-cryptography as no-dsa for Stretch and Jessie.</li>
<li>Marked CVE-2020-25713/raptor2 as postponed for Stretch and Jessie.</li>
<li>Marked CVE-2020-27778/poppler as postponed for Stretch and Jessie.</li>
<li>Marked CVE-2020-5991/nvidia-cuda-toolkit as ignored for Stretch.</li>
<li>Marked CVE-2020-26566/motion as not-affected for Stretch.</li>
<li>Marked CVE-2020-26237/highlight.js as postponed for Jessie.</li>
<li>Auto EOL’ed libpam-tacplus, motion, blueman, openrc, webcit, wordpress, linux, nvidia-cuda-toolkit, spip, and wireshark for Jessie.</li>
<li>Attended the sevent LTS meeting. Logs <a href="https://meetbot.debian.net/debian-lts/2020/debian-lts.2020-11-26-14.59.html">here</a>.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2020/11/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in October 2020 https://utkarsh2102.org/posts/foss-in-oct-20/Fri, 30 Oct 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-oct-20/ <p>Here’s my (thirteenth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 22nd month of contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March last year and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> last Christmas! \o/</p>
<p>Whilst busy with my undergrad, I could still take some time out for contributing to Debian (I always do!).
Here are the following things I did in Debian this month:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby-mini-magick">ruby-mini-magick</a> (4.10.1-1) - Fixing FTBFS, <a href="https://bugs.debian.org/966936">bug #966936</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a> (2.7.1-4) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25613">CVE-2020-25613</a>.</li>
<li><a href="https://tracker.debian.org/pkg/net-tools">net-tools</a> (1.60+git20181103.0eebece-1) - Fixing bug <a href="https://bugs.debian.org/812886">#812886</a>, <a href="https://bugs.debian.org/653117">#653117</a>, <a href="https://bugs.debian.org/621752">#621752</a>, and <a href="https://bugs.debian.org/549397">#549397</a>.</li>
<li><a href="https://tracker.debian.org/pkg/libgit2">libgit2</a> (1.0.1+dfsg.1-1) - New upstream version, v1.0.1.</li>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.0.3.4+dfsg-1) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8264">CVE-2020-8264</a>/<a href="https://bugs.debian.org/971988">bug #971988</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a> (2.7.2-1) - New upstream version, v2.7.2.</li>
<li><a href="https://tracker.debian.org/pkg/bundler">bundler</a> (2.1.4-3) - Fixing <a href="https://bugs.debian.org/962463">bug #962463</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby2.5">ruby2.5</a> (2.5.5-3+deb10u3) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25613">CVE-2020-25613</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby2.7">ruby2.7</a> (2.7.2-2) - Fixing bug <a href="https://bugs.debian.org/970469">#970469</a>, <a href="https://bugs.debian.org/969130">#969130</a>, and <a href="https://bugs.debian.org/968203">#968203</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby3.0">ruby3.0</a> (3.0.0~preview1-1) - Introducing ruby3.0, FTW!</li>
<li><a href="https://tracker.debian.org/pkg/ruby-mysql2">ruby-mysql2</a> (0.5.3-1) - Fixing FTBFS, <a href="https://bugs.debian.org/923727">bug #923727</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-packaging">ruby-rubocop-packaging</a> (0.5.1-1) - Make it compatible with RuboCop v1.0.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Attended the Debian Ruby team meeting. Logs <a href="https://meetbot.debian.net/debian-ruby/2020/debian-ruby.2020-10-02-16.37.html">here</a>.</li>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>phpmyadmin</code>, <code>php-bacon-baconqrcode</code>, <code>twig</code>, <code>php-dasprid-enum</code>, <code>sql-parser</code>, and <code>mariadb-mysql-kbs</code> for William.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my thirteenth month as a Debian LTS and fourth month as a Debian ELTS paid contributor.<br>
I was assigned 20.75 hours for LTS and 30.00 hours for ELTS and worked on the following things:<br>
(for ELTS, I worked for 5.25 hours extra, so my total hours this month for ELTS were 35.25!)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/10/msg00000.html">DLA 2389-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-18978">CVE-2019-18978</a>, for <a href="https://tracker.debian.org/pkg/ruby-rack-cors">ruby-rack-cors</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 0.4.0-1+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/10/msg00001.html">DLA 2390-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-18848">CVE-2019-18848</a>, for <a href="https://tracker.debian.org/pkg/ruby-json-jwt">ruby-json-jwt</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.6.2-1+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/10/msg00002.html">DLA 2391-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25613">CVE-2020-25613</a>, for <a href="https://tracker.debian.org/pkg/ruby2.3">ruby2.3</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 2.3.3-1+deb9u9.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/10/msg00003.html">DLA 2392-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25613">CVE-2020-25613</a>, for <a href="https://tracker.debian.org/pkg/jruby">jruby</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.7.26-1+deb9u3.</li>
<li>Uploaded ruby2.5 to buster, fixing CVE-2020-25613.
For Debian 10 Buster, these problems have been fixed in version 2.5.5-3+deb10u3.</li>
<li>Uploaded ruby2.7 to unstable, fixing CVE-2020-25613.
For Debian Sid, these problems have been fixed in version 2.7.1-4.</li>
<li>Uploaded rails to unstable, fixing CVE-2020-8264.
For Debian Sid, these problems have been fixed in version 2:6.0.3.4+dfsg-1.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-290-1-ruby2.1/">ELA 290-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-25613">CVE-2020-25613</a>, for <a href="https://tracker.debian.org/pkg/ruby2.1">ruby2.1</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.1.5-2+deb8u11.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-292-1-libonig/">ELA 292-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-26159">CVE-2020-26159</a>, for <a href="https://tracker.debian.org/pkg/libonig">libonig</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 5.9.5-3.2+deb8u5.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-297-1-packagekit/">ELA 297-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-16121">CVE-2020-16121</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-16122">CVE-2020-16122</a>, for <a href="https://tracker.debian.org/pkg/packagekit">packagekit</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.0.1-2+deb8u1.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-298-1-spice/">ELA 298-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-14355">CVE-2020-14355</a>, for <a href="https://tracker.debian.org/pkg/spice">spice</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 0.12.5-1+deb8u8.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-299-1-spice-gtk/">ELA 299-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-14355">CVE-2020-14355</a>, for <a href="https://tracker.debian.org/pkg/spice-gtk">spice-gtk</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 0.25-1+deb8u2.</li>
<li>Started working on openldap vulnerabilities, CVEs are yet to be assigned.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 28-09 to 04-10 and from 26-10 until 01-10 for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/libproxy">libproxy</a>,
<a href="https://tracker.debian.org/pkg/libvirt">libvirt</a>,
<a href="https://tracker.debian.org/pkg/libonig">libonig</a>,
<a href="https://tracker.debian.org/pkg/ant">ant</a>,
<a href="https://tracker.debian.org/pkg/erlang">erlang</a>,
<a href="https://tracker.debian.org/pkg/ruby2.3">ruby2.3</a>,
<a href="https://tracker.debian.org/pkg/jruby">jruby</a>,
<a href="https://tracker.debian.org/pkg/dpdk">dpdk</a>,
<a href="https://tracker.debian.org/pkg/php7.0">php7.0</a>,
<a href="https://tracker.debian.org/pkg/spice">spice</a>,
<a href="https://tracker.debian.org/pkg/spice-gtk">spice-gtk</a>,
<a href="https://tracker.debian.org/pkg/wireshark">wireshark</a>,
<a href="https://tracker.debian.org/pkg/djangorestframework">djangorestframework</a>,
<a href="https://tracker.debian.org/pkg/python-urllib3">python-urllib3</a>,
<a href="https://tracker.debian.org/pkg/python-cryptography">python-cryptography</a>,
<a href="https://tracker.debian.org/pkg/qtsvg-opensource-src">qtsvg-opensource-src</a>, and
<a href="https://tracker.debian.org/pkg/open-build-service">open-build-service</a>.</li>
<li>Marked CVE-2020-26137/python-urllib3 as no-dsa for Stretch and Jessie.</li>
<li>Marked CVE-2020-1437{4,5,6,7,8}/dpdk as no-dsa for Stretch.</li>
<li>Marked CVE-2020-2586{2,3}/wireshark as postponed for Stretch.</li>
<li>Marked CVE-2020-25626/djangorestframework as no-dsa for Stretch.</li>
<li>Marked CVE-2020-11979/ant as not-affected for Jessie.</li>
<li>Marked CVE-2020-25623/erlang as not-affected for Jessie.</li>
<li>Marked CVE-2020-25659/python-cryptography as no-dsa for Stretch and Jessie.</li>
<li>Auto EOL’ed jruby, libjs-handlebars, linux, pluxml, mupdf, and djangorestframework for Jessie.</li>
<li>[E/LTS] Worked on putting survey online, deployed <a href="https://lts-team.pages.debian.net/">LTS Team Pages</a> \o/</li>
<li>[ELTS] Fix suite-name in ela-needed file and fix other tags and ordering of triages to fix errors in the security tracker.</li>
<li>[LTS] Sent out invitations for the meeting.</li>
<li>Attended the sixth private LTS meeting.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2020/10/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in September 2020 https://utkarsh2102.org/posts/foss-in-sept-20/Wed, 30 Sep 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-sept-20/ <p>Here’s my (twelfth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 21st month of contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March last year and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> last Christmas! \o/</p>
<p>I’ve been busy with my undergraduation stuff but I still squeezed out some time for the regular Debian work.
Here are the following things I did in Debian this month:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.0.3.3+dfsg-1) - Fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-15169">CVE-2020-15169</a>/<a href="https://bugs.debian.org/970040">bug #970040</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-openid-connect">ruby-openid-connect</a> (1.1.8-1) - New upstream version, v1.1.8.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-mini-magick">ruby-mini-magick</a> (4.10.1-1) - Fixing FTBFS, <a href="https://bugs.debian.org/966936">bug #966936</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-open-graph-reader">ruby-open-graph-reader</a> (0.7.0+dfsg-1) - New upstream version, v0.7.0.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-string-direction">ruby-string-direction</a> (1.2.2-1) - New upstream version, v1.2.2.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-jquery-rails">ruby-jquery-rails</a> (4.3.5-1) - New upstream version, v4.3.5.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-leaflet-rails">ruby-leaflet-rails</a> (1.6.0+dfsg-1) - New upstream version, v1.6.0.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-jquery-rails">ruby-jquery-rails</a> (4.3.5-2) - Fixing FTBFS, <a href="https://bugs.debian.org/956604">bug #956604</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-packaging">ruby-rubocop-packaging</a> (0.5.0-1) - Add support for auto-correct.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Attended the Debian Ruby team meeting. Logs <a href="https://meetbot.debian.net/debian-ruby/2020/debian-ruby.2020-09-04-16.29.html">here</a>.</li>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>trace-cmd</code> for Sudip, <code>ruby-asset-sync</code> for Nilesh, and <code>mariadb-mysql-kbs</code> for William.</li>
</ul>
<hr>
<h2 id="rubocoppackaging---helping-the-debian-ruby-team-o">RuboCop::Packaging - Helping the Debian Ruby team! \o/</h2>
<p><img src="https://utkarsh2102.org/images/debian_ruby.png#center" alt=""></p>
<p>This <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a>, I worked on writing a linter that could flag offenses for lines of code
that are very troublesome for Debian maintainers while trying to package and maintain Ruby libraries and applications!</p>
<p>Whilst the GSoC period is over, I’ve been working on improving that tool and have extended that linter to now “auto-correct” these offenses
by itself! \o/<br>
You can now just use the <code>-A</code> flag and you’re done! Boom! The ultimate game-changer!</p>
<p>Here’s a quick demo for this feature:</p>
<p><img src="https://utkarsh2102.org/images/packaging_autocorrector.gif#gif" alt=""></p>
<p>A few quick updates on <a href="https://github.com/utkarsh2102/rubocop-packaging">RuboCop::Packaging</a>:</p>
<ul>
<li>Has 4 cops, solving 4 different issues.</li>
<li>3 of them support auto-correction. Just use the <code>-A</code> flag.</li>
<li>5 releases so far, latest being v0.5.0.</li>
<li>GitHub Repository: <a href="https://github.com/utkarsh2102/rubocop-packaging/">https://github.com/utkarsh2102/rubocop-packaging/</a></li>
<li>Release notes: <a href="https://github.com/utkarsh2102/rubocop-packaging/releases/">https://github.com/utkarsh2102/rubocop-packaging/releases/</a></li>
<li>Documentation: <a href="https://docs.rubocop.org/rubocop-packaging/">https://docs.rubocop.org/rubocop-packaging/</a></li>
<li>Style guide: <a href="https://packaging.rubystyle.guide/">https://packaging.rubystyle.guide/</a></li>
<li>Being used by over <a href="https://github.com/utkarsh2102/rubocop-packaging/network/dependents">55 projects</a>! \o/</li>
</ul>
<p>I’ve also spent a considerable amount of time in raising awareness about this and in more general sense, about downstream maintenance.<br>
As a result, I raised a bunch of PRs which got really good response. I got <a href="https://github.com/utkarsh2102?tab=overview&from=2020-09-01&to=2020-09-30">all of the 20 PRs merged upstream</a>,
fixing these issues.</p>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my twelfth month as a Debian LTS and third month as a Debian ELTS paid contributor.<br>
I was assigned 19.75 hours for LTS and 15.00 hours for ELTS and worked on the following things:<br>
(for LTS, I over-worked for 11 hours last month on the survey so only had 8.75 hours this month!)</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html">DLA 2362-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-11984">CVE-2020-11984</a>, for <a href="https://tracker.debian.org/pkg/uwsgi">uwsgi</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 2.0.14+20161117-3+deb9u3.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/09/msg00002.html">DLA 2363-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-17446">CVE-2020-17446</a>, for <a href="https://tracker.debian.org/pkg/asyncpg">asyncpg</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 0.8.4-1+deb9u1.</li>
<li>Started working on <a href="https://tracker.debian.org/pkg/ruby-kaminari">ruby-kaminari</a>, <a href="https://tracker.debian.org/pkg/ruby-rack-cors">ruby-rack-cors</a>, and <a href="https://tracker.debian.org/pkg/ruby-json-jwt">ruby-json-jwt</a>.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-274-1-uwsgi">ELA 274-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-11984">CVE-2020-11984</a>, for <a href="https://tracker.debian.org/pkg/uwsgi">uwsgi</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.0.7-1+deb8u3.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-275-1-libx11">ELA 275-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-14363">CVE-2020-14363</a>, for <a href="https://tracker.debian.org/pkg/libx11">libx11</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2:1.6.2-3+deb8u4.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-278-1-ruby-rack">ELA 278-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8184">CVE-2020-8184</a>, for <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1.5.2-3+deb8u4.</li>
<li>Also worked on updating the version of <a href="https://tracker.debian.org/pkg/clamav">clamAV</a> from v0.101.5 to v0.102.4.<br>
This was a bit tricky package to work on since it involved an ABI/API change and was more or less a transition.
Super thanks to Emilio for his invaluable help and him taking over the package, finishing, and uploading it in the end.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Front-desk duty from 31-08 to 06-09 and from 28-09 onward for both LTS and ELTS.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/apache2">apache2</a>,
<a href="https://tracker.debian.org/pkg/cryptsetup">cryptsetup</a>,
<a href="https://tracker.debian.org/pkg/nasm">nasm</a>,
<a href="https://tracker.debian.org/pkg/node-bl">node-bl</a>,
<a href="https://tracker.debian.org/pkg/plinth">plinth</a>,
<a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/rsync">rsync</a>,
<a href="https://tracker.debian.org/pkg/ruby-doorkeeper">ruby-doorkeeper</a>, and
<a href="https://tracker.debian.org/pkg/uwsgi">uwsgi</a>.</li>
<li>Marked CVE-2020-15094/symfony as not-affected for Stretch.</li>
<li>Marked CVE-2020-{9490,11993}/apache2 as ignored for Stretch.</li>
<li>Marked CVE-2020-8244/node-bl as no-dsa for Stretch.</li>
<li>Marked CVE-2020-24978/nasm as no-dsa for Stretch.</li>
<li>Marked CVE-2020-25073/plinth as no-dsa for Stretch.</li>
<li>Marked CVE-2020-15094/symfony as not-affected for Jessie.</li>
<li>Marked CVE-2020-14382/cryptsetup as not-affected for Jessie.</li>
<li>Marked CVE-2020-14387/rsync as not-affected for Jessie.</li>
<li>Auto EOL’ed ark, collabtive, linux, nasm, node-bl, and thunderbird for Jessie.</li>
<li>Use <code>mktemp</code> instead of <code>tempfile</code> in <code>bin/auto-add-end-of-life.sh</code>.</li>
<li>Attended the fifth LTS meeting. Logs <a href="https://meetbot.debian.net/debian-lts/2020/debian-lts.2020-09-24-14.58.html">here</a>.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2020/09/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in August 2020 https://utkarsh2102.org/posts/foss-in-aug-20/Sun, 30 Aug 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-aug-20/ <p>Here’s my (eleventh) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 20th month of contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March last year and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> last Christmas! \o/</p>
<p>Well, this month we had <a href="https://debconf20.debconf.org/">DebConf</a>! \o/<br>
(more about this later this week!)</p>
<p>Anyway, here are the following things I did in Debian this month:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/rubocop">rubocop</a> (0.89.1+dfsg-1) - New upstream version for <code>RuboCop::Packaging</code>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-ast">ruby-rubocop-ast</a> (0.3.0+dfsg-1) - New upstream version for <code>RuboCop</code>'s latest version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-packaging">ruby-rubocop-packaging</a> (0.3.0-1) - Shouldn’t check <code>lib/</code> and <code>gemspec</code> file.</li>
<li><a href="https://tracker.debian.org/pkg/bidi-clojure">bidi-clojure</a> (2.1.3-1) - New upstream version for <a href="https://wiki.debian.org/Teams/Puppet/Work"><code>Puppet6</code></a>.</li>
<li>Source-only uploads for <a href="https://tracker.debian.org/pkg/ruby-anima">ruby-anima</a>, <a href="https://tracker.debian.org/pkg/ruby-uniform-notifier">ruby-uniform-notifier</a>, <a href="https://tracker.debian.org/pkg/ruby-unparser">ruby-unparser</a>, <a href="https://tracker.debian.org/pkg/ruby-morpher">ruby-morpher</a>, and <a href="https://tracker.debian.org/pkg/ruby-path-expander">ruby-path-expander</a>.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>php-dasprid-enum</code> and <code>php-bacon-baconqrcode</code> for William and <code>ruby-unparser</code>, <code>ruby-morpher</code>, and <code>ruby-path-exapander</code> for Cocoa.</li>
</ul>
<hr>
<h2 id="goodbye-gsoc-o">Goodbye GSoC! \o/</h2>
<p><img src="https://utkarsh2102.org/images/debian_ruby.png#center" alt=""></p>
<p>In May, I got selected as a <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a> student for <a href="https://www.debian.org/">Debian</a> again! \o/<br>
I am working on the <a href="https://wiki.debian.org/SummerOfCode2020/Projects/#SummerOfCode2020.2FApprovedProjects.2FUpstreamDownstreamCooperationInRuby.Upstream.2FDownstream_cooperation_in_Ruby">Upstream-Downstream Cooperation in Ruby</a> project.</p>
<p>The other 5 blogs can be found here:</p>
<ul>
<li><a href="https://utkarsh2102.org/posts/gsoc-phase-1/">GSoC Phase 1 (part 1)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/foss-in-june-20/">GSoC Phase 1 (part 2)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/gsoc-phase-2/">GSoC Phase 2 (part 1)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/foss-in-july-20/">GSoC Phase 2 (part 2)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/gsoc-phase-3/">GSoC Phase 3 (part 1)</a>.</li>
<li>And this is GSoC Phase 3 (part 2).</li>
</ul>
<p>Also, I log daily updates at <a href="https://gsocwithutkarsh2102.tk/">gsocwithutkarsh2102.tk</a>.</p>
<p>Since this is a wrap and whilst the daily updates are already available at the above site^, I’ll quickly mention the important points and links here.</p>
<ul>
<li>The git repository is hosted on GitHub: <a href="https://github.com/utkarsh2102/rubocop-packaging">https://github.com/utkarsh2102/rubocop-packaging</a>.</li>
<li>It is a linter, an extension of RuboCop, focused on enforcing upstream best practices and coding conventions.</li>
<li>There have been 5 releases in all, including 4 cops and other bug fixes (including false-positives and false-negatives).</li>
<li>The entire source code is documented with a separate <code>docs/</code> directory, which is hosted at <a href="https://docs.rubocop.org/rubocop-packaging">https://docs.rubocop.org/rubocop-packaging</a>.</li>
<li>The packaging style guide is hosted at <a href="https://packaging.rubystyle.guide">https://packaging.rubystyle.guide</a>.</li>
<li>At the time of writing this, it is being used by around 30 other projects ^.^</li>
<li>Not only could you install this via <a href="https://rubygems.org/gems/rubocop-packaging"><code>gem install rubocop-packaging</code></a>, but also via <a href="https://tracker.debian.org/pkg/ruby-rubocop-packaging"><code>apt install ruby-rubocop-packaging</code></a>.</li>
<li>The total work consists of <a href="https://github.com/utkarsh2102/rubocop-packaging/commits/master">around 85 commits</a> with <a href="https://github.com/utkarsh2102/rubocop-packaging/pulls?q=is%3Apr+is%3Aclosed">15 PRs</a>, contributed by <a href="https://github.com/utkarsh2102/rubocop-packaging/graphs/contributors">4 amazing people</a> (including me :P) in the last 3 months (June ‘20 to August ‘20).</li>
<li>And finally, many thanks to two amazing people (the mentors for this project), <a href="https://github.com/terceiro">Antonio Terceiro</a> and <a href="https://github.com/deivid-rodriguez/">David Rodríguez</a>! 💖</li>
</ul>
<p><img src="https://utkarsh2102.org/images/gsoc_meetings.png#center" alt=""></p>
<hr>
<h2 id="continuation-of-gsoc-for-other-ruby-related-stuff">Continuation of GSoC for other Ruby related stuff!</h2>
<figure>
<img src="https://utkarsh2102.org/images/ruby-logo-small.png"/>
</figure>
<p>Whilst working on <a href="https://github.com/utkarsh2102/rubocop-packaging">Rubocop::Packaging</a>, I contributed to more Ruby projects, refactoring their library a little bit and mostly fixing RuboCop issues and fixing issues that the <code>Packaging</code> extension reports as “offensive”.<br>
Following are the PRs that I raised:</p>
<ul>
<li><a href="https://github.com/ai/autoprefixer-rails/pull/170">PR #170</a> for <a href="https://github.com/ai/autoprefixer-rails">autoprefixer-rails</a> to drop <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/cucumber/cucumber-rails/pull/479">PR #479</a> for <a href="https://github.com/cucumber/cucumber-rails">cucumber-rails</a> to update <code>RuboCop</code> and <code>RuboCop::Packaging</code>.</li>
<li><a href="https://github.com/cucumber/cucumber-ruby/pull/1465">PR #1465</a> for <a href="https://github.com/cucumber/cucumber-ruby">cucumber-ruby</a> for updating <code>RuboCop</code> to v0.89.</li>
<li><a href="https://github.com/cucumber/cucumber-ruby-core/pull/208">PR #208</a> for <a href="https://github.com/cucumber/cucumber-ruby-core">cucumber-ruby-core</a> to fix <code>.rubocop.yml</code> and add <code>RuboCop::Packaging</code> as a development dependency.</li>
<li><a href="https://github.com/titusfortner/webdrivers/pull/178">PR #178</a> for <a href="https://github.com/titusfortner/webdrivers">webdrivers</a> to update the <code>RuboCop</code> and <code>RuboCop::RSpec</code> version to the latest.</li>
<li><a href="https://github.com/titusfortner/webdrivers/pull/179">PR #179</a> for <a href="https://github.com/titusfortner/webdrivers">webdrivers</a> to drop <code>git ls-files</code> in gemspec.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p><a href="https://www.freexian.com/en/services/debian-lts.html">Debian Long Term Support (LTS)</a> is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And <a href="https://deb.freexian.com/extended-lts">Debian Extended LTS (ELTS)</a> is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my eleventh month as a Debian LTS and my second as a Debian ELTS paid contributor.<br>
I was assigned 21.75 hours for LTS and 14.25 hours for ELTS and worked on
the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/08/msg00000.html">DLA 2304-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2015-9542">CVE-2015-9542</a>, for <a href="https://tracker.debian.org/pkg/libpam-radius-auth">libpam-radius-auth</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.3.16-5+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html">DLA 2305-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-10756">CVE-2018-10756</a>, for <a href="https://tracker.debian.org/pkg/transmission">transmission</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 2.92-2+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/08/msg00002.html">DLA 2307-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2018-1000544">CVE-2018-1000544</a>, for <a href="https://tracker.debian.org/pkg/ruby-zip">ruby-zip</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.2.0-1.1+deb9u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/08/msg00003.html">DLA 2308-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-17113">CVE-2019-17113</a>, for <a href="https://tracker.debian.org/pkg/libopenmpt">libopenmpt</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 0.2.7386~beta20.3-3+deb9u4.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/08/msg00012.html">DLA 2317-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-10177">CVE-2020-10177</a>, for <a href="https://tracker.debian.org/pkg/pillow">pillow</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 4.0.0-4+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html">DLA 2318-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-10064">CVE-2019-10064</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-12695">CVE-2020-12695</a>, for <a href="https://tracker.debian.org/pkg/wpa">wpa</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 2:2.4-1+deb9u7.</li>
<li>Started working on <a href="https://tracker.debian.org/pkg/uwsgi">uwsgi</a> update for <a href="https://security-tracker.debian.org/tracker/CVE-2020-11984">CVE-2020-11984</a>. It seems that src:apache2 wasn’t affected by that, but src:uwsgi was.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-255-1-libx11">ELA 255-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-14344">CVE-2020-14344</a>, for <a href="https://tracker.debian.org/pkg/libx11">libx11</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2:1.6.2-3+deb8u3.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-259-1-pillow">ELA 259-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-10177">CVE-2020-10177</a>, for <a href="https://tracker.debian.org/pkg/pillow">pillow</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.6.1-2+deb8u5.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-269-1-apache2">ELA 269-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-11985">CVE-2020-11985</a>, for <a href="https://tracker.debian.org/pkg/apache2">apache2</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.4.10-10+deb8u17.</li>
<li>Started working on <a href="https://tracker.debian.org/pkg/clamav">clamAV</a> update, it’s a major bump from v0.101.5 to v0.102.4. There were lots of movings parts. Contacted upstream maintainers to help reduce the risk of regression. Came up with a patch to loosen the libcurl version requirement. Hopefully, the update could be rolled out soon!</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>I spent an additional 11.15 hours working on compiling the responses of the LTS survey and preparing a gist of it for its presentation during the Debian LTS BoF at DebConf20.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/pillow">pillow</a>,
<a href="https://tracker.debian.org/pkg/gupnp">gupnp</a>,
<a href="https://tracker.debian.org/pkg/clamav">clamav</a>,
<a href="https://tracker.debian.org/pkg/apache2">apache2</a>, and
<a href="https://tracker.debian.org/pkg/uwsgi">uwsgi</a>.</li>
<li>Marked CVE-2020-11538/pillow as not-affected for Stretch.</li>
<li>Marked CVE-2020-11984/apache2 as not-affected for Stretch.</li>
<li>Marked CVE-2020-10378/pillow as not-affected for Jessie.</li>
<li>Marked CVE-2020-11538/pillow as not-affected for Jessie.</li>
<li>Marked CVE-2020-3481/clamav as not-affected for Jessie.</li>
<li>Marked CVE-2020-11984/apache2 as not-affected for Jessie.</li>
<li>Marked CVE-2020-{9490,11993}/apache2 as not-affected for Jessie.</li>
<li>Hosted Debian LTS BoF at DebConf20. Recording <a href="https://caesar.ftp.acc.umu.se/pub/debian-meetings/2020/DebConf20/72-debian-lts-bof.webm">here</a>.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2020/08/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> GSoC Phase 3 https://utkarsh2102.org/posts/gsoc-phase-3/Sat, 15 Aug 2020 11:11:11 +0530 https://utkarsh2102.org/posts/gsoc-phase-3/ <p>Hello,</p>
<p>In early May, I got selected as a <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a>
student for <a href="https://www.debian.org/">Debian</a> to work on a project which is to write a linter
(an extension to <a href="https://rubocop.org/">RuboCop</a>).<br>
This tool is mostly to help the <a href="https://wiki.debian.org/Teams/Ruby/">Debian Ruby team</a>.
And that is the best part, I love working in/for/with the Ruby team!<br>
(I’ve been an active part of the team for 19 months now :))</p>
<p><img src="https://utkarsh2102.org/images/debian_ruby.png#center" alt=""></p>
<p>More details about the project can be found <a href="https://wiki.debian.org/SummerOfCode2020/Projects/#SummerOfCode2020.2FApprovedProjects.2FUpstreamDownstreamCooperationInRuby.Upstream.2FDownstream_cooperation_in_Ruby">here, on the wiki</a>.<br>
And also, I have got the best mentors I could’ve possibly asked for: <a href="https://github.com/terceiro">Antonio Terceiro</a>
and <a href="https://github.com/deivid-rodriguez/">David Rodríguez</a> 💖</p>
<p>So, the program began on 1st June and I’ve been working since then. I log my daily updates at
<a href="https://gsocwithutkarsh2102.tk/">gsocwithutkarsh2102.tk</a>.<br>
The previously written blogs can be found here:</p>
<ul>
<li><a href="https://utkarsh2102.org/posts/gsoc-phase-1/">GSoC Phase 1 (part 1)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/foss-in-june-20/">GSoC Phase 1 (part 2)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/gsoc-phase-2/">GSoC Phase 2 (part 1)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/foss-in-july-20/">GSoC Phase 2 (part 2)</a>.</li>
<li>And this is GSoC Phase 3 (part 1).</li>
</ul>
<p>Whilst the daily updates are available at the above site^, I’ll breakdown the important
parts here:</p>
<ul>
<li>
<p>Well, since the last 15 days, there hasn’t been any significant change, mostly because
I didn’t get a lot of time to work on it. This is the DebConf20 month! \o/<br>
Hear, hear, DebConf20 is here! 💖</p>
</li>
<li>
<p>First of all, what I worked on was creating my DebConf20 talk, presenting this project that
I am working on for the “GSoC 2020 Projects” session, proposed by the Outreach team.<br>
Honestly, this was the hardest thing to do, really! Recording yourself is very hard.<br>
It’s almost equivalent to naming things and invalidating caches.</p>
</li>
<li>
<p>After 7 or so unsuccessful tries, I finally could come up with something sane!<br>
It still needed some work (lots of “umm"s) but I had given up on it, so I let it be.
So I hope to see you see me at the session? :)<br>
In any case, slides of my presentation can be found <a href="https://slides.com/utkarsh2102/gsoc-dc20">here</a>.</p>
</li>
<li>
<p>Besides this, I’ve been helping in organizing DC20. Mostly the content team. And
other things, here and there!</p>
</li>
<li>
<p>Anyway, getting back to the project, I refactored the <code>generate_cops_documentation</code> task
by using the newly added <code>CopsDocumentationGenerator</code> class in the RuboCop’s source.</p>
</li>
<li>
<p>I also started working on fixing the false-positives, which I mentioned in my last blog.<br>
Hopefully with that, we’ll be ready with another release!</p>
</li>
<li>
<p>Besides, I’ve started working on the <a href="https://packaging.rubystyle.guide">Packaging Style Guide</a>,
which documents all the reasoning behind this extension and the cops.</p>
</li>
</ul>
<p>To conclude, I think in the next week or so, I’ll be completing almost everything, from fixing
the pending bugs to adding 2 news cops and finally documenting the entire thing to the best
of my ability! \o/</p>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in July 2020 https://utkarsh2102.org/posts/foss-in-july-20/Thu, 30 Jul 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-july-20/ <p>Here’s my (tenth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 17th month of contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March last year and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> last Christmas! \o/</p>
<p>Well, this month I didn’t do a lot of Debian stuff, like I usually do, however, I did a lot of things related to Debian (indirectly via GSoC)!</p>
<p>Anyway, here are the following things I did this month:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:6.0.3.2+dfsg-1) - Fix <a href="https://security-tracker.debian.org/tracker/CVE-2020-8185">CVE-2020-8185</a> (Closes <a href="https://bugs.debian.org/964081">#964081</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-packaging">ruby-rubocop-packaging</a> (0.1.1-1) - Fix blank file <a href="https://github.com/utkarsh2102/rubocop-packaging/issues/5">issue</a>.</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.6-2~bpo10+1) - Backport new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby2.5">ruby2.5</a> (2.5.5-3+deb10u2) - Fix <a href="https://security-tracker.debian.org/tracker/CVE-2020-10663">CVE-2020-10663</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-10933">CVE-2020-10933</a>.</li>
<li><a href="https://tracker.debian.org/pkg/djangorestframework-api-key">djangorestframework-api-key</a> (2.0.0-2) - Fix <a href="https://bugs.debian.org/956920">#956920</a>.</li>
<li><a href="https://tracker.debian.org/pkg/golang-golang-x-text">golang-golang-x-text</a> (0.3.3-1~bpo10+1) - Backport <a href="https://security-tracker.debian.org/tracker/CVE-2020-14040">CVE-2020-14040</a> fix to Buster.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-growl">ruby-growl</a> (4.1+dfsg-2) - Source-only upload.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-iso8601">ruby-iso8601</a> (0.13.0-1) - New upstream version, drop patches as they’re merged upstream.</li>
<li><a href="https://tracker.debian.org/pkg/sup-mail">sup-mail</a> (1.0-1) - Re-introduce sup-mail to the Debian archive.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-packaging">ruby-rubocop-packaging</a> (0.2.0-1) - New version for the <code>RelativeRequireToLib</code> cop.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-ast">ruby-rubocop-ast</a> (0.1.0-2) - Source-only upload.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-rspec">ruby-rubocop-rspec</a> (1.42.0-1) - Fixing FTBFS with RuboCop v0.88.0 via v1.42.0.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-performance">ruby-rubocop-performance</a> (1.7.1-1) - Fixing FTBFS with RuboCop v0.88.0 via v1.7.1.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>php-twig</code> for William, <code>ruby-growl</code>, <code>ruby-xmpp4r</code>, and <code>uby-uniform-notifier</code> for Cocoa, <code>sup-mail</code> for Iain, and <code>node-markdown-it</code> for Sakshi.</li>
</ul>
<hr>
<h2 id="gsoc-phase-2-part-2">GSoC Phase 2, Part 2!</h2>
<p><img src="https://utkarsh2102.org/images/debian_ruby.png#center" alt=""></p>
<p>In May, I got selected as a <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a> student for <a href="https://www.debian.org/">Debian</a> again! \o/<br>
I am working on the <a href="https://wiki.debian.org/SummerOfCode2020/Projects/#SummerOfCode2020.2FApprovedProjects.2FUpstreamDownstreamCooperationInRuby.Upstream.2FDownstream_cooperation_in_Ruby">Upstream-Downstream Cooperation in Ruby</a> project.</p>
<p>The first three blogs can be found here:</p>
<ul>
<li><a href="https://utkarsh2102.org/posts/gsoc-phase-1/">GSoC Phase 1 (part 1)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/foss-in-june-20/">GSoC Phase 1 (part 2)</a>.</li>
<li><a href="https://utkarsh2102.org/posts/gsoc-phase-2/">GSoC Phase 2 (part 1)</a>.</li>
<li>And this is GSoC Phase 2 (part 2).</li>
</ul>
<p>Also, I log daily updates at <a href="https://gsocwithutkarsh2102.tk/">gsocwithutkarsh2102.tk</a>.</p>
<p>Whilst the daily updates are available at the above site^, I’ll breakdown the important parts of the later half of the second month here:</p>
<ul>
<li><a href="https://github.com/marcandre">Marc Andre</a>, very kindly, helped in <a href="https://github.com/marcandre/rubocop-packaging/commit/90d23d16dff4fd00652d3e5c7f32c88d9c987225">fixing the specs</a> that were failing earlier this month. Well, the problem was with the specs, but I am still confused how so. Anyway..</li>
<li>Finished documentation of the second cop and marked the PR as ready to be reviewed.</li>
<li>David reviewed and suggested some really good changes and I fixed/tweaked that PR as per his suggestion to finally finish the last bits of the second cop, <code>RelativeRequireToLib</code>.</li>
<li>Merged the PR upon two approvals and released it as v0.2.0! 💖</li>
<li>We had our next weekly meeting where we discussed the next steps and the things that are supposed to be done for the next set of cops.</li>
<li>Introduced <a href="https://github.com/utkarsh2102/rubocop-packaging">rubocop-packaging</a> to the outer world and requested other upstream projects to use it! It is being used by <a href="https://github.com/utkarsh2102/rubocop-packaging/network/dependents?package_id=UGFja2FnZS0xMjY1ODQyMzQ1">13 other projects</a> already! 😭💖</li>
<li>Started to work on <a href="https://github.com/utkarsh2102/packaging-style-guide">packaging-style-guide</a> but I didn’t push anything to the public repository yet.</li>
<li>Worked on refactoring the <code>cops_documentation</code> Rake task which was broken by the new auto-corrector API. Opened <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/7">PR #7</a> for it. It’ll be merged after the next RuboCop release as it uses <code>CopsDocumentationGenerator</code> class from the master branch.</li>
<li>Whilst working on <a href="https://github.com/ai/autoprefixer-rails">autoprefixer-rails</a>, I found something unusual. The second cop shouldn’t really report offenses if the <code>require_relative</code> calls are from <code>lib</code> to <code>lib</code> itself. This is a false-positive. Opened <a href="https://github.com/utkarsh2102/rubocop-packaging/issues/8">issue #8</a> for the same.</li>
</ul>
<hr>
<h2 id="continuation-of-gsoc-for-other-ruby-related-stuff">Continuation of GSoC for other Ruby related stuff!</h2>
<figure>
<img src="https://utkarsh2102.org/images/ruby-logo-small.png"/>
</figure>
<p>Whilst working on <code>rubocop-packaging</code>, I contributed to more Ruby projects, refactoring their library a little bit and mostly fixing RuboCop issues and fixing issues that the <code>Packaging</code> extension reports as “offensive”.<br>
Following are the PRs that I raised:</p>
<ul>
<li><a href="https://github.com/mvz/gir_ffi/pull/175">PR #175</a> for <a href="https://github.com/mvz/gir_ffi">gir_ffi</a> to drop <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/rubygems/rubygems/pull/3791">PR #3791</a> for <a href="https://github.com/rubygems/rubygems">rubygems/bundler</a> to remove redundant <code>bundler/setup</code> require call from <code>spec_helper</code> generated by <code>bundle gem</code>.</li>
<li><a href="https://github.com/puma/puma/pull/2307">PR #2307</a> for <a href="https://github.com/puma/puma">puma</a> to constrain <code>rake-compiler</code> to v0.9.4.</li>
<li><a href="https://github.com/cucumber/cucumber-rails/pull/476">PR #476</a> for <a href="https://github.com/cucumber/cucumber-rails">cucumber-rails</a> to drop <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/cucumber/aruba/pull/721">PR #721</a> for <a href="https://github.com/cucumber/aruba">aruba</a> to drop <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/savonrb/wasabi/pull/89">PR #89</a> for <a href="https://github.com/savonrb/wasabi">wasabi</a> to drop <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/RubyCrypto/ed25519/pull/24">PR #24</a> for <a href="https://github.com/RubyCrypto/ed25519">ed25519</a> to fix RuboCop warning and offenses.</li>
<li><a href="https://github.com/RubyCrypto/ed25519/pull/25">PR #25</a> for <a href="https://github.com/RubyCrypto/ed25519">ed25519</a> to drop <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/arnau/ISO8601/pull/59">PR #59</a> for <a href="https://github.com/arnau/ISO8601">ISO8601</a> to drop <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/arnau/ISO8601/pull/60">PR #60</a> for <a href="https://github.com/arnau/ISO8601">ISO8601</a> to fix other RuboCop offenses.</li>
<li><a href="https://github.com/arnau/ISO8601/pull/61">PR #61</a> for <a href="https://github.com/arnau/ISO8601">ISO8601</a> to (minor) refactor the library.</li>
<li><a href="https://github.com/sup-heliotrope/sup/pull/580">PR #580</a> for <a href="https://github.com/sup-heliotrope/sup">sup</a> to drop <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/ai/autoprefixer-rails/pull/166">PR #166</a> for <a href="https://github.com/ai/autoprefixer-rails">autoprefixer-rails</a> to use RuboCop to enhance some bits of code.</li>
<li><a href="https://github.com/ai/autoprefixer-rails/pull/167">PR #167</a> for <a href="https://github.com/ai/autoprefixer-rails">autoprefixer-rails</a> to fix remaining RuboCop warning and offenses.</li>
<li><a href="https://github.com/ai/autoprefixer-rails/pull/169">PR #169</a> for <a href="https://github.com/ai/autoprefixer-rails">autoprefixer-rails</a> to do some minor refactoring.</li>
<li><a href="https://github.com/ai/autoprefixer-rails/pull/170">PR #170</a> for <a href="https://github.com/ai/autoprefixer-rails">autoprefixer-rails</a> to drop <code>git ls-files</code> in gemspec.</li>
</ul>
<hr>
<h2 id="debian-elts">Debian (E)LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p>Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.</p>
<p>And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).</p>
<p>This was my tenth month as a Debian LTS and my first as a Debian ELTS paid contributor.<br>
I was assigned 25.25 hours for LTS and 13.25 hours for ELTS and worked on
the following things:</p>
<h4 id="lts-cve-fixes-and-announcements">LTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/07/msg00000.html">DLA 2269-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-4046">CVE-2020-4046</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-4047">CVE-2020-4047</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-4048">CVE-2020-4048</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-4049">CVE-2020-4049</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-4050">CVE-2020-4050</a>, for <a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 4.1.31+dfsg-0+deb8u1.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html">DLA 2270-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-14060">CVE-2020-14060</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-14061">CVE-2020-14061</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-14062">CVE-2020-14062</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-14195">CVE-2020-14195</a>, for <a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.4.2-2+deb8u15.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html">DLA 2271-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-4067">CVE-2020-4067</a>, for <a href="https://tracker.debian.org/pkg/coturn">coturn</a>.<br>
For Debian 8 Jessie, this problem has been fixed in version 4.2.1.2-1+deb8u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html">DLA 2275-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8161">CVE-2020-8161</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-8184">CVE-2020-8184</a>, for <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1.6.4-4+deb9u2.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html">DLA 2276-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-12108">CVE-2020-12108</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-15011">CVE-2020-15011</a>, for <a href="https://tracker.debian.org/pkg/mailman">mailman</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 1:2.1.23-1+deb9u6.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/07/msg00008.html">DLA 2277-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-12973">CVE-2019-12973</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-6851">CVE-2020-6851</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-8112">CVE-2020-8112</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-15389">CVE-2020-15389</a>, for <a href="https://tracker.debian.org/pkg/openjpeg2">openjpeg2</a>.<br>
For Debian 9 Stretch, these problems have been fixed in version 2.1.2-1.1+deb9u5.</li>
<li>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/07/msg00020.html">DLA 2288-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2017-9503">CVE-2017-9503</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-12068">CVE-2019-12068</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2019-20382">CVE-2019-20382</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-1983">CVE-2020-1983</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-8608">CVE-2020-8608</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-10756">CVE-2020-10756</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-13361">CVE-2020-13361</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-13362">CVE-2020-13362</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-13659">CVE-2020-13659</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-13754">CVE-2020-13754</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-13765">CVE-2020-13765</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-15863">CVE-2020-15863</a>, for <a href="https://tracker.debian.org/pkg/qemu">qemu</a>. This was mostly worked upon by the maintainer, Michael.<br>
For Debian 9 Stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u10.</li>
</ul>
<h4 id="elts-cve-fixes-and-announcements">ELTS CVE Fixes and Announcements:</h4>
<ul>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-240-1-wpa">ELA 240-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-12695">CVE-2020-12695</a>, for <a href="https://tracker.debian.org/pkg/wpa">wpa</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.3-1+deb8u11.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-241-1-openjpeg2">ELA 241-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-15389">CVE-2020-15389</a>, for <a href="https://tracker.debian.org/pkg/openjpeg2">openjpeg2</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 2.1.0-2+deb8u11.</li>
<li>Issued <a href="https://deb.freexian.com/extended-lts/updates/ela-249-1-qemu">ELA 249-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-13659">CVE-2020-13659</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-15863">CVE-2020-15863</a>, for <a href="https://tracker.debian.org/pkg/qemu">qemu</a>.<br>
For Debian 8 Jessie, these problems have been fixed in version 1:2.1+dfsg-12+deb8u16.</li>
</ul>
<h4 id="other-elts-work">Other (E)LTS Work:</h4>
<ul>
<li>Did my LTS frontdesk duty from 29th June to 5th July.</li>
<li>Triaged <a href="https://tracker.debian.org/pkg/qemu">qemu</a>,
<a href="https://tracker.debian.org/pkg/firefox-esr">firefox-esr</a>,
<a href="https://tracker.debian.org/pkg/wordpress">wordpress</a>,
<a href="https://tracker.debian.org/pkg/libmediainfo">libmediainfo</a>,
<a href="https://tracker.debian.org/pkg/squirrelmail">squirrelmail</a>,
<a href="https://tracker.debian.org/pkg/xen">xen</a>,
<a href="https://tracker.debian.org/pkg/openjpeg2">openjpeg2</a>,
<a href="https://tracker.debian.org/pkg/samba">samba</a>, and
<a href="https://tracker.debian.org/pkg/ldb">ldb</a>.</li>
<li>Mark CVE-2020-15395/libmediainfo as no-dsa for Jessie.</li>
<li>Mark CVE-2020-13754/qemu as no-dsa/intrusive for Stretch and Jessie.</li>
<li>Mark CVE-2020-12829/qemu as no-dsa for Jessie.</li>
<li>Mark CVE-2020-10756/qemu as not-affected for Jessie.</li>
<li>Mark CVE-2020-13253/qemu as postponed for Jessie.</li>
<li>Drop squirrelmail and xen for Stretch LTS.</li>
<li>Add notes for tomcat8, shiro, and cacti to take care of the Stretch issues.</li>
<li>Emailed <a href="mailto:team@security.d.o">team@security.d.o</a> and <a href="mailto:debian-lts@l.d.o">debian-lts@l.d.o</a> regarding possible clashes.</li>
<li>Maintenance of LTS Survey on the self-hosted LimeSurvey instance. Received 1765 (just wow!) responses.</li>
<li>Attended the fourth LTS meeting. MOM <a href="https://meetbot.debian.net/debian-lts/2020/debian-lts.2020-07-30-14.59.html">here</a>.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2020/07/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<h2 id="others">Other(s)</h2>
<figure>
<img src="https://utkarsh2102.org/images/computing.jpg"/>
</figure>
<p>Sometimes it gets hard to categorize work/things into a particular category.<br>
That’s why I am writing all of those things inside this category.<br>
This includes two sub-categories and they are as follows.</p>
<h4 id="personal">Personal:</h4>
<p>This month I did the following things:</p>
<ul>
<li>Released v0.2.0 of <code>rubocop-packaging</code> on <a href="https://rubygems.org/gems/rubocop-packaging">RubyGems</a>! 💯<br>
It’s open-sourced and the repository is <a href="https://github.com/utkarsh2102/rubocop-packaging">here</a>.<br>
Bug reports and pull requests are welcomed! 😉</li>
<li>Released v0.1.0 of <code>get_root</code> on <a href="https://rubygems.org/gems/get_root">RubyGems</a>! 💖<br>
It’s open-sourced and the repository is <a href="https://github.com/utkarsh2102/get_root">here</a>.</li>
<li>Wrote <a href="https://github.com/utkarsh2102/max_word_frequency">max-word-frequency</a>, my Rails C1M2 programming assignment.<br>
And made it pretty neater & cleaner!</li>
<li>Refactored my <code>lts-dla</code> and <code>elts-ela</code> scripts entirely and wrote them in Ruby so that there are no issues and no false-positives! 🚀<br>
Check <a href="https://github.com/utkarsh2102/utsh/commit/632ad0c0a6216bb0e5b35fde2a2379a97616dc19">lts-dla here</a> and <a href="https://github.com/utkarsh2102/utsh/commit/614f13183075206596355fe315df0db7a6ec36fa">elts-ela here</a>.</li>
<li>And finally, built my first Rails (mini) web-application! 🤗<br>
The repository is <a href="https://github.com/utkarsh2102/recipe_hunter">here</a>. This was also a programming assignment (C1M3).<br>
And furthermore, hosted it at <a href="https://recipe-hunter-2102.herokuapp.com/">Heroku</a>.</li>
</ul>
<h4 id="open-source">Open Source:</h4>
<p>Again, this contains all the things that I couldn’t categorize earlier.<br>
Opened several issues and PRs:</p>
<ul>
<li><a href="https://github.com/rubocop-hq/rubocop/issues/8273">Issue #8273</a> against <a href="https://github.com/rubocop-hq/rubocop">rubocop</a>, reporting a false-positive auto-correct for <code>Style/WhileUntilModifier</code>.</li>
<li><a href="https://github.com/httprb/http/issues/615">Issue #615</a> against <a href="https://github.com/httprb/http">http</a> reporting a weird behavior of a flaky test.</li>
<li><a href="https://github.com/rubygems/rubygems/pull/3791">PR #3791</a> for <a href="https://github.com/rubygems/rubygems">rubygems/bundler</a> to remove redundant <code>bundler/setup</code> require call from <code>spec_helper</code> generated by <code>bundle gem</code>.</li>
<li><a href="https://github.com/rubygems/rubygems/issues/3831">Issue #3831</a> against <a href="https://github.com/rubygems/rubygems">rubygems</a>, reporting a traceback of undefined method, <code>rubyforge_project=</code>.</li>
<li><a href="https://github.com/Nheko-Reborn/nheko/issues/238">Issue #238</a> against <a href="https://github.com/Nheko-Reborn/nheko">nheko</a> asking for enhancement in showing the font name in the very font itself.</li>
<li><a href="https://github.com/puma/puma/pull/2307">PR #2307</a> for <a href="https://github.com/puma/puma">puma</a> to constrain <code>rake-compiler</code> to v0.9.4.</li>
<li>And finally, I joined the <a href="https://github.com/cucumber">Cucumber</a> organization! \o/</li>
</ul>
<hr>
<p>Thank you for sticking along for so long :)</p>
<p>Until next time.<br>
<code>:wq</code> for today.</p> GSoC Phase 2 https://utkarsh2102.org/posts/gsoc-phase-2/Wed, 15 Jul 2020 11:11:11 +0530 https://utkarsh2102.org/posts/gsoc-phase-2/ <p>Hello,</p>
<p>In early May, I got selected as a <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a>
student for <a href="https://www.debian.org/">Debian</a> to work on a project which is to write a linter
(an extension to <a href="https://rubocop.org/">RuboCop</a>).<br>
This tool is mostly to help the <a href="https://wiki.debian.org/Teams/Ruby/">Debian Ruby team</a>.
And that is the best part, I love working in/for/with the Ruby team!<br>
(I’ve been an active part of the team for 19 months now :))</p>
<p><img src="https://utkarsh2102.org/images/debian_ruby.png#center" alt=""></p>
<p>More details about the project can be found <a href="https://wiki.debian.org/SummerOfCode2020/Projects/#SummerOfCode2020.2FApprovedProjects.2FUpstreamDownstreamCooperationInRuby.Upstream.2FDownstream_cooperation_in_Ruby">here, on the wiki</a>.<br>
And also, I have got the best mentors I could’ve possibly asked for: <a href="https://github.com/terceiro">Antonio Terceiro</a>
and <a href="https://github.com/deivid-rodriguez/">David Rodríguez</a> 💖</p>
<p>So, the program began on 1st June and I’ve been working since then. I log my daily updates at
<a href="https://gsocwithutkarsh2102.tk/">gsocwithutkarsh2102.tk</a>.<br>
The blog for the first part of phase 1 can be found <a href="https://utkarsh2102.org/posts/gsoc-phase-1/">here</a>
and that of second part of phase 1 can be found <a href="https://utkarsh2102.org/posts/foss-in-june-20/">here</a>.</p>
<p>Whilst the daily updates are available at the above site^, I’ll breakdown the important
parts here:</p>
<ul>
<li>
<p>After the, what I’d like to call, successful Phase 1, whilst using this extension on
GitLab’s <a href="https://gitlab.com/gitlab-org/omnibus-gitlab/">omnibus-gitlab</a> repository,
I discovered a bug (as reported via <a href="https://github.com/utkarsh2102/rubocop-packaging/issues/5">issue #5</a>),
which basically threw the following error:</p>
<blockquote>
<p>An error occurred while Packaging/GemspecGit cop was inspecting
/home/utkarsh/github/omnibus-gitlab/files/gitlab-cookbooks/gitlab/recipes/bootstrap_disable.rb.<br>
To see the complete backtrace run rubocop -d.</p>
</blockquote>
<p>…which was not good.</p>
</li>
<li>
<p>This bug was a false-negative and the fix turned out to be simple, which was raised via
<a href="https://github.com/utkarsh2102/rubocop-packaging/pull/6">PR #6</a>.<br>
Since the extension was now working fine against omnibus-gitlab (which is…quite huge!),
I rolled out a <a href="https://github.com/utkarsh2102/rubocop-packaging/releases/tag/v0.1.1">v0.1.1 release</a>! 🎉</p>
</li>
<li>
<p>Next, I implemented the 2nd cop, fixing <code>require</code> and <code>require_relative</code> calls which map from
<code>spec(s)/test(s)</code> to the <code>lib</code> directory.<br>
This was raised via a <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/4">WIP PR #4</a>.</p>
</li>
<li>
<p>We had our meeting where we discussed that it would rather make sense to split these cops into
two parts and also, thanks to David’s <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/4#issuecomment-648646511">elaborative comment</a>
on the situation.<br>
With this, we decided to split the cops into two.</p>
</li>
<li>
<p>Then I worked on:</p>
<ul>
<li>Splitting the cops via commit <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/4/commits/6765fec8bf3326dc0fb2f4647f06c1d91a861d55">@6765fec8</a>.</li>
<li>Dropping Ruby2.4 support via commit <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/4/commits/3681e9a3e178bc3eee081a4c98f7f68019b506c3">@3681e9a3</a>.</li>
<li>Diversifying tests via commit <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/4/commits/335a14e29deda41f8878ccd50abdd2a6beae8950">@335a14e2</a>.</li>
</ul>
</li>
<li>
<p>At this point, we hit yet another obstacle. Correctly determining the root directory of a project
at runtime. This is…tricky. Not impossible (of course) but tricky.<br>
So my “homework” was to find such a thing that does that by default.</p>
</li>
<li>
<p>For the next 4 days, I tried to find something that could do this bit. But unfortunately, I
couldn’t.<br>
So I wrote one myself. I wrote <a href="https://github.com/utkarsh2102/get_root">get_root</a>, which solves this
problem.<br>
The only thing that one needs to take care while using <code>get_root</code> is that it has to be a <code>git</code>
repository. That’s a…trade-off.</p>
</li>
<li>
<p>In the next meeting, we discussed that this is a bit of an overkill. <code>get_root</code> should’ve been
written as a helper function and not as another library, which David and Antonio pointed out
correctly. But it was already too late :P<br>
I had already made a <a href="https://rubygems.org/gems/get_root">v 0.1.0 release</a>.<br>
(So in case you’re a Rubyist and want to find the root directory of a git repository, consider using
this :P)<br>
Besides, Antonio also pointed out that it should take another arguement as to from point from where
the file is being inspected. Hm, unsure how to do that..</p>
</li>
<li>
<p>Meanwhile, I exported <code>get_root</code> as a helper function, David solved all the problem altogether at
once via <a href="https://github.com/rubocop-hq/rubocop/pull/8314">rubocop’s PR #8314</a>.<br>
This introduced a new (public) method <code>#project_root</code> which superseeded <code>get_root</code> and one could
now get the root directory via <code>RuboCop::ConfigLoader.project_root</code>. Ain’t he amazing!? \o/</p>
</li>
<li>
<p>This also means, I reverted those changes altogether and tweaked my WIP PR to inculcate these
changes via commit <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/4/commits/b06a8f86836db03dd9d3f56dffab7daa6d09f7b9">@b06a8f86</a>.<br>
However, the specs fail. But that doesn’t mean that the changes aren’t correct :P<br>
They are pretty much right and working fine. To make that sure, I locally installed this library
and used on other projects to make sure that it indeed is working alright, as it should! \o/</p>
</li>
<li>
<p>And here I am on the 15th day :)</p>
</li>
</ul>
<p>Well, the best part yet?<br>
<code>rubocop-packaging</code> is being used by <a href="https://rubygems.org/gems/batalert">batalert</a>, <a href="https://rubygems.org/gems/arbre">arbre</a>,
<a href="https://rubygems.org/gems/rspec-stubbed_env">rspec-stubbed_env</a>, <a href="https://rubygems.org/gems/rspec-pending_for">rspec-pending_for</a>,
<a href="https://rubygems.org/gems/ISO8601">ISO8601</a>, <a href="https://rubygems.org/gems/get_root">get_root</a> (😛),
<a href="https://rubygems.org/gems/gir_ffi">gir_ffi</a>, <a href="https://rubygems.org/gems/linter">linter</a>, and
<a href="https://rubygems.org/gems/cucumber-rails">cucumber-rails</a>.</p>
<p>Whilst it has been a lot of fun so far, my plate has started to almost…overflow. It seems that I’ve
got a lot of things to work on (and already things that are due!).<br>
From my major project, college *stuff to my GSoC project, Debian (E)LTS, and a lot *more.</p>
<p>Thanks to Antonio for helping me out with *other things (which maps back to his sayings in Paris \o/).</p>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in June 2020 https://utkarsh2102.org/posts/foss-in-june-20/Tue, 30 Jun 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-june-20/ <p>Here’s my (ninth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This was my 16th month of contributing to <a href="https://www.debian.org/">Debian</a>.
I became a <a href="https://wiki.debian.org/DebianMaintainer">DM</a> in late March last year and a <a href="https://wiki.debian.org/DebianDeveloper">DD</a> last Christmas! \o/</p>
<p>This month was a little intense. I did a lot of different kinds of things in Debian this month. Whilst most of my time went on doing security stuff, I also sponsored a bunch of packages.</p>
<p>Here are the following things I did this month:</p>
<h4 id="uploads-and-bug-fixes">Uploads and bug fixes:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/rails">rails</a> (2:5.2.4.3+dfsg-1) - fix a bunch of <a href="https://security-tracker.debian.org/tracker/source-package/rails">CVEs</a> in Sid and Bullseye.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-json">ruby-json</a> (2.1.0+dfsg-2+deb10u1) - backport <a href="https://security-tracker.debian.org/tracker/CVE-2020-10663">CVE-2020-10663</a> fix to Buster.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-json">ruby-json</a> (2.0.1+dfsg-3+deb9u1) - backport <a href="https://security-tracker.debian.org/tracker/CVE-2020-10663">CVE-2020-10663</a> fix to Stretch.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-kaminari">ruby-kaminari</a> (1.0.1-6) - add patch to fix <a href="https://security-tracker.debian.org/tracker/CVE-2020-11082">CVE-2020-11082</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby2.3">ruby2.3</a> (2.3.3-1+deb9u8) - backport <a href="https://security-tracker.debian.org/tracker/CVE-2020-10663">CVE-2020-10663</a> fix to Stretch.</li>
<li><a href="https://tracker.debian.org/pkg/python-libusb1">python-libusb1</a> (1.8-1.1) - NMU for a source-only upload.</li>
<li><a href="https://tracker.debian.org/pkg/pry">pry</a> (0.13.1-1) - Fix failing tests & new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rubocop-packaging">ruby-rubocop-packaging</a> (0.1.0-1) - NEW (<a href="bugs.debian.org/963016">#963016</a>).</li>
<li><a href="https://tracker.debian.org/pkg/batalert">batalert</a> (0.4.0-1) - fixes against RuboCop.</li>
<li><a href="https://tracker.debian.org/pkg/json-schema-test-suite">json-schema-test-suite</a> (2.0.0-1.1) - NMU for a source-only upload on request.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-ahoy-email">ruby-ahoy-email</a> (1.1.0-1) - Disable tests temporarily (<a href="bugs.debian.org/959060">#959060</a>).</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.6-1) - fix crashing at startup (<a href="bugs.debian.org/961853">#961853</a>).</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-zyedidia-tcell">golang-github-zyedidia-tcell</a> (1.4.8-1) - new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.6-1~bpo10+1) - backport the fix for (<a href="bugs.debian.org/961853">#961853</a>).</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.6-2) - fix the reintroduced versioning issue (<a href="bugs.debian.org/953400">#953400</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-whitequark-parser">ruby-whitequark-parser</a> (2.7.1.4-1) - new upstream version.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Hosted Ruby team meeting. Logs <a href="https://meetbot.debian.net/debian-ruby/2020/debian-ruby.2020-06-05-16.41.html">here</a>.</li>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Sponsored <code>ruby-ast</code> for Abraham, <code>libexif</code> for Hugh, <code>djangorestframework-gis</code> and <code>karlseguin-ccache</code> for Nilesh, and <code>twig-extensions</code>, <code>twig-i18n-extension</code>, and <code>mariadb-mysql-kbs</code> for William.</li>
</ul>
<hr>
<h2 id="gsoc-phase-1-part-2">GSoC Phase 1, Part 2!</h2>
<p><img src="https://utkarsh2102.org/images/debian_ruby.png#center" alt=""></p>
<p>Last month, I got selected as a <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a> student for <a href="https://www.debian.org/">Debian</a> again! \o/<br>
I am working on the <a href="https://wiki.debian.org/SummerOfCode2020/Projects/#SummerOfCode2020.2FApprovedProjects.2FUpstreamDownstreamCooperationInRuby.Upstream.2FDownstream_cooperation_in_Ruby">Upstream-Downstream Cooperation in Ruby</a> project.</p>
<p>The first half of the first month is blogged here, titled, <a href="https://utkarsh2102.org/posts/gsoc-phase-1/">GSoC Phase 1</a>.<br>
Also, I log daily updates at <a href="https://gsocwithutkarsh2102.tk/">gsocwithutkarsh2102.tk</a>.</p>
<p>Whilst the daily updates are available at the above site^, I’ll breakdown the important parts of the later half of the first month here:</p>
<ul>
<li>Documented the first cop, <code>GemspecGit</code> via <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/2">PR #2</a>.</li>
<li>Made an initial release, <a href="https://rubygems.org/gems/rubocop-packaging">v0.1.0</a>! 💖</li>
<li>Spread the word/usage about this tool/library via adding them in the official <a href="https://docs.rubocop.org/rubocop/extensions.html">RuboCop docs</a>.</li>
<li>We had our <a href="https://gsocwithutkarsh2102.tk/log/2020/06/18/day18.html">third weekly meeting</a> where we discussed the next steps and the things that are supposed to be done for the next set of cops.</li>
<li>Wrote more tests so as to cover different aspects of the <code>GemspecGit</code> cop.</li>
<li>Opened <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/4/">PR #4</a> for the next Cop, <code>RequireRelativeToLib</code>.</li>
<li>Introduced <a href="https://github.com/utkarsh2102/rubocop-packaging">rubocop-packaging</a> to the outer world and requested other upstream projects to use it! It is being used by 6 other projects already 😭💖</li>
<li>Had our <a href="https://gsocwithutkarsh2102.tk/log/2020/06/25/day25.html">fourth weekly meeting</a> where we pair-programmed (and I sucked :P) and figured out a way to make the second cop work.</li>
<li>Found a bug, reported at <a href="https://github.com/utkarsh2102/rubocop-packaging/issues/5">issue #5</a> and raised <a href="https://github.com/utkarsh2102/rubocop-packaging/pull/6">PR #6</a> to fix it.</li>
<li>And finally, people loved the library/tool (and it’s outcome):<br>
<img src="https://utkarsh2102.org/images/bbatsov-comment.png#center" alt=""><br>
<img src="https://utkarsh2102.org/images/lienvdsteen-comment.png#center" alt=""><br>
<img src="https://utkarsh2102.org/images/pboling-comment.png#center" alt=""><br>
(for those who don’t know, <a href="https://github.com/bbatsov">@bbatsov</a> is the author of <a href="https://rubocop.org/">RuboCop</a>, <a href="https://gitlab.com/lienvdsteen">@lienvdsteen</a> is an amazing fullstack engineer at GitLab, and <a href="https://github.com/pboling">@pboling</a> is the author of some awesome Ruby tools and libraries!)</li>
</ul>
<hr>
<h2 id="continuation-of-gsoc-for-other-ruby-related-stuff">Continuation of GSoC for other Ruby related stuff!</h2>
<figure>
<img src="https://utkarsh2102.org/images/ruby-logo-small.png"/>
</figure>
<p>Whilst I have already mentioned it multiple times but it’s still not enough to stress how amazing <a href="https://github.com/terceiro">Antonio Terceiro</a> and <a href="https://github.com/deivid-rodriguez/">David Rodríguez</a> are! 💖<br>
They’re more than just mentors to me!</p>
<p>Well, only they know how much I trouble them with different things, which are not only related to my GSoC project but also extends to the projects they maintain! :P<br>
David maintains <a href="https://github.com/rubygems/rubygems/">rubygems and bundler</a> and Antonio maintains <a href="https://salsa.debian.org/ci-team/debci">debci</a>.</p>
<p>So on days when I decide to hack on <code>rubygems</code> or <code>debci</code>, only I know how kind and nice David and Anotonio are to me!<br>
They very patiently walk me through with whatever I am stuck on, no matter what and no matter when.</p>
<p>Thus, with them around, I contributed to these two projects and more, with regards to working on <code>rubocop-packaging</code>.<br>
Following are a few things that I raised:</p>
<ul>
<li><a href="https://github.com/rubygems/rubygems/pull/3731">PR #3731</a> for <a href="https://github.com/rubygems/rubygems">rubygems/bundler</a> to ship default <code>.rubocop.yml</code> file.</li>
<li><a href="https://github.com/pry/pry/pull/2140">PR #2140</a> for <a href="https://github.com/pry/pry">pry</a> to fix <code>bundler_spec</code> test.</li>
<li><a href="https://github.com/rubygems/rubygems/pull/3740">PR #3740</a> for <a href="https://github.com/rubygems/rubygems">rubygems/bundler</a> to fix all RuboCop offenses.</li>
<li><a href="https://salsa.debian.org/ci-team/debci/-/merge_requests/114">MR #114</a> for <a href="https://salsa.debian.org/ci-team/debci">debci</a> to show package details on the retry page.</li>
<li><a href="https://github.com/ruby/rake/issues/356">Issue #356</a> against <a href="https://github.com/ruby/rake">rake</a> to request to support all <code>gitignore</code> rule patterns in <code>rake/file_list</code>.</li>
<li><a href="https://github.com/robotdana/fast_ignore/pull/9">PR #9</a> for <a href="https://github.com/robotdana/fast_ignore">fast_ignore</a> to use <code>fast_ignore</code> instead of <code>git ls-files</code>.</li>
<li><a href="https://github.com/rubygems/rubygems/pull/3748">PR #3748</a> for <a href="https://github.com/rubygems/rubygems">rubygems/bundler</a> to add actions to automatically bump man page month.</li>
<li><a href="https://github.com/rubocop-hq/rubocop/pull/8160">PR #8160</a> for <a href="https://github.com/rubocop-hq/rubocop">rubocop</a> to add <code>rubocop-packaging</code> as a known extension.</li>
<li><a href="https://github.com/rubygems/rubygems/pull/3754">PR #3754</a> for <a href="https://github.com/rubygems/rubygems">rubygems/bundler</a> to constrain the shipped RuboCop’s version.</li>
<li><a href="https://github.com/robotdana/fast_ignore/issues/8">Issue #8</a> against <a href="https://github.com/robotdana/fast_ignore">fast_ignore</a> to clarify the strange behavior of <code>include_files</code>.</li>
<li><a href="https://github.com/rubygems/rubygems/pull/3765">PR #3765</a> for <a href="https://github.com/rubygems/rubygems">rubygems/bundler</a> to fix remaining RuboCop issues and add tests.</li>
</ul>
<hr>
<h2 id="debian-lts">Debian LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p>Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases
to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group
of volunteers and companies interested in making it a success.</p>
<p>This was my ninth month as a Debian LTS paid contributor. I was assigned 30.00 hours and worked on
the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html">DLA 2215-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-3327">CVE-2020-3327</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-3341">CVE-2020-3341</a>, for <a href="https://tracker.debian.org/clamav">clamav</a>.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 0.101.5+dfsg-0+deb8u2.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/05/msg00019.html">DLA 2216-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-8161">CVE-2020-8161</a>, for <a href="https://tracker.debian.org/ruby-rack">ruby-rack</a>.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 1.5.2-3+deb8u3.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/06/msg00002.html">DLA 2234-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2005-1513">CVE-2005-1513</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2005-1514">CVE-2005-1514</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2005-1515">CVE-2005-1515</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-3811">CVE-2020-3811</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-3812">CVE-2020-3812</a>, for <a href="https://tracker.debian.org/netqmail">netqmail</a>.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 1.06-6.2~deb8u1.</p>
</li>
<li>
<p>Uploaded a fix for <a href="https://security-tracker.debian.org/tracker/CVE-2020-8162">CVE-2020-8162</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-8164">CVE-2020-8164</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-8165">CVE-2020-8165</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-8166">CVE-2020-8166</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-8167">CVE-2020-8167</a>, for <a href="https://tracker.debian.org/rails">rails</a>.
This upload was for Sid and Bullseye and these CVE(s) were fixed in version 2:5.2.4.3+dfsg-1.</p>
</li>
<li>
<p>Uploaded a fix for <a href="https://security-tracker.debian.org/tracker/CVE-2020-11082">CVE-2020-11082</a>, for <a href="https://tracker.debian.org/ruby-kaminari">ruby-kaminari</a>.
This upload was for Sid and Bullseye and this CVE was fixed in version 1.0.1-6.</p>
</li>
<li>
<p>Uploaded a fix for <a href="https://security-tracker.debian.org/tracker/CVE-2020-10663">CVE-2020-10663</a>, for <a href="https://tracker.debian.org/ruby-json">ruby-json</a>, <a href="https://tracker.debian.org/ruby2.1">ruby2.1</a>, and <a href="https://tracker.debian.org/ruby2.5">ruby2.5</a>.
These uploads were for Stretch and Buster and were fixed in the version 2.3.3-1+deb9u8, 2.1.0+dfsg-2+deb10u1, 2.3.3-1+deb9u8, and 2.5.5-3+deb10u2.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/06/msg00005.html">DLA 2237-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2019-8842">CVE-2019-8842</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-3898">CVE-2020-3898</a>, for <a href="https://tracker.debian.org/cups">cups</a>.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 1.7.5-11+deb8u8.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/06/msg00018.html">DLA 2246-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-13696">CVE-2020-13696</a>, for <a href="https://tracker.debian.org/xawtv">xawtv</a>.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 3.103-3+deb8u1.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html">DLA 2248-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-0543">CVE-2020-0543</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-0548">CVE-2020-0548</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-0549">CVE-2020-0549</a>, for <a href="https://tracker.debian.org/intel-microcode">intel-microcode</a>.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 3.20200609.2~deb8u1.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/06/msg00020.html">DLA 2249-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-0182">CVE-2020-0182</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-0198">CVE-2020-0198</a>, for <a href="https://tracker.debian.org/libexif">libexif</a>.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 0.6.21-2+deb8u4.</p>
</li>
</ul>
<h4 id="other-lts-work">Other LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/sympa">sympa</a>,
<a href="https://tracker.debian.org/pkg/apache2">apache2</a>,
<a href="https://tracker.debian.org/pkg/qemu">qemu</a>, and
<a href="https://tracker.debian.org/pkg/coturn">coturn</a>.</li>
<li>Add fix for CVE-2020-0198/libexif.</li>
<li>Requested CVE for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60251">bug#60251</a> against <a href="https://tracker.debian.org/pkg/apache2">apache2</a> and prodded further.</li>
<li>Raised <a href="https://github.com/sympa-community/sympa/issues/947">issue #947</a> against <code>sympa</code> reporting an incomplete patch for CVE-2020-10936. More discussions internally.</li>
<li>Created the LTS Survey on the self-hosted LimeSurvey instance.</li>
<li>Attended the third LTS meeting. Logs <a href="https://meetbot.debian.net/debian-lts/2020/debian-lts.2020-06-25-15.22.html">here</a>.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2020/05/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<h2 id="others">Other(s)</h2>
<figure>
<img src="https://utkarsh2102.org/images/computing.jpg"/>
</figure>
<p>Sometimes it gets hard to categorize work/things into a particular category.<br>
That’s why I am writing all of those things inside this category.<br>
This includes two sub-categories and they are as follows.</p>
<h4 id="personal">Personal:</h4>
<p>This month I did the following things:</p>
<ul>
<li>Wrote and published v0.1.0 of <code>rubocop-packaging</code> on <a href="https://rubygems.org/gems/rubocop-packaging">RubyGems</a>! 💯<br>
It’s open-sourced and the repository is <a href="https://github.com/utkarsh2102/rubocop-packaging">here</a>.<br>
Bug reports and pull requests are welcomed! 😉</li>
<li>Integrated a tiny (yet a powerful) hack to align images in markdown for my blog.<br>
Commit <a href="https://github.com/utkarsh2102/hugo-coder/commit/646aed40da8d508dbeaa8d8698b65212574a136a">here</a>. 🚀</li>
<li>Released v0.4.0 of <code>batalert</code> on <a href="https://rubygems.org/gems/batalert">RubyGems</a>! 🤗</li>
</ul>
<h4 id="open-source">Open Source:</h4>
<p>Again, this contains all the things that I couldn’t categorize earlier.<br>
Opened several issues and PRs:</p>
<ul>
<li><a href="https://github.com/FabioRosado/100daysof/issues/9">Issue #9</a> against <a href="https://github.com/FabioRosado/100daysof">100daysof</a>, reporting some broken CSS.</li>
<li><a href="https://github.com/FabioRosado/100daysof/pull/10">PR #10</a> for <a href="https://github.com/FabioRosado/100daysof">100daysof</a>, fixing the above issue^.</li>
<li><a href="https://github.com/florimondmanca/djangorestframework-api-key/issues/133">Issue #133</a> against <a href="https://github.com/florimondmanca/djangorestframework-api-key">djangorestframework-api-key</a>, asking to fix copyright years.</li>
<li><a href="https://github.com/pboling/rspec-stubbed_env/pull/5">PR #5</a> for <a href="https://github.com/pboling/rspec-stubbed_env">rspec-stubbed_env</a>, dropping <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/pboling/rspec-pending_for/pull/70">PR #70</a> for <a href="https://github.com/pboling/rspec-pending_for">rspec-pending_for</a>, dropping <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/podigee/device_detector/issues/74">Issue #74</a>, <a href="https://github.com/ankane/ahoy_email/issues/143">issue #143</a>, <a href="https://github.com/ai/autoprefixer-rails/issues/164">issue #164</a>, and <a href="https://github.com/ddollar/foreman/issues/767">issue #767</a> against multiple projects, asking them to use RuboCop.</li>
<li><a href="https://github.com/activeadmin/arbre/pull/212">PR #212</a> for <a href="https://github.com/activeadmin/arbre">arbre</a>, dropping <code>git ls-files</code> in gemspec.</li>
<li><a href="https://github.com/zyedidia/micro/issues/1749">Issue #1749</a> and <a href="https://github.com/zyedidia/micro/issues/1750">issue #1750</a> against <a href="https://github.com/zyedidia/micro">micro</a>, asking for help as the Debian package fails to build in <code>buster-backports</code>.</li>
<li><a href="https://github.com/zyedidia/micro/pull/1751">PR #1751</a> for <a href="https://github.com/zyedidia/micro/pull/1751">micro</a>, fixing the above issue^.</li>
<li><a href="https://github.com/luizdepra/hugo-coder/issues/348">Issue #348</a> against <a href="https://github.com/luizdepra/hugo-coder">hugo-coder</a>, clarifying the weird timing issue in the blog posts.</li>
<li><a href="https://github.com/luizdepra/hugo-coder/issues/356">Issue #356</a> against <a href="https://github.com/luizdepra/hugo-coder">hugo-coder</a>, reporting the weird display of images and missing twitter cards.</li>
<li><a href="https://gitlab.com/lienvdsteen/linter/-/merge_requests/12">MR #12</a> for <a href="https://gitlab.com/lienvdsteen/linter">linter</a>, dropping <code>git ls-files</code> in gemspec.</li>
<li><a href="https://gitlab.com/lienvdsteen/linter/-/merge_requests/13">MR #13</a> for <a href="https://gitlab.com/lienvdsteen/linter">linter</a>, doing so minor refactoring.</li>
</ul>
<hr>
<p>Thank you for sticking along for so long :)</p>
<p>Until next time.<br>
<code>:wq</code> for today.</p> GSoC Phase 1 https://utkarsh2102.org/posts/gsoc-phase-1/Mon, 15 Jun 2020 11:11:11 +0530 https://utkarsh2102.org/posts/gsoc-phase-1/ <p>Hello,</p>
<p>Earlier last month, I got selected as a <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a>
student for <a href="https://www.debian.org/">Debian</a> again! \o/<br>
And as <a href="https://www.youtube.com/watch?v=iqyBtWIZTkI">Chandler</a> would say,</p>
<blockquote>
<p>Could I be any more happier?</p>
</blockquote>
<p>Well, this time, my project is basically to write a linter (an extension to <a href="https://rubocop.org/">RuboCop</a>).
This tool is mostly to help the <a href="https://wiki.debian.org/Teams/Ruby/">Debian Ruby team</a>.
And that is the best part, I love working in/for/with the Ruby team!<br>
(I’ve been an active part of the team for 18 months now :))</p>
<p><img src="https://utkarsh2102.org/images/debian_ruby.png#center" alt=""></p>
<p>More details about the project can be found <a href="https://wiki.debian.org/SummerOfCode2020/Projects/#SummerOfCode2020.2FApprovedProjects.2FUpstreamDownstreamCooperationInRuby.Upstream.2FDownstream_cooperation_in_Ruby">here, on the wiki</a>.<br>
And also, I have got the best mentors I could’ve possibly asked for: <a href="https://github.com/terceiro">Antonio Terceiro</a>
and <a href="https://github.com/deivid-rodriguez/">David Rodríguez</a> 💖</p>
<p>So, the program began on 1st June and I’ve been working since then. I log my daily updates at
<a href="https://gsocwithutkarsh2102.tk/">gsocwithutkarsh2102.tk</a>.</p>
<p>Whilst the daily updates are available at the above site^, I’ll breakdown the important
parts here:</p>
<ul>
<li>
<p>During the first three days, I looked for a potential solution to the usage of
<code>git ls-files</code> in the gemspec files. This has been the most problematic thing for us.</p>
<ul>
<li>Apart from the option of using <code>Dir</code> or <code>Dir.glob</code>, the best (closest) possible solution
(right now) is to use <code>Rake::FileList</code> which tries to respects the <code>.gitignore</code> file.</li>
<li>I stumbled upon this interesting gem, <a href="https://github.com/robotdana/fast_ignore">fast_ignore</a>.
It is the <em>exact</em> thing which we want to use but unfortunately, to use it inside other
gemspec files, it should be vendored inside <a href="https://rubygems.org/gems/bundler">bundler’s</a>
code.</li>
</ul>
</li>
<li>
<p>We had our <a href="https://gsocwithutkarsh2102.tk/log/2020/06/04/day4.html">first meeting</a> on the
fourth day and we decided to hold meetings every Thursday for the next 12 weeks.</p>
</li>
<li>
<p>For the next five days, I learned more of Ruby and figured out what to do and how to do it.<br>
If you’d like to know what exactly I did in these 5 days, I’d suggest you to read the daily
logs for those respective days.</p>
</li>
<li>
<p>During the next to two days, the first part of the project, the GemspecGit Cop, was
implemented.<br>
This cop will correctly determine the usage of “git” in the gemspec files and would tell
the developers and the maintainers to replace them with pure Ruby alternatives with giving
them a proper reason to do so. Much thanks to <a href="https://github.com/robotdana/">Dana</a> for her
help – she took out time to pair-program with me! 💖</p>
</li>
<li>
<p>We had our <a href="https://gsocwithutkarsh2102.tk/log/2020/06/11/day11.html">second weekly meeting</a>
where I finally told Antonio and David that the first part is already done (\o/) and we
discussed some things and even pair-programmed :D</p>
</li>
<li>
<p>I took the weekend off (and something terrible happened) but anyways, I managed to get
together some time and energy to document the source code and raised this
<a href="https://github.com/utkarsh2102/rubocop-packaging/pull/2/">PR #2</a>.</p>
</li>
<li>
<p>And here I am on the 15th day :)</p>
</li>
</ul>
<p>It has been a lot of fun so far! Though I am little worried on how to implement the next part
of the project as I am not sure how to check only a particalar directory for some relative
require calls.<br>
But I think, that’s okay, somehow, something will work out. And I can always ask around
others and check other cops to see how it’s done! ¯\<em>(ツ)</em>/¯</p>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in May 2020 https://utkarsh2102.org/posts/foss-in-may-20/Sat, 30 May 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-may-20/ <p>Here’s my (eighth) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>This month marks my 15 months of contributing to <a href="https://www.debian.org/">Debian</a>.
And 6th month as a <a href="https://wiki.debian.org/DebianDeveloper">DD</a>! \o/</p>
<p>Whilst I love doing Debian stuff, I have started spending more time on the programming
side now. And I hope to keep it this for some time now.<br>
Of course, I’ll keep doing the Debian stuff, but just lesser in amount.</p>
<p>Anyway, the following are the things I did in May.</p>
<h4 id="uploads">Uploads:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/ruby-aggregate">ruby-aggregate</a> (0.2.3-1) - got patches merged upstream.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-whenever">ruby-whenever</a> (1.0.0-1) - new upstream version + take over maintenance.</li>
<li><a href="https://tracker.debian.org/pkg/polybar">polybar</a> (3.4.3-1) - fix GCC 10 compilation.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-dbus">ruby-dbus</a> (0.16.0-1) - new upstream version + fix FTBFS (temporarily).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a> (2.1.1-5) - use <code>Dir.entries</code> instead of <code>Dir[glob]</code>. Fixes <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8161">CVE-2020-8161</a>.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-espeak">ruby-espeak</a> (1.0.4-2) - fix FTBFS (<a href="https://bugs.debian.org/952587">#952587</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-libnotify">ruby-libnotify</a> (0.9.4-1) - NEW (<a href="https://bugs.debian.org/961577">#961577</a>). Needed by <a href="https://github.com/utkarsh2102/batalert">batalert</a>.</li>
<li><a href="https://tracker.debian.org/pkg/batalert">batalert</a> (0.3.0-1) - NEW (<a href="https://bugs.debian.org/961580">#961580</a>).</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-zyedidia-tcell">golang-github-zyedidia-tcell</a> (1.4.5-1) - fix tcell ID for micro.</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.4-1) - new release <a href="https://github.com/zyedidia/micro/releases/tag/v2.0.4">features</a> + change in <a href="https://salsa.debian.org/go-team/packages/micro/-/commit/9b9c01a89177acb9629f385ec14293eee1a1cb0b">build path</a>.</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Hosted Ruby team meeting. Logs <a href="https://meetbot.debian.net/debian-ruby/2020/debian-ruby.2020-05-08-16.53.html">here</a>.</li>
<li>Attended Debian Perl Sprints. Report <a href="https://lists.debian.org/debian-perl/2020/05/msg00051.html">here</a>.</li>
<li>Sponsored <code>git-repo-updater</code> and <code>mplcursors</code> for Sudip.</li>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Got selected for <a href="https://bits.debian.org/2020/05/welcome-gsoc2020-interns.html">GSoC’20 for Debian</a>!</li>
</ul>
<hr>
<h2 id="experimenting-and-improving-ruby-libraries-ftw">Experimenting and improving Ruby libraries FTW!</h2>
<figure>
<img src="https://utkarsh2102.org/images/ruby-logo-small.png"/>
</figure>
<p>I have been very heavily involved with the <a href="https://wiki.debian.org/Teams/Ruby/">Debian Ruby team</a> for over an year now.<br>
Thanks to Antonio Terceiro (and GSoC), I’ve started experimenting and taking more
interest in upstream development and improvement of these libraries.</p>
<p>This has the sole purpose of learning. It has gotten fun since I’ve started doing Ruby.<br>
And I hope it stays this way.</p>
<p>This month, I opened some issues and proposed a few pull requests. They are:</p>
<ul>
<li><a href="https://github.com/javan/whenever/issues/802">Issue #802</a> against <code>whenever</code> for Ruby2.7 test failures.</li>
<li><a href="https://github.com/josephruscio/aggregate/issues/8">Issue #8</a> against <code>aggregate</code> asking upstream for a release on rubygems.</li>
<li><a href="https://github.com/ruby/irb/issues/104">Issue #104</a> against <code>irb</code> for asking more about <code>Array.join("\n")</code>.</li>
<li><a href="https://github.com/mikel/mail/issues/1391">Issue #1391</a> against <code>mail</code> asking upstream to cut a new release.</li>
<li><a href="https://github.com/rack/rack/issues/1655">Issue #1655</a> against <code>rack</code> reporting test failures in the CVE fix.</li>
<li><a href="https://github.com/mvidner/ruby-dbus/issues/84">Issue #84</a> against <code>ruby-dbus</code> for help with Debian bug <a href="https://bugs.debian.org/836296">#836296</a>.</li>
<li><a href="https://github.com/mvidner/ruby-dbus/issues/85">Issue #85</a> against <code>ruby-dbus</code> asking if they still use <code>rDoc</code> for doc generation.</li>
<li><a href="https://github.com/josephruscio/aggregate/pull/9">PR #9</a> against <code>aggregate</code> for dropping git from <code>gemspec</code>.</li>
<li><a href="https://github.com/javan/whenever/pull/804">PR #804</a> against <code>whenever</code> for dropping git from <code>gemspec</code>.</li>
<li>Packaged <a href="https://tracker.debian.org/pkg/ruby-cmath">ruby-cmath</a> as it was split from Ruby2.7; cf: (<a href="https://bugs.debian.org/961213">#961213</a>).</li>
</ul>
<hr>
<h2 id="debian-lts">Debian LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p>Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases
to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group
of volunteers and companies interested in making it a success.</p>
<p>This was my eighth month as a Debian LTS paid contributor. I was assigned 17.25 hours and worked on
the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/04/msg00029.html">DLA 2191-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-10683">CVE-2020-10683</a>, for <a href="https://tracker.debian.org/dom4j">dom4j</a>.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u2.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html">DLA 2192-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-10663">CVE-2020-10663</a>, for <a href="https://tracker.debian.org/ruby2.1">ruby2.1</a>.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 2.1.5-2+deb8u10.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html">DLA 2208-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-11026">CVE-2020-11026</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-11027">CVE-2020-11027</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-11028">CVE-2020-11028</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-11026">CVE-2020-11029</a>, for <a href="https://tracker.debian.org/wordpress">wordpress</a>.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 4.1.30+dfsg-0+deb8u1.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/05/msg00013.html">DLA 2210-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-3810">CVE-2020-3810</a>, for <a href="https://tracker.debian.org/apt">apt</a>.<br>
This update was prepared by the maintainer, Julian. I just took care of the paperwork.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 1.0.9.8.6.</p>
</li>
</ul>
<h4 id="other-lts-work">Other LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/tika">tika</a>,
<a href="https://tracker.debian.org/pkg/freerdp">freerdp</a>, and
<a href="https://tracker.debian.org/pkg/apache2">apache2</a>.</li>
<li>Mark CVE-2020-12105/openconnect as <del>no-dsa</del> not-affected for Jessie.</li>
<li>Mark CVE-2020-9489/tika as <del>no-dsa</del> ignored for Jessie.</li>
<li>Mark CVE-2020-11025/wordpres as not-affected for Jessie.</li>
<li>Add fix for Add fix for CVE-2019-18823/condor.</li>
<li>Requested CVE for <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=60251">bug#60251</a> against <a href="https://tracker.debian.org/pkg/apache2">apache2</a>.</li>
<li>Raised <a href="https://github.com/sympa-community/sympa/issues/947">issue #947</a> against sympa reporting an incomplete patch for CVE-2020-10936.</li>
<li>Created the LTS Survey on the self-hosted LimeSurvey instance.</li>
<li>Attended the second LTS meeting. Logs <a href="https://meetbot.debian.net/debian-lts/2020/debian-lts.2020-05-28-14.58.html">here</a>.</li>
<li>General discussion on LTS private and <a href="https://lists.debian.org/debian-lts/2020/05/threads.html">public mailing list</a>.</li>
</ul>
<hr>
<h2 id="others">Other(s)</h2>
<figure>
<img src="https://utkarsh2102.org/images/vendetta.jpg"/>
</figure>
<p>Sometimes it gets hard to categorize work/things into a particular category.<br>
That’s why I am writing all of those things inside this category.<br>
This includes two sub-categories and they are as follows.</p>
<h4 id="personal">Personal:</h4>
<p>This month I could get the following things done:</p>
<ul>
<li>Wrote and published my first Ruby gem/library/tool on <a href="https://rubygems.org/gems/batalert">RubyGems</a>! 💯<br>
It’s open-sourced and the repository is <a href="https://github.com/utkarsh2102/batalert">here</a>.<br>
Bug reports and pull requests are welcomed! 😉</li>
<li>Wrote a small Ruby script (available <a href="https://github.com/utkarsh2102/utsh/blob/master/gem-install.rb">here</a>) to install Ruby gems from Gemfile(.lock).<br>
Needed this when I hit a bug while using <a href="https://salsa.debian.org/ruby-team/ruby-standalone">ruby-standalone</a>, which Antonio fixed pretty quickly! 🚀</li>
<li>Had a coffee chat with John Coghlan! 🤗<br>
Tweet <a href="https://twitter.com/utkarsh2102/status/1266342128130461696">here</a>.</li>
</ul>
<h4 id="open-source">Open Source:</h4>
<p>Again, this contains all the things that I couldn’t categorize earlier.<br>
Opened several issues and did a PR review:</p>
<ul>
<li><a href="https://github.com/ariya/phantomjs/issues/15434">Issue #15434</a> against <code>phantomjs</code>, asking to look into CVE-2019-17221. Still no action :/</li>
<li><a href="https://github.com/sympa-community/sympa/issues/947">Issue #947</a> against <code>sympa</code>, reporting an incomplete patch for CVE-2020-10936.</li>
<li><a href="https://github.com/polybar/polybar/issues/2102">Issue #2102</a> against <code>polybar</code>, mentioning that the build is not reproducible.</li>
<li><a href="https://github.com/libgit2/libgit2/issues/5521">Issue #5521</a> against <code>libgit2</code>, mentioning that the build is not reproducible.</li>
<li>Reviewed <a href="https://github.com/libgit2/libgit2/pull/5523">PR #5523</a> for <code>polybar</code>, which was a fix for the above issue.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in April 2020 https://utkarsh2102.org/posts/foss-in-april-20/Thu, 30 Apr 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-april-20/ <p>Here’s my (seventh) monthly update about the activities I’ve done in the F/L/OSS world.</p>
<h2 id="debian">Debian</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-logo-small.png"/>
</figure>
<p>It’s been 14 months since I’ve started contributing to Debian.
And 4 months since I’ve been a Debian Developer. And in this beautiful time,
I had this opprotunity to do and learn lots of new and interesting things. And most
importantly, meet and interact with lots of lovely people! 💖<br>
Debian is <code>$home</code>.</p>
<h4 id="uploads">Uploads:</h4>
<ul>
<li><a href="https://tracker.debian.org/pkg/libgit2">libgit2</a> (0.28.5+dfsg.1-1) - new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-ffi-compiler">ruby-ffi-compiler</a> (1.0.1-1) - NEW (<a href="https://bugs.debian.org/#955497">#955497</a>).</li>
<li><a href="https://tracker.debian.org/pkg/rake">rake</a> (13.0.1-3/4) - using <code>--gem-install layout</code> and fixing autopkgtest.</li>
<li><a href="https://tracker.debian.org/pkg/mcollective">mcollective</a> (2.12.5+dfsg-1) - new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-guard">ruby-guard</a> (2.16.2-1) - fix regression caused by pry’s upload (<a href="https://bugs.debian.org/#954724">#954724</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-pry-byebug">ruby-pry-byebug</a> (3.9.0-1) - fix regression caused by pry’s upload (<a href="https://bugs.debian.org/#954572">#954572</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-ahoy-matey">ruby-ahoy-matey</a> (3.0.2-1) - new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-http-parser">ruby-http-parser</a> (1.2.1-1) - NEW (<a href="https://bugs.debian.org/#955589">#955589</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-http-parser.rb">ruby-http-parser.rb</a> (0.6.0-5) - Drop <code>Conflicts</code> field.</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-awalterschulze-gographviz">golang-github-awalterschulze-gographviz</a> (2.0.1-1) - new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-ffi-yajl">ruby-ffi-yajl</a> (2.3.1-3) - fix build in <code>ARM</code> $arch.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-http">ruby-http</a> (4.4.1-1) - new upstream version ((<a href="https://bugs.debian.org/#890075">#890075</a> and <a href="https://bugs.debian.org/#858140">#858140</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-twitter">ruby-twitter</a> (7.0.0-1) - new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a> (2.1.1-2) - migration to unstable.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-rack-oauth2">ruby-rack-oauth2</a> (1.11.0-1) - fix FTBFS.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-crb-blast">ruby-crb-blast</a> (0.6.9-4) - fix regression caused by ruby-bio (<a href="https://bugs.debian.org/#954536">#954536</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-sassc-rails">ruby-sassc-rails</a> (2.1.2-5) - Add <code>Breaks+Replaces</code> for ruby-sass-rails (<a href="https://bugs.debian.org/#952682">#952682</a> and <a href="https://bugs.debian.org/#954544">#954544</a>).</li>
<li><a href="https://tracker.debian.org/pkg/libdbd-firebird-perl">libdbd-firebird-perl</a> (1.32-1) - new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-minitest-global-expectations">ruby-minitest-global-expectations</a> (1.0.1-1) - NEW (<a href="https://bugs.debian.org/#956051">#956051</a>).</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-cheekybits-genny">golang-github-cheekybits-genny</a> (1.0.0-1) - NEW (<a href="https://bugs.debian.org/#956128">#956128</a>).</li>
<li><a href="https://tracker.debian.org/pkg/node-clipboard">node-clipboard</a> (2.0.6+ds-1~bpo10+1) - backporting to buster.</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.2-3) - use <code>cut -d'-' -f1</code> to just show upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/golang-github-go-errors-errors">golang-github-go-errors-errors</a> (1.0.1-4) - fix build and autopkgtest (<a href="https://bugs.debian.org/#954521">#954521</a>).</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.2-3~bpo10+1) - backporting to buster.</li>
<li><a href="https://tracker.debian.org/pkg/libgit2">libgit2</a> (1.0.0+dfsg.1-1) - new upstream version.</li>
<li><a href="https://tracker.debian.org/pkg/micro">micro</a> (2.0.3-1) - add support for +LINE:COL flag syntax for cursor position (<a href="https://bugs.debian.org/#953427">#953427</a>).</li>
</ul>
<h4 id="other-things">Other $things:</h4>
<ul>
<li>Attended Ruby team meeting. Logs <a href="https://meetbot.debian.net/debian-ruby/2020/debian-ruby.2020-04-03-16.31.html">here</a>.</li>
<li>Attended Perl team LHF. Report <a href="https://lists.debian.org/debian-perl/2020/04/msg00014.html">here</a>.</li>
<li>Sponsored a lot of uploads for William Desportes and Adam Cecile.</li>
<li>Mentoring for newcomers.</li>
<li>FTP Trainee reviewing.</li>
<li>Moderation of -project mailing list.</li>
<li>Applied for <a href="https://wiki.debian.org/SummerOfCode2020/Projects/#SummerOfCode2020.2FApprovedProjects.2FUpstreamDownstreamCooperationInRuby.Upstream.2FDownstream_cooperation_in_Ruby">DUCI project</a> for Google Summer of Code 2020.</li>
</ul>
<hr>
<h2 id="ruby27-migration">Ruby2.7 Migration:</h2>
<figure>
<img src="https://utkarsh2102.org/images/ruby-logo-small.png"/>
</figure>
<p>Ruby2.7 was recently released on 25th December, 2019. Santa’s gift. Believe it or not.
We, the Debian Ruby team, have been trying hard to make it migrate to testing. And it finally happened.
The default version in testing is ruby2.7. Here’s the <a href="https://tracker.debian.org/news/1119524/ruby-defaults-1271-migrated-to-testing/">news</a>! \o/<br>
Here’s what I worked on this month for this transition.</p>
<h4 id="upstream">Upstream:</h4>
<p>Opened several issues and proposed patches (in the form of PRs):</p>
<ul>
<li><a href="https://github.com/attr-encrypted/encryptor/issues/35">Issue #35</a> against <code>encryptor</code> for Ruby2.7 test failures.</li>
<li><a href="https://github.com/seattlerb/image_science/issues/28">Issue #28</a> against <code>image_science</code> for removing relative paths.</li>
<li><a href="https://github.com/chef/ffi-yajl/issues/106">Issue #106</a> against <code>ffi-yajl</code> for Ruby2.7 test failures.</li>
<li><a href="https://github.com/josephruscio/aggregate/pull/5">PR #5</a> against <code>aggregate</code> for simply using <code>require</code>.</li>
<li><a href="https://github.com/josephruscio/aggregate/pull/6">PR #6</a> against <code>aggregate</code> for modernizing CI and adding Ruby 2.5 and 2.7 support.</li>
<li><a href="https://github.com/dejan/espeak-ruby/issues/13">Issue #13</a> against <code>espeak-ruby</code> for Ruby2.7 test failures.</li>
<li><a href="https://github.com/piotrmurach/tty-which/issues/4">Issue #4</a> against <code>tty-which</code> for test failures in general.</li>
<li><a href="https://github.com/marcandre/packable/issues/11">Issue #11</a> against <code>packable</code> for Ruby2.7 test failures. <a href="https://github.com/marcandre/packable/pull/12">PR #12</a> has been proposed.</li>
<li><a href="https://github.com/tj/growl/issues/10">Issue #10</a> against <code>growl</code> for test failures and proposed an initial patch.</li>
</ul>
<h4 id="downstream">Downstream:</h4>
<p>I fixed and uploaded the following packages in Debian:</p>
<ul>
<li><a href="https://tracker.debian.org/pkg/puppet-beaker">puppet-beaker</a> (4.21.0-1) - new upstream version and fix FTBFS (<a href="https://bugs.debian.org/#956595">#956595</a> and <a href="https://bugs.debian.org/#954614">#954614</a>).</li>
<li><a href="https://tracker.debian.org/pkg/ruby-fakeweb">ruby-fakeweb</a> (1.3.0+git20170806+dfsg1-2) - fix autopkgtest (<a href="https://bugs.debian.org/#952042">#952042</a>).</li>
<li><a href="https://tracker.debian.org/pkg/puppet-lint">puppet-lint</a> (2.4.2-2) - fix FTBFS for Ruby2.7 migration.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-hoe">ruby-hoe</a> (3.22.1+dfsg1-1) - new upstream version and fix FTBFS (<a href="https://bugs.debian.org/#952041">#952041</a>).</li>
<li><a href="https://tracker.debian.org/pkg/rake-compiler">rake-compiler</a> (1.0.5-2) - fix FTBFS.</li>
<li><a href="https://tracker.debian.org/pkg/ruby-aggregate">ruby-aggregate</a> (0.2.2-3) - fix autopkgtest.</li>
<li><a href="https://tracker.debian.org/pkg/facter">facter</a> (3.11.0-4) - fix autopkgtest (<a href="https://bugs.debian.org/#955582">#955582</a>).</li>
</ul>
<hr>
<h2 id="debian-lts">Debian LTS</h2>
<figure>
<img src="https://utkarsh2102.org/images/debian-lts-small.png"/>
</figure>
<p>Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases
to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group
of volunteers and companies interested in making it a success.<br>
This was my seventh month as a Debian LTS paid contributor. I was assigned 24.00 hours and worked on
the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/04/msg00011.html">DLA 2178-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-11728">CVE-2020-11728</a> and <a href="https://security-tracker.debian.org/tracker/CVE-2020-11729">CVE-2020-11729</a>, for <a href="https://tracker.debian.org/awl">awl</a>.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 0.55-1+deb8u1.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html">DLA 2179-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-10968">CVE-2020-10968</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-10969">CVE-2020-10969</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-11111">CVE-2020-11111</a>,
<a href="https://security-tracker.debian.org/tracker/CVE-2020-11112">CVE-2020-11112</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-11113">CVE-2020-11113</a>, <a href="https://security-tracker.debian.org/tracker/CVE-2020-11619">CVE-2020-11619</a>, and <a href="https://security-tracker.debian.org/tracker/CVE-2020-11620">CVE-2020-11620</a>, for <a href="https://tracker.debian.org/jackson-databind">jackson-databind</a>.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 2.4.2-2+deb8u14.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html">DLA 2180-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-11736">CVE-2020-11736</a>, for <a href="https://tracker.debian.org/file-roller">file-roller</a>.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 3.14.1-1+deb8u2.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/04/msg00023.html">DLA 2190-1</a>, fixing <a href="https://security-tracker.debian.org/tracker/CVE-2020-10663">CVE-2020-10663</a>, for <a href="https://tracker.debian.org/ruby-json">ruby-json</a>.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 1.8.1-1+deb8u1.</p>
</li>
</ul>
<h4 id="other-lts-work">Other LTS Work:</h4>
<ul>
<li>Triaged <a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a>,
<a href="https://tracker.debian.org/pkg/libconvert-asn1-perl">libconvert-asn1-perl</a>,
<a href="https://tracker.debian.org/pkg/file-roller">file-roller</a>,
<a href="https://tracker.debian.org/pkg/awl">awl</a>,
<a href="https://tracker.debian.org/pkg/dom4j">dom4j</a>,
and <a href="https://tracker.debian.org/pkg/openvpn">openvpn</a>.</li>
<li>Mark CVE-2013-7488/libconvert-asn1-perl as no-dsa for Jessie.</li>
<li>Mark CVE-2020-11810/openvpn as no-dsa for Jessie.</li>
<li>Ping ntp’s upstream for relevant commits.</li>
<li>Mark CVE-2019-16782/ruby-rack as no-dsa for Jessie.</li>
<li>Attended first LTS meeting. Logs <a href="https://meetbot.debian.net/debian-lts/2020/debian-lts.2020-04-29-13.59.html">here</a>.</li>
<li>General discussion on LTS <a href="https://lists.debian.org/debian-lts/2020/05/threads.html">mailing list</a>.</li>
</ul>
<hr>
<h2 id="others">Other(s)</h2>
<figure>
<img src="https://utkarsh2102.org/images/vendetta.jpg"/>
</figure>
<p>Sometimes it gets hard to categorize work/things into a particular category.<br>
That’s why I am writing all of those things inside this category.<br>
This includes two sub-categories and they are as follows.</p>
<h4 id="personal">Personal:</h4>
<p>This month I could get the following things done:</p>
<ul>
<li>Most importantly, I finally migrated to a new website. Huge UI imporvement! \o/<br>
From Jekyll to Hugo, it was not easy. But it was worth it! Many thanks to <a href="https://luizdepra.dev/">Luiz</a> for writing <a href="https://github.com/luizdepra/hugo-coder/">hugo-coder</a>, <a href="https://clementpannetier.dev/">Clement</a>, and <a href="https://samyak-jn.tk/">Samyak</a>! 🔥<br>
If you find any flaws, issues and pull requests are welcomed at <a href="https://github.com/utkarsh2102/utkarsh2102.org">utkarsh2102/utkarsh2102.org</a></li>
<li>Wrote <a href="https://github.com/utkarsh2102/utsh/blob/master/battery-alert.sh">battery-alert</a>, a mini-project of my own to show battery alerts at <10% and >90%.<br>
Written in shell, it brings me all the satisfaction as it has saved my life on many occasions.<br>
And guess what? It has more users than just myself! 😉<br>
Reviews and patches are welcomed \o/</li>
<li>Mentored in <a href="https://twitter.com/HackOnHackathon/status/1249582939261693953">HackOn Hackathon</a>. Thanks to <a href="https://twitter.com/manvisinghwal">Manvi</a> for reaching out! 🤗<br>
It was fun to see people developing some really nice projects.</li>
<li>Thanks to <a href="https://twitter.com/rspaik">Ray</a> and <a href="https://twitter.com/john_cogs">John</a>, I became a <a href="https://about.gitlab.com/community/heroes/members/">GitLab Hero</a>! 🥳<br>
(I am yet to figure out my role and responibility though)</li>
<li>Atteneded <a href="https://twitter.com/introseccon">Intro Sec Con</a> and had the most fun!<br>
Heard Ian’s keynote and attended other talks and learned how to use WireShark! 🦈</li>
</ul>
<h4 id="open-source">Open Source:</h4>
<p>Again, this contains all the things that I couldn’t categorize earlier.<br>
Opened several issues and pull requests:</p>
<ul>
<li><a href="https://github.com/luizdepra/hugo-coder/issues/297">Issue #297</a> against <code>hugo-coder</code>, asking to enable RSS feed for blogs.</li>
<li><a href="https://github.com/luizdepra/hugo-coder/pull/316">PR #316</a> for <code>hugo-coder</code> for fixing the above issue myself.</li>
<li><a href="https://github.com/activeadmin/arbre/issues/173">Issue #173</a> against <code>arbre</code> for requesting a release.</li>
<li><a href="https://github.com/pat/combustion/issues/104">Issue #104</a> against <code>combustion</code>, asking to relax dependency on rubocop. Fixed in this <a href="https://github.com/pat/combustion/commit/902df3252f9ae38a0f127b4ae086e0da4944b80f">commit</a>.</li>
<li><a href="https://github.com/ffi/ffi-compiler/issues/16">Issue #16</a> against <code>ffi-compiler</code> for requesting to fix homepage and license.</li>
<li><a href="https://github.com/awalterschulze/gographviz/issues/57">Issue #57</a> against <code>gographviz</code> for requesting a release.</li>
<li><a href="https://github.com/cboursnell/crb-blast/issues/14">Issue #14</a> against <code>crb-blast</code>, suggesting compatability with bio 2.0.x.</li>
<li><a href="https://github.com/flyerhzm/uniform_notifier/issues/58">Issue #58</a> against <code>uniform_notifier</code> for asking to drop the use of ruby-growl.</li>
<li><a href="https://github.com/polybar/polybar/pull/2072">PR #2072</a> for <code>polybar</code>, adding installation instructions on Debian systems.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in March 2020 https://utkarsh2102.org/posts/foss-in-march-20/Mon, 30 Mar 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-march-20/ <p>Here’s my (sixth) monthly update about the activities I’ve done in Debian this March.</p>
<h2 id="debian-lts">Debian LTS</h2>
<p>This was my sixth month as a Debian LTS paid contributor.<br>
I was assigned 24.00 hours and worked on the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued DLA 2131-1, fixing CVE-2014-6262, for rrdtool.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 1.4.8-1.2+deb8u1.</p>
</li>
<li>
<p>Issued DLA 2131-2, fixing regression caused by DLA 2131-1, for rrdtool.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 1.4.8-1.2+deb8u2.</p>
</li>
<li>
<p>Issued DLA 2135-1, fixing CVE-2020-9546, CVE-2020-9547, and CVE-2020-9548,<br>
for jackson-databind.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 2.4.2-2+deb8u12.</p>
</li>
<li>
<p>Issued DLA 2137-1, fixing CVE-2020-10232, for sleuthkit.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 4.1.3-4+deb8u2.</p>
</li>
<li>
<p>Issued DLA 2139-1, fixing CVE-2020-5258 and CVE-2020-5259, for dojo.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 1.10.2+dfsg-1+deb8u3.</p>
</li>
<li>
<p>Issued DLA 2141-1, fixing CVE-2020-10184 and CVE-2020-10185, for yubikey-val.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 2.27-1+deb8u1.</p>
</li>
<li>
<p>Issued DLA 2146-1, fixing CVE-2019-15690, for libvncserver.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 0.9.9+dfsg2-6.1+deb8u7.</p>
</li>
<li>
<p>Issued DLA 2147-1, fixing CVE-2019-17546, for gdal.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 1.10.1+dfsg-8+deb8u2.</p>
</li>
<li>
<p>Issued DLA 2149-1, fixing CVE-2020-5267, for rails.<br>
For Debian 8 “Jessie”, this problem has been fixed in version 2:4.1.8-1+deb8u6.</p>
</li>
<li>
<p>Issued DLA 2153-1, fixing CVE-2020-10672 and CVE-2020-10673, for jackson-databind.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 2.4.2-2+deb8u13.</p>
</li>
<li>
<p>Issued DLA 2154-1, fixing CVE-2020-10802 and CVE-2020-10803, for phpmyadmin.<br>
For Debian 8 “Jessie”, these problems have been fixed in version 4:4.2.12-2+deb8u9.</p>
</li>
</ul>
<h4 id="other-lts-work">Other LTS Work:</h4>
<ul>
<li>
<p>Triaged <a href="https://tracker.debian.org/pkg/rrdtool">rrdtool</a>,
<a href="https://tracker.debian.org/pkg/sleuthkit">sleuthkit</a>,
<a href="https://tracker.debian.org/pkg/libarchive">libarchive</a>,
<a href="https://tracker.debian.org/pkg/dojo">dojo</a>,
<a href="https://tracker.debian.org/pkg/nethack">nethack</a>,
<a href="https://tracker.debian.org/pkg/libvncserver">libvncserver</a>,
<a href="https://tracker.debian.org/pkg/rails">rails</a>,
<a href="https://tracker.debian.org/pkg/jackson-databind">jackson-databind</a>,<br>
and <a href="https://tracker.debian.org/pkg/phpmyadmin">phpmyadmin</a>.</p>
</li>
<li>
<p>Traiged CVE-2019-20509/libarchive and marked it as not-affected for Jessie, Stretch, and Buster.</p>
</li>
</ul>
<hr>
<h2 id="debian-work">Debian Work</h2>
<h4 id="uploads-to-the-archive">Uploads to the Archive:</h4>
<ul>
<li>micro (2.0.2-1~bpo10+1) to buster-backports.</li>
<li>rails (2:5.2.4.1+dfsg-1) to unstable.</li>
<li>ruby-rack (2.0.8-1) to unstable.</li>
<li>ruby-grape (1.3.0-1) to experimental.</li>
<li>libgit2 (0.28.4+dfsg.1-3) to unstable.</li>
<li>micro (2.0.2-2) to unstable.</li>
<li>ruby-octokit (4.17.0-1) to unstable.</li>
<li>ruby-power-assert (1.1.6-1) to unstable.</li>
<li>rails (2:5.2.4.1+dfsg-2) to unstable.</li>
<li>ruby-octokit (4.17.0-2) to unstable.</li>
<li>ruby-method-source (1.0.0-1) to unstable.</li>
<li>libwebservice-ils-perl (0.18-1) to unstable.</li>
<li>libdata-hal-perl (1.001-1) to unstable.</li>
<li>rails (2:4.2.7.1-1+deb9u2) to stretch.</li>
<li>rails (2:5.2.2.1+dfsg-1+deb10u1) to buster.</li>
<li>libgit2 (0.28.4+dfsg.1-4) to unstable.</li>
<li>ruby-grape (1.3.1+git20200320.c8fd21b-1) to experimental.</li>
<li>ruby-grape-logging (1.8.3-1) to unstable.</li>
<li>ruby-grape (1.3.1+git20200320.c8fd21b-2) to unstable.</li>
<li>ruby-dry-equalizer (0.3.0-2) to unstable.</li>
<li>ruby-dry-core (0.4.9-2) to unstable.</li>
<li>ruby-dry-logic (1.0.5-2) to unstable.</li>
<li>ruby-dry-inflector (0.2.0-2) to unstable.</li>
<li>ruby-dry-container (0.7.2-2) to unstable.</li>
<li>ruby-dry-configurable (0.9.0-2) to unstable.</li>
<li>ruby-dry-types (1.2.2-2) to unstable.</li>
<li>micro (2.0.2-2~bpo10+1) to buster-backports.</li>
<li>golang-vbom-util (0.0~git20180919.efcd4e0-2) to unstable.</li>
<li>golang-github-tonistiigi-units (0.0~git20180711.6950e57-2) to unstable.</li>
<li>golang-github-jaguilar-vt100 (0.0~git20150826.2703a27-2) to unstable.</li>
<li>golang-github-grpc-ecosystem-grpc-opentracing (0.0~git20180507.8e809c8-2) to unstable.</li>
<li>rails (2:6.0.2.1+dfsg-3) to experimental.</li>
<li>libgit2 (0.99.0+dfsg.1-1) to experimental.</li>
<li>golang-github-goji-param (0.0~git20160927.d7f49fd-5) to unstable.</li>
<li>phpmyadmin-sql-parser (4.6.1-2) to unstable.</li>
<li>mariadb-mysql-kbs (1.2.10-2) to unstable.</li>
<li>golang-github-aleksi-pointer (1.1.0-1) to unstable.</li>
<li>golang-github-andreyvit-diff (0.0~git20170406.c7f18ee-2) to unstable.</li>
<li>golang-github-audriusbutkevicius-go-nat-pmp (0.0~git20160522.452c976-2) to unstable.</li>
<li>ruby-power-assert (1.1.7-1) to unstable.</li>
<li>ruby-test-unit (3.3.5-1) to unstable.</li>
<li>ruby-omniauth (1.9.1-1) to unstable.</li>
<li>ruby-warden (1.2.8-1) to unstable.</li>
<li>python-libais (0.17+git.20190917.master.e464cf8-2) to unstable.</li>
<li>lolcat (100.0.1-3) to unstable.</li>
<li>ruby-vips (2.0.17-1) to unstable.</li>
</ul>
<h4 id="bug-fixes">Bug Fixes:</h4>
<ul>
<li>#836206 for lolcat.</li>
<li>#940338 for golang-github-audriusbutkevicius-go-nat-pmp.</li>
<li>#940335 for golang-github-andreyvit-diff.</li>
<li>#940334 for golang-github-aleksi-pointer.</li>
<li>#940362 for golang-github-goji-param.</li>
<li>#952025 for ruby-grape.</li>
<li>#867027 for ruby-grape.</li>
<li>#954529 for libgit2.</li>
<li>#954304 for rails (CVE-2020-5267) – buster-pu.</li>
<li>#954304 for rails (CVE-2020-5267) – stretch-pu.</li>
<li>#954304 for rails (CVE-2020-5267) – unstable.</li>
<li>#953400 for micro.</li>
<li>#927889 for libgit2.</li>
<li>#952111 for micro.</li>
</ul>
<h3 id="miscellaneous">Miscellaneous:</h3>
<ul>
<li>Sponsored a lot of uploads :)</li>
<li>Outreachy mentoring for GitLab project for Sakshi Sangwan.</li>
<li>Opened PRs & MRs upstream.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in February 2020 https://utkarsh2102.org/posts/foss-in-feb-20/Fri, 28 Feb 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-feb-20/ <p>Here’s my (fifth) monthly update about the activities I’ve done in Debian this February.</p>
<h2 id="debian-lts">Debian LTS</h2>
<p>This was my fifth month as a Debian LTS paid contributor.<br>
I was assigned 20.00 hours and worked on the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/02/msg00003.html">DLA 2095-1</a>, fixing CVE-2020-7040, for storebackup.<br>
Details here:</p>
<blockquote>
<p>storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this problem has been fixed in version 3.2.1-1+deb8u1.<br>
Furthermore, sent the patch for the security update for Stretch and Buster to the maintainer.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html">DLA 2113-1</a>, fixing CVE-2020-8631 and CVE-2020-8632 for cloud-init.<br>
Details here:</p>
<blockquote>
<p>For CVE-2020-8631, in cloud-init, relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.</p>
</blockquote>
<blockquote>
<p>For CVE-2020-8632, in cloud-init, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this problem has been fixed in version 0.7.6~bzr976-2+deb8u1.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html">DLA 2116-1</a>, fixing CVE-2015-9542, for libpam-radius-auth.<br>
Details here:</p>
<blockquote>
<p>A vulnerability was found in pam_radius: the password length check was done incorrectly in the add_password() function in pam_radius_auth.c, resulting in a stack based buffer overflow.</p>
</blockquote>
<p>This could be used to crash (DoS) an application using the PAM stack for authentication.</p>
<p>For Debian 8 “Jessie”, this problem has been fixed in version 1.3.16-4.4+deb8u1.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/02/msg00033.html">DLA 2127-1</a>, fixing CVE-2019-10785, for dojo.<br>
Details here:</p>
<blockquote>
<p>dojox was vulnerable to Cross-site Scripting. This was due to dojox.xmpp.util.xmlEncode only encoding the first occurrence of each character, not all of them.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this problem has been fixed in version 1.10.2+dfsg-1+deb8u2.</p>
</li>
<li>
<p>Whilst Dylan issued <a href="https://lists.debian.org/debian-lts-announce/2020/02/msg00026.html">DLA 2120-1</a>, fixing CVE-2020-8130, for rake, I, with the Ruby team hat on, fixed the same issue for Stretch and Buster via proposed-updates.<br>
This CVE was fixed via 10.5.0-2+deb9u1 and 12.3.1-3+deb10u1 respectively.</p>
</li>
</ul>
<h4 id="other-lts-work">Other LTS Work:</h4>
<ul>
<li>
<p>Triaged <a href="https://tracker.debian.org/pkg/cloud-init">cloud-init</a>,
<a href="https://tracker.debian.org/pkg/slirp">slirp</a>,
<a href="https://tracker.debian.org/pkg/libpam-radius-auth">libpam-radius-auth</a>,
<a href="https://tracker.debian.org/pkg/dojo">dojo</a>,
and <a href="https://tracker.debian.org/pkg/qemu">qemu</a>.</p>
</li>
<li>
<p>Triaged CVE-2020-1711 and CVE-2020-8608 with more precision and discussed the details with Ola.</p>
</li>
<li>
<p>Started working on rrdtool for CVE-2014-6262.</p>
</li>
</ul>
<hr>
<h2 id="debian-work">Debian Work</h2>
<p>This was a great month! MiniDebCamp -> FOSDEM -> Ruby Sprints. Blog post soon :D<br>
In the month of February, I did a lot of Debian work.</p>
<h4 id="uploads-to-the-archive">Uploads to the Archive:</h4>
<ul>
<li>ruby-rbtrace ~ 0.4.11-1 to experimental.</li>
<li>ruby-optimist ~ 3.0.0-1 to unstable.</li>
<li>ruby-ffi ~ 1.12.2+dfsg-1 to experimental.</li>
<li>ruby-otr-activerecord ~ 1.4.1-1 to unstable.</li>
<li>ruby-msfrpc-client ~ 1.1.2-1 to unstable.</li>
<li>ruby-dataobjects-postgres ~ 0.10.17-1 to unstable.</li>
<li>ruby-json ~ 2.3.0+dfsg-1 to unstable.</li>
<li>ruby-gettext ~ 3.3.3-1 to experimental.</li>
<li>ruby-mobile-fu ~ 1.4.0+github-3 to unstable.</li>
<li>ruby-rbtrace ~ 0.4.11-2 to unstable.</li>
<li>ruby-gettext ~ 3.3.3-2 to unstable.</li>
<li>ruby-otr-activerecord ~ 1.4.1-2 to unstable.</li>
<li>ruby-dry-core ~ 0.4.9-1 to unstable.</li>
<li>ruby-power-assert ~ 1.1.5-1 to unstable.</li>
<li>ruby-dry-equalizer ~ 0.3.0-1 to unstable.</li>
<li>ruby-dry-logic ~ 1.0.5-1 to unstable.</li>
<li>ruby-dry-configurable ~ 0.9.0-1 to unstable.</li>
<li>ruby-dry-inflector ~ 0.2.0-1 to unstable.</li>
<li>ruby-dry-container ~ 0.7.2-1 to unstable.</li>
<li>ruby-dry-types ~ 1.2.2-1 to unstable.</li>
<li>ruby-backports ~ 3.16.0-1 to unstable.</li>
<li>bundler ~ 2.1.4-1 to unstable.</li>
<li>ruby-tty-platform ~ 0.3.0-2 to unstable.</li>
<li>ruby-geocoder ~ 1.5.1-2 to unstable.</li>
<li>ruby-geocoder ~ 1.5.1-3 to unstable.</li>
<li>golang-code.cloudfoundry-bytefmt ~ 0.0~git20190818.854d396-2 to unstable.</li>
<li>ruby-google-cloud-core ~ 1.2.0-2 to unstable.</li>
<li>ruby-google-cloud-env ~ 1.2.0-2 to unstable.</li>
<li>ruby-terrapin ~ 0.6.0-2 to unstable.</li>
<li>ruby-unidecode ~ 1.0.0-2 to unstable.</li>
<li>ruby-optimist ~ 3.0.0-2 to unstable.</li>
<li>micro ~ 2.0.0-1 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 0.0~git20200210.f7f063a-1 to unstable.</li>
<li>micro ~ 2.0.0-2 to unstable.</li>
<li>libgit2 ~ 0.28.4+dfsg.1-1 to experimental.</li>
<li>libgit2 ~ 0.28.4+dfsg.1-2 to unstable.</li>
<li>rails ~ 2:5.2.3+dfsg-3 to unstable.</li>
<li>chef ~ 13.8.7-5 to unstable.</li>
<li>chef ~ 13.8.7-6 to unstable.</li>
<li>ruby-apollo-upload-server ~ 2.0.0~beta3-2 to unstable.</li>
<li>ruby-strptime ~ 0.2.3-5 to unstable.</li>
<li>ruby-rugged ~ 0.28.4.1+ds-1 to unstable.</li>
<li>golang-gopkg-libgit2-git2go.v28 ~ 0.28.4-1 to unstable.</li>
<li>libpam-radius-auth ~ 1.4.0-3 to unstable.</li>
<li>ruby-octokit ~ 4.16.0-1 to unstable.</li>
<li>ruby-memory-profiler ~ 0.9.14-3 to unstable.</li>
<li>ruby-rails-assets-diaspora-jsxc ~ 0.1.5+dfsg2~develop.7-4 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 1.4.4-1 to unstable.</li>
<li>micro ~ 2.0.1-1 to unstable.</li>
<li>micro ~ 2.0.2-1 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 1.4.4-1~bpo10+1 to buster-backports.</li>
<li>golang-gopkg-libgit2-git2go.v28 ~ 0.28.5-1 to unstable.</li>
<li>rake ~ 12.3.1-3+deb10u1 to buster.</li>
<li>rake ~ 10.5.0-2+deb9u1 to stretch.</li>
<li>ruby-rbtrace ~ 0.4.11-1 to experimental.</li>
<li>ruby-optimist ~ 3.0.0-1 to unstable.</li>
<li>ruby-ffi ~ 1.12.2+dfsg-1 to experimental.</li>
<li>ruby-otr-activerecord ~ 1.4.1-1 to unstable.</li>
<li>ruby-msfrpc-client ~ 1.1.2-1 to unstable.</li>
<li>ruby-dataobjects-postgres ~ 0.10.17-1 to unstable.</li>
<li>ruby-json ~ 2.3.0+dfsg-1 to unstable.</li>
<li>ruby-gettext ~ 3.3.3-1 to experimental.</li>
<li>ruby-mobile-fu ~ 1.4.0+github-3 to unstable.</li>
<li>ruby-rbtrace ~ 0.4.11-2 to unstable.</li>
<li>ruby-gettext ~ 3.3.3-2 to unstable.</li>
<li>ruby-otr-activerecord ~ 1.4.1-2 to unstable.</li>
<li>ruby-dry-core ~ 0.4.9-1 to unstable.</li>
<li>ruby-power-assert ~ 1.1.5-1 to unstable.</li>
<li>ruby-dry-equalizer ~ 0.3.0-1 to unstable.</li>
<li>ruby-dry-logic ~ 1.0.5-1 to unstable.</li>
<li>ruby-dry-configurable ~ 0.9.0-1 to unstable.</li>
<li>ruby-dry-inflector ~ 0.2.0-1 to unstable.</li>
<li>ruby-dry-container ~ 0.7.2-1 to unstable.</li>
<li>ruby-dry-types ~ 1.2.2-1 to unstable.</li>
<li>ruby-backports ~ 3.16.0-1 to unstable.</li>
<li>bundler ~ 2.1.4-1 to unstable.</li>
<li>ruby-tty-platform ~ 0.3.0-2 to unstable.</li>
<li>ruby-geocoder ~ 1.5.1-2 to unstable.</li>
<li>ruby-geocoder ~ 1.5.1-3 to unstable.</li>
<li>golang-code.cloudfoundry-bytefmt ~ 0.0~git20190818.854d396-2 to unstable.</li>
<li>ruby-google-cloud-core ~ 1.2.0-2 to unstable.</li>
<li>ruby-google-cloud-env ~ 1.2.0-2 to unstable.</li>
<li>ruby-terrapin ~ 0.6.0-2 to unstable.</li>
<li>ruby-unidecode ~ 1.0.0-2 to unstable.</li>
<li>ruby-optimist ~ 3.0.0-2 to unstable.</li>
<li>micro ~ 2.0.0-1 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 0.0~git20200210.f7f063a-1 to unstable.</li>
<li>micro ~ 2.0.0-2 to unstable.</li>
<li>libgit2 ~ 0.28.4+dfsg.1-1 to experimental.</li>
<li>libgit2 ~ 0.28.4+dfsg.1-2 to unstable.</li>
<li>rails ~ 2:5.2.3+dfsg-3 to unstable.</li>
<li>chef ~ 13.8.7-5 to unstable.</li>
<li>chef ~ 13.8.7-6 to unstable.</li>
<li>ruby-apollo-upload-server ~ 2.0.0~beta3-2 to unstable.</li>
<li>ruby-strptime ~ 0.2.3-5 to unstable.</li>
<li>ruby-rugged ~ 0.28.4.1+ds-1 to unstable.</li>
<li>golang-gopkg-libgit2-git2go.v28 ~ 0.28.4-1 to unstable.</li>
<li>libpam-radius-auth ~ 1.4.0-3 to unstable.</li>
<li>ruby-octokit ~ 4.16.0-1 to unstable.</li>
<li>ruby-memory-profiler ~ 0.9.14-3 to unstable.</li>
<li>ruby-rails-assets-diaspora-jsxc ~ 0.1.5+dfsg2~develop.7-4 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 1.4.4-1 to unstable.</li>
<li>micro ~ 2.0.1-1 to unstable.</li>
<li>micro ~ 2.0.2-1 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 1.4.4-1~bpo10+1 to buster-backports.</li>
<li>golang-gopkg-libgit2-git2go.v28 ~ 0.28.5-1 to unstable.</li>
<li>rake ~ 12.3.1-3+deb10u1 to buster.</li>
<li>rake ~ 10.5.0-2+deb9u1 to stretch.</li>
<li>ruby-rbtrace ~ 0.4.11-1 to experimental.</li>
<li>ruby-optimist ~ 3.0.0-1 to unstable.</li>
<li>ruby-ffi ~ 1.12.2+dfsg-1 to experimental.</li>
<li>ruby-otr-activerecord ~ 1.4.1-1 to unstable.</li>
<li>ruby-msfrpc-client ~ 1.1.2-1 to unstable.</li>
<li>ruby-dataobjects-postgres ~ 0.10.17-1 to unstable.</li>
<li>ruby-json ~ 2.3.0+dfsg-1 to unstable.</li>
<li>ruby-gettext ~ 3.3.3-1 to experimental.</li>
<li>ruby-mobile-fu ~ 1.4.0+github-3 to unstable.</li>
<li>ruby-rbtrace ~ 0.4.11-2 to unstable.</li>
<li>ruby-gettext ~ 3.3.3-2 to unstable.</li>
<li>ruby-otr-activerecord ~ 1.4.1-2 to unstable.</li>
<li>ruby-dry-core ~ 0.4.9-1 to unstable.</li>
<li>ruby-power-assert ~ 1.1.5-1 to unstable.</li>
<li>ruby-dry-equalizer ~ 0.3.0-1 to unstable.</li>
<li>ruby-dry-logic ~ 1.0.5-1 to unstable.</li>
<li>ruby-dry-configurable ~ 0.9.0-1 to unstable.</li>
<li>ruby-dry-inflector ~ 0.2.0-1 to unstable.</li>
<li>ruby-dry-container ~ 0.7.2-1 to unstable.</li>
<li>ruby-dry-types ~ 1.2.2-1 to unstable.</li>
<li>ruby-backports ~ 3.16.0-1 to unstable.</li>
<li>bundler ~ 2.1.4-1 to unstable.</li>
<li>ruby-tty-platform ~ 0.3.0-2 to unstable.</li>
<li>ruby-geocoder ~ 1.5.1-2 to unstable.</li>
<li>ruby-geocoder ~ 1.5.1-3 to unstable.</li>
<li>golang-code.cloudfoundry-bytefmt ~ 0.0~git20190818.854d396-2 to unstable.</li>
<li>ruby-google-cloud-core ~ 1.2.0-2 to unstable.</li>
<li>ruby-google-cloud-env ~ 1.2.0-2 to unstable.</li>
<li>ruby-terrapin ~ 0.6.0-2 to unstable.</li>
<li>ruby-unidecode ~ 1.0.0-2 to unstable.</li>
<li>ruby-optimist ~ 3.0.0-2 to unstable.</li>
<li>micro ~ 2.0.0-1 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 0.0~git20200210.f7f063a-1 to unstable.</li>
<li>micro ~ 2.0.0-2 to unstable.</li>
<li>libgit2 ~ 0.28.4+dfsg.1-1 to experimental.</li>
<li>libgit2 ~ 0.28.4+dfsg.1-2 to unstable.</li>
<li>rails ~ 2:5.2.3+dfsg-3 to unstable.</li>
<li>chef ~ 13.8.7-5 to unstable.</li>
<li>chef ~ 13.8.7-6 to unstable.</li>
<li>ruby-apollo-upload-server ~ 2.0.0~beta3-2 to unstable.</li>
<li>ruby-strptime ~ 0.2.3-5 to unstable.</li>
<li>ruby-rugged ~ 0.28.4.1+ds-1 to unstable.</li>
<li>golang-gopkg-libgit2-git2go.v28 ~ 0.28.4-1 to unstable.</li>
<li>libpam-radius-auth ~ 1.4.0-3 to unstable.</li>
<li>ruby-octokit ~ 4.16.0-1 to unstable.</li>
<li>ruby-memory-profiler ~ 0.9.14-3 to unstable.</li>
<li>ruby-rails-assets-diaspora-jsxc ~ 0.1.5+dfsg2~develop.7-4 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 1.4.4-1 to unstable.</li>
<li>micro ~ 2.0.1-1 to unstable.</li>
<li>micro ~ 2.0.2-1 to unstable.</li>
<li>golang-github-zyedidia-tcell ~ 1.4.4-1~bpo10+1 to buster-backports.</li>
<li>golang-gopkg-libgit2-git2go.v28 ~ 0.28.5-1 to unstable.</li>
<li>rake ~ 12.3.1-3+deb10u1 to buster.</li>
<li>rake ~ 10.5.0-2+deb9u1 to stretch.</li>
</ul>
<h4 id="bug-fixes">Bug Fixes:</h4>
<ul>
<li>#952283 for micro.</li>
<li>#951396 for libpam-radius-auth (CVE-2015-9542)).</li>
<li>#936866 for libgit2.</li>
<li>#913241 for libgit2.</li>
<li>#949870 for ruby-geocoder (CVE-2020-7981).</li>
<li>#842504 for bundler (CVE-2016-7954).</li>
<li>#945481 for bundler.</li>
<li>#950877 for ruby-dry-types.</li>
<li>#950870 for ruby-dry-container.</li>
<li>#950868 for ruby-dry-inflector.</li>
<li>#950867 for ruby-dry-configurable.</li>
<li>#950863 for ruby-dry-logic.</li>
<li>#950855 for ruby-dry-equalizer.</li>
<li>#950846 for ruby-dry-core.</li>
<li>#950656 for ruby-msfrpc-client.</li>
<li>#950651 for ruby-otr-activerecord.</li>
<li>#946423 for ruby-optimist.</li>
</ul>
<h3 id="miscellaneous">Miscellaneous:</h3>
<ul>
<li>Sponsored lots of uploads :)</li>
<li>Outreachy mentoring for GitLab project for Sakshi Sangwan.</li>
<li>Ruby Sprint! \o/</li>
<li>Opened PRs & MRs upstream.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in January 2020 https://utkarsh2102.org/posts/foss-in-jan-20/Thu, 30 Jan 2020 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-jan-20/ <p>Here’s my (fourth) monthly update about the activities I’ve done in Debian this January.</p>
<h2 id="debian-lts">Debian LTS</h2>
<p>This was my fourth month as a Debian LTS paid contributor.<br>
I was assigned 23.75 hours and worked on the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html">DLA 2060-1</a>, fixing CVE-2020-5504, for phpmyadmin.<br>
Details here:</p>
<blockquote>
<p>In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this problem has been fixed in version 4:4.2.12-2+deb8u8.<br>
Furthermore, worked on preparing the security update for Stretch and Buster with the original maintainer.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html">DLA 2063-1</a>, fixing CVE-2019-3467 for debian-lan-config.<br>
Details here:</p>
<blockquote>
<p>In debian-lan-config < 0.26, configured too permissive ACLs for the Kerberos admin server allowed password changes for other Kerberos user principals.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this problem has been fixed in version 0.19+deb8u2.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/01/msg00015.html">DLA 2070-1</a>, fixing CVE-2019-16779, for ruby-excon.<br>
Details here:</p>
<blockquote>
<p>In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this problem has been fixed in version 0.33.0-2+deb8u1.<br>
Furthermore, sent a patch to the Security team for Stretch and Buster.</p>
<p>P.S. this backporting took the most time and effort this month.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2020/01/msg00036.html">DLA 2090-1</a>, fixing CVE-2020-7039, for qemu.<br>
Details here:</p>
<blockquote>
<p>tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this problem has been fixed in version 1:2.1+dfsg-12+deb8u13.</p>
</li>
</ul>
<h4 id="miscellaneous">Miscellaneous:</h4>
<ul>
<li>
<p>Triaged <a href="https://tracker.debian.org/pkg/samba">samba</a>, <a href="https://tracker.debian.org/pkg/cacti">cacti</a>, <a href="https://tracker.debian.org/pkg/storebackup">storebackup</a>, and <a href="https://tracker.debian.org/pkg/qemu">qemu</a>.</p>
</li>
<li>
<p>Checked with upstream of <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a> for their CVE fix which induces regression.</p>
</li>
<li>
<p>Worked a bit on <a href="https://tracker.debian.org/pkg/ruby-rack-cors">ruby-rack-cors</a> but couldn’t complete because of Amsterdam -> Brussels travel. Thanks to Brian for completing it \o/</p>
</li>
</ul>
<hr>
<h2 id="debian-uploads">Debian Uploads</h2>
<p>This was a great month! MiniDebCamp -> FOSDEM -> Ruby Sprints. Blog post soon :D<br>
In any case, in the month of January, I did the following work:</p>
<h4 id="uploads-to-the-archive">Uploads to the Archive:</h4>
<ul>
<li>ruby-haml-rails ~ 2.0.1-1 (to unstable).</li>
<li>golang-github-zyedidia-pty ~ 1.1.1+git20180126.3036466-3 (to unstable).</li>
<li>ruby-benchmark-suite ~ 1.0.0+git.20130122.5bded6-3 (to unstable).</li>
<li>golang-github-robertkrimen-otto ~ 0.0+git20180617.15f95af-2~bpo10+1 (to buster-backports).</li>
<li>golang-github-zyedidia-pty ~ 1.1.1+git20180126.3036466-3~bpo10+1 (to buster-backports).</li>
<li>golang-github-mitchellh-go-homedir ~ 1.1.0-1~bpo10+1 (to buster-backports).</li>
<li>golang-golang-x-sys ~ 0.0+git20190726.fc99dfb-1~bpo10+1 (to buster-backports).</li>
<li>golang-github-mattn-go-isatty ~ 0.0.8-2~bpo10+1 (to buster-backports).</li>
<li>golang-github-mattn-go-runewidth ~ 0.0.7-1~bpo10+1 (to buster-backports).</li>
<li>golang-github-dustin-go-humanize ~ 1.0.0-1~bpo10+1 (to buster-backports).</li>
<li>golang-github-blang-semver ~ 3.6.1-1~bpo10+1 (buster-backports).</li>
<li>golang-github-flynn-json5 ~ 0.0+git20160717.7620272-2~bpo10+1 (to buster-backports).</li>
<li>golang-github-zyedidia-terminal ~ 0.0+git20180726.533c623-2~bpo10+1 (to buster-backports).</li>
<li>golang-github-go-errors-errors ~ 1.0.1-3~bpo10+1 (to buster-backports).</li>
<li>python-debianbts ~ 3.0.2~bpo10+1 (to buster-backports).</li>
</ul>
<h4 id="bug-fixes">Bug Fixes:</h4>
<ul>
<li>#945232 for ruby-benchmark-suite.</li>
<li>#946904 for ruby-excon (CVE-2019-19779).</li>
</ul>
<h4 id="reviews-and-sponsored-uploads">Reviews and Sponsored Uploads:</h4>
<ul>
<li>phpmyadmin for William Desportes.</li>
</ul>
<h5 id="miscellaneous-1">Miscellaneous:</h5>
<ul>
<li>Outreachy mentoring for GitLab project for Sakshi Sangwan.</li>
<li>Raised various MRs upstream to sync Debian’s package version with GitLab’s upstream.</li>
</ul>
<hr>
<p>One exciting blog post coming very soon.</p>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in December 2019 https://utkarsh2102.org/posts/foss-in-dec-19/Mon, 30 Dec 2019 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-dec-19/ <p>Here’s my (third) monthly update about the activities I’ve done in Debian this December.</p>
<h2 id="debian-lts">Debian LTS</h2>
<p>This was my third month as a Debian LTS paid contributor.<br>
I was assigned 16.50 hours and worked on the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/12/msg00006.html">DLA 2024-1</a>, fixing CVE-2019-19617, for phpmyadmin.<br>
Details here:</p>
<blockquote>
<p>phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/display_git_revision.lib.php and libraries/Footer.class.php.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 4:4.2.12-2+deb8u7.<br>
Furthermore, sent a patch to the Security team for fixing the same in Stretch.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/12/msg00007.html">DLA 2025-1</a>, fixing CVE-2017-17833 and CVE-2019-5544, for openslp-dfsg.<br>
Details here:</p>
<blockquote>
<p>OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service
or a remote code-execution vulnerability.<br>
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in
the critical severity range.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 1.2.1-10+deb8u2.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/12/msg00008.html">DLA 2026-1</a>, fixing CVE-2019-19630, for htmldoc.<br>
Details here:</p>
<blockquote>
<p>In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 1.8.27-8+deb8u1.<br>
Furthermore, sent a patch to the Security team for Stretch and Buster.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html">DLA 2046-1</a>, fixing CVE-2019-19479, for opensc.<br>
Details here:</p>
<blockquote>
<p>An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 0.16.0-3+deb8u2.</p>
</li>
</ul>
<h4 id="miscellaneous">Miscellaneous:</h4>
<ul>
<li>
<p>Triage <a href="https://tracker.debian.org/pkg/luajit">luajit</a>, <a href="https://tracker.debian.org/pkg/python-oslo.utils">python-oslo.utils</a>, <a href="https://tracker.debian.org/pkg/davical">davical</a>, <a href="https://tracker.debian.org/pkg/sqlite3">sqlite3</a>, <a href="https://tracker.debian.org/pkg/phpmyadmin">phpmyadmin</a>, <a href="https://tracker.debian.org/pkg/openssl">openssl</a>, <a href="https://tracker.debian.org/pkg/htmldoc">htmldoc</a>, and <a href="https://tracker.debian.org/pkg/opensc">opensc</a> for Jessie.</p>
</li>
<li>
<p>Pinged upstream of <a href="https://tracker.debian.org/pkg/libexif">libexif</a>, <a href="https://tracker.debian.org/pkg/ruby-rack">ruby-rack</a>, and <a href="https://tracker.debian.org/pkg/ruby-rack-cors">ruby-rack-cors</a> for more clarification of the patches provided.</p>
</li>
<li>
<p>Clarified more about CVE-2019-1551/openssl triage to the Security Team and the Debian LTS <a href="https://lists.debian.org/debian-lts/2019/12/msg00028.html">ML</a>.</p>
</li>
<li>
<p>Took a deeper look at CVE-2019-16782/ruby-rack; the patch itself introduces regression and induces a backdoor on its own. Notified the Security Team and the <a href="https://lists.debian.org/debian-lts/2019/12/msg00050.html">ML</a> to avoid its upload.</p>
</li>
<li>
<p>Discuss the state of CVE-2019-19479/opensc with Roberto and process its upload. Also opened <a href="https://github.com/google/oss-fuzz/issues/3132">upstream issue</a> out of frustration for “hiding” most of their report.</p>
</li>
<li>
<p>In midst of fixing test failures of ruby-rack-cores. And also WIP for ruby-excon.</p>
</li>
</ul>
<hr>
<h2 id="debian-uploads">Debian Uploads</h2>
<p>Most importantly, I became a DD this month! \o/<br>
Here’s my <a href="https://nm.debian.org/process/682">NM process</a>. Many, many thanks to Thomas (zigo) for being so nice and patient! :D</p>
<h4 id="uploads-to-the-archive">Uploads to the Archive:</h4>
<ul>
<li>ruby-reverse-markdown ~ 1.3.0-1 (to unstable).</li>
<li>ruby-behance ~ 0.6.1-1 (to unstable).</li>
<li>ruby-unidecode ~ 1.0.0-1 (to unstable).</li>
<li>micro ~ 1.4.1-1 (to unstable).</li>
<li>golang-code.cloudfoundry-bytefmt ~ 0.0~git20190818.854d396-1 (to unstable).</li>
<li>micro ~ 1.4.1-2 (to unstable).</li>
<li>golang-github-flynn-json5 ~ 0.0~git20160717.7620272-2 (to unstable).</li>
<li>golang-github-zyedidia-pty ~ 1.1.1+git20180126.3036466-2 (to unstable).</li>
<li>golang-github-zyedidia-terminal ~ 0.0~git20180726.533c623-2 (to unstable).</li>
<li>golang-golang-x-text ~ 0.3.2-3 (to unstable).</li>
<li>golang-github-yuin-gopher-lua ~ 0.0~git20170915.0.eb1c729-4 (to unstable).</li>
<li>golang-github-sergi-go-diff ~ 1.0.0-2 (to unstable).</li>
</ul>
<h4 id="bug-fixes">Bug Fixes:</h4>
<ul>
<li>#946859 for ruby-reverse-markdown (ITP).</li>
<li>#946895 for ruby-behance (ITP).</li>
<li>#946945 for ruby-unidecode (ITP).</li>
<li>#947724 for golang-code.cloudfoundry-bytefmt (ITP).</li>
<li>#889196 for golang-github-yuin-gopher-lua.</li>
<li>#889209 for golang-github-sergi-go-diff.</li>
</ul>
<h4 id="reviews-and-sponsored-uploads">Reviews and Sponsored Uploads:</h4>
<ul>
<li>easygen ~ 4.1.0-1 for Tong Sun.</li>
<li>node-webpack ~ 4.30.0-1 for Pirate Praveen.</li>
<li>node-timeago.js ~ 4.0.2-1 for Sakshi Sangwan.</li>
</ul>
<h5 id="miscellaneous-1">Miscellaneous:</h5>
<ul>
<li>Outreachy mentoring for GitLab project.</li>
<li>Grant DM access for easygen to Tong Sun.</li>
<li>Grant DM access for golang-github-danverbraganza-varcaser to Tong Sun.</li>
<li>Help James Montgomery for Golang packaging (wrt <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945524">#945524</a>).</li>
<li>Migrated all my -guest accounts and certificates to use my new, shiny account associated with the DD status.</li>
<li>With regards to <a href="https://twitter.com/utkarsh2102/status/1166908945614561281">this tweet</a>, I assisted the following people:
<ul>
<li>Shubhank Saxena with 1:1 Hangouts call.</li>
<li>Shreya Gupta with 1:1 Hangouts call.</li>
<li>Eshaan Bansal with 1:1 Hangouts call.<br>
P.S. It was lovely to interact with such lovely people :)</li>
</ul>
</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in November 2019 https://utkarsh2102.org/posts/foss-in-nov-19/Sat, 30 Nov 2019 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-nov-19/ <p>Here’s my (second) monthly update about the activities I’ve done in Debian this November.</p>
<h2 id="debian-lts">Debian LTS</h2>
<p>This was my second month as a Debian LTS paid contributor.<br>
I was assigned 18 hours and worked on the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/11/msg00005.html">DLA 1984-1</a>, fixing CVE-2019-17545, for gdal.<br>
Details here:</p>
<blockquote>
<p>GDAL through 3.0.1 had a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold was exceeded.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 1.10.1+dfsg-8+deb8u1.<br>
Furthermore, sent a patch to the Security team for fixing the same in Stretch. Relevant .dsc can be found <a href="https://mentors.debian.net/debian/pool/main/g/gdal/gdal_2.1.2+dfsg-5+deb9u1.dsc">here</a>. Since I haven’t heard back from the team yet, the upload to Stretch is still pending.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html">DLA 1986-1</a>, fixing CVE-2012017-1002201, for ruby-haml.<br>
Details here:</p>
<blockquote>
<p>In haml, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 4.0.5-2+deb8u1.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html">DLA 2004-1</a>, fixing CVE-2019-14824, for 389-ds-base.<br>
Details here:</p>
<blockquote>
<p>A flaw was found in the ‘deref’ plugin of 389-ds-base where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 1.3.3.5-4+deb8u7.<br>
Furthermore, sent a patch to the maintainer, Timo, for fixing the same in Bullseye, Sid. And to the Security team for Stretch and Buster. The patch can be found <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944150#10">here</a>.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html">DLA 2005-1</a>, fixing CVE-2019-18849, for tnef.<br>
Details here:</p>
<blockquote>
<p>In tnef, an attacker may be able to write to the victim’s .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 1.4.9-1+deb8u4.<br>
Furthermore, sent a patch to the maintainer for fixing the same in Bullseye, Sid. And to the Security team for Stretch and Buster. The patch can be found <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944851#12">here</a>.</p>
</li>
</ul>
<h4 id="miscellaneous">Miscellaneous:</h4>
<ul>
<li>
<p>Fixed CVE-2019-11027 for ruby-openid in unstable. News <a href="https://tracker.debian.org/news/1078349/accepted-ruby-openid-292debian-1-source-into-unstable/">here</a>. This is in reference with the <a href="https://lists.debian.org/debian-lts-announce/2019/10/msg00014.html">DLA 1956-1</a>, issued by Brian May.</p>
</li>
<li>
<p>Triage libexif, libjpeg-turbo, tnef, and ansible for Jessie.</p>
</li>
<li>
<p>Pinged upstream of libexif and 389-ds-base for relevant commits. Whilst 389-ds-base is now fixed, the maintainer of libexif is still working on the fix.</p>
</li>
<li>
<p>In midst of fixing CVE-2019-18978 for ruby-rack-cors and CVE-2019-2201 for libjpeg-turbo.</p>
</li>
</ul>
<hr>
<h2 id="debian-uploads">Debian Uploads</h2>
<h4 id="uploads-to-the-archive">Uploads to the Archive:</h4>
<ul>
<li>ruby-openid ~ 2.9.2debian-1 (to unstable).</li>
<li>gitlab ~ 12.2.9-2 (to experimental).</li>
<li>node-yarnpkg ~ 1.19.1-1~bpo10+1 (to backports).</li>
<li>node-js-yaml ~ 3.13.1+dfsg-2~bpo10+1 (to backports).</li>
<li>ruby-sshkey ~ 2.0.0-2~bpo10+1 (to backports).</li>
<li>ruby-bootstrap-form ~ 4.2.0-2~bpo10+1 (to backports).</li>
</ul>
<h4 id="bug-fixes">Bug Fixes:</h4>
<ul>
<li>#944906 for gitlab.</li>
<li>#930388 for ruby-openid.</li>
<li>#945232 for ruby-benchmark-suite.</li>
</ul>
<h4 id="reviews-and-sponsored-uploads">Reviews and Sponsored Uploads:</h4>
<ul>
<li>node-hawk ~ 7.1.2+dfsg-1 for Sakshi Sangwan.</li>
<li>node-loud-rejection ~ 2.2.0-1 for Sakshi Sangwan.</li>
<li>node-lazy-cache ~ 2.0.2-1 for Sakshi Sangwan.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> FOSS Activites in October 2019 https://utkarsh2102.org/posts/foss-in-oct-19/Wed, 30 Oct 2019 11:11:11 +0530 https://utkarsh2102.org/posts/foss-in-oct-19/ <p>Here’s my (first) monthly update about the activities I’ve done in Debian this October.</p>
<h2 id="debian-lts">Debian LTS</h2>
<p>This was my first month as a Debian LTS paid contributor.<br>
I was assigned 10 hours and worked on the following things:</p>
<h4 id="cve-fixes-and-announcements">CVE Fixes and Announcements:</h4>
<ul>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/10/msg00007.html">DLA 1948-1</a>, fixing CVE-2019-13574, for ruby-mini-magick.<br>
Details here:</p>
<blockquote>
<p>In lib/mini_magick/image.rb in ruby-mini-magick, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a pipe character followed by a command.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 3.8.1-1+deb8u1.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/10/msg00029.html">DLA 1961-1</a>, fixing CVE-2019-14464, CVE-2019-14496, and CVE-2019-14497, for milkytracker.<br>
Details here:</p>
<blockquote>
<p>XMFile::read in XMFile.cpp in milkyplay in MilkyTracker had a heap-based buffer overflow.<br>
LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker had a stack-based buffer overflow.<br>
ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker had a heap-based buffer overflow.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 0.90.85+dfsg-2.2+deb8u1.<br>
Furthermore, sent a patch to the maintainer, James, for fixing the same in Bullseye, Sid. Commit <a href="https://salsa.debian.org/multimedia-team/milkytracker/commit/124dd45d1b75d952a76cddf9de76bf7232bc1624">here</a>. Fixed in 1.02.00+dfsg-2.</p>
</li>
<li>
<p>Issued <a href="https://lists.debian.org/debian-lts-announce/2019/10/msg00030.html">DLA 1962-1</a>, fixing CVE-2017-18638, for graphite-web.<br>
Details here:</p>
<blockquote>
<p>The “send_email” function in graphite-web/webapp/graphite/composer/views.py in Graphite is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.</p>
</blockquote>
<p>For Debian 8 “Jessie”, this has been fixed in 0.9.12+debian-6+deb8u1.<br>
Furthermore, sent a patch to the maintainer, Zigo, for fixing the same in Bullseye, Sid. Commit <a href="https://salsa.debian.org/debian-graphite-team/graphite-web/commit/7e9ebc4f87966fdf35b2a87a6f3846acaab3e36b">here</a>. Fixed in 1.1.4-5.<br>
Also, sent a patch to the Security Team for fixing the same in Buster, but uploaded by Zigo himself. Commit <a href="https://salsa.debian.org/debian-graphite-team/graphite-web/commit/3937fcf96ffd656ea85bb2ed15fe2b2ec6fb1712">here</a>. Fixed in 1.1.4-3+deb10u1.</p>
</li>
</ul>
<h4 id="miscellaneous">Miscellaneous:</h4>
<ul>
<li>
<p><strong>Actually</strong> fix CVE-2019-11027 upstream for ruby-openid. Pull request <a href="https://github.com/openid/ruby-openid/pull/126">here</a>.<br>
Whilst this has been merged and released as v2.9.2, there are other login problems, as reported <a href="https://github.com/openid/ruby-openid/issues/125">here</a>.</p>
</li>
<li>
<p>Discuss with LTS Team Members about best practices for CVE-2019-11027 for ruby-openid’s actual fix. Thread <a href="https://lists.debian.org/debian-lts/2019/10/msg00091.html">here</a>.</p>
</li>
<li>
<p>Triage Ansible for CVE-2019-14846 (which seems to be an easy fix) and CVE-2019-14858 (this kinda looks unaffected for Jessie, but not sure yet).</p>
</li>
</ul>
<hr>
<h2 id="debian-uploads">Debian Uploads</h2>
<h4 id="uploads-to-the-archive">Uploads to the Archive:</h4>
<ul>
<li>ruby-fog-aws ~ 3.5.2-1.</li>
<li>librole-tiny-perl ~ 2.001001-1.</li>
<li>gitlab ~ 12.1.14-1 (to experimental).</li>
<li>libmail-box-perl ~ 3.008-1.</li>
<li>ruby-invisible-captcha ~ 0.12.2-1.</li>
<li>ruby-gnome ~ 3.4.0-1.</li>
<li>gitlab-shell ~ 9.3.0+dfsg-1 (to experimental).</li>
<li>gitlab-workhorse ~ 8.8.1+debian-1 (to experimental).</li>
<li>gitaly ~ 1.59.3+dfsg-1.</li>
<li>python-marshmallow-sqlalchemy ~ 0.19.0-1.</li>
<li>gitlab ~ 12.2.9-1 (to experimental).</li>
</ul>
<h4 id="bug-fixes">Bug Fixes:</h4>
<ul>
<li>#942125 for ruby-invisible-captcha.</li>
<li>#941795 for ruby-gnome.</li>
<li>#940352 for golang-github-davecgh-go-spew.</li>
<li>#942456 for python-flask-marshmallow.</li>
<li>Autopkgtest failure for python-flask-marshmallow.</li>
<li>CVE-2019-{18446 to 18463} for gitlab.</li>
</ul>
<h4 id="reviews-and-sponsored-uploads">Reviews and Sponsored Uploads:</h4>
<ul>
<li>node-d3-geo ~ 1.11.6-1 for Abhijith Sheheer.</li>
<li>d3-format ~ 1:1.4.1-2 for Samyak Jain.</li>
<li>Reviewed node-regex-cache for Abhijith Sheheer.</li>
<li>Reviewed node-ansi-align for Abhijith Sheheer.</li>
<li>Reviewed node-color-name for Priyanka Saggu.</li>
<li>Reviewed node-webpack for Priyanka Saggu.</li>
</ul>
<h4 id="fasttrack-repo-fasttrackdebiannet">Fasttrack Repo (fasttrack.debian.net):</h4>
<ul>
<li>Uploaded and ACCEPTED gitlab.</li>
<li>Uploaded and ACCEPTED ruby-jwt for Nilesh Patra.</li>
<li>Uploaded and ACCEPTED ruby-gitlab-sidekiq-fetcher.</li>
<li>Uploaded and ACCEPTED ruby-fog-aws for Samyak Jain.</li>
</ul>
<hr>
<p>Until next time.<br>
<code>:wq</code> for today.</p> debianLTS.init(CVE) https://utkarsh2102.org/posts/debian-lts-init/Mon, 30 Sep 2019 11:11:11 +0530 https://utkarsh2102.org/posts/debian-lts-init/ <p>Hey,</p>
<p>(DPL Style):<br>
TL;DR: I joined Debian LTS as a trainee in July (during DebConf) and finally as
a paid contributor from this month onward! :D</p>
<hr>
<p>Here’s something interesting that happened last weekend!<br>
Back during the good days of DebConf19, I finally got a chance to meet Holger!
As amazing and inspiring a person he is, it was an absolute pleasure meeting
him and also, I got a chance to talk about Debian LTS in more detail.</p>
<p>I was introduced to Debian LTS by Abhijith during his talk in MiniDebConf Delhi.
And since then, I’ve been kinda interested in that project.<br>
But finally it was here that things got a little “official” and after a couple
of mail exchanges with Holger and Raphael, I joined in as a trainee!</p>
<p>I had almost no idea what to do next, so the next month I stayed silent,
observing the workflow as people kept committing, uploading, and announcing updates.<br>
And finally in September, I started triaging and fixing the CVEs for Jessie
and Stretch (mostly the former).</p>
<p>Thanks to Abhijith who explained the basics of what DLA is and how do we go
about fixing bugs and then announcing them.</p>
<p>With that, I could fix a couple of CVEs and thanks to Holger (again) for
reviewing and sponsoring the uploads!</p>
<p>I mostly worked (as a trainee) on:</p>
<ul>
<li>CVE-2019-10751, affecting <code>httpie</code>, and</li>
<li>CVE-2019-16680, affecting <code>file-roller</code>.</li>
</ul>
<p>And finally this happened:<br>
<img src="https://utkarsh2102.org/images/deblts-commit.png#center" alt="the magical commit"></p>
<p>
</p>
<p>So finally, I’ll be working with the team from this month on!<br>
As Holger says, “very much yay”! \o/</p>
<p>Until next time.<br>
<code>:wq</code> for today.</p> GSoC Final Report https://utkarsh2102.org/posts/gsoc-final-report/Thu, 15 Aug 2019 11:11:11 +0530 https://utkarsh2102.org/posts/gsoc-final-report/ <p>Hello, there.</p>
<blockquote>
<p>In open source, we feel strongly that to really do something well, you have to get a lot of people involved.</p>
</blockquote>
<p>Guess Linus Torvalds got that right from the start.<br>
While GSoC 2019 comes to end, this project hasn’t. With GSoC, I started this project from scratch and I guess, this won’t “die” an early age.</p>
<p>Here’s a quick recap:</p>
<blockquote>
<p>My GSoC project is to package a software called
<a href="https://github.com/loomio/loomio/">Loomio</a>.<br>
A little about it, <strong>Loomio</strong> is a decision-making software, designed to assist groups with the collaborative decision-making process.<br>
It is a free software web-application, where users can initiate discussions and put up proposals.</p>
</blockquote>
<p>In the span of last 3 months, I worked on creating a package of Loomio for the Debian repositories. Loomio is a big, complex software to package.<br>
With over 484 directories and 4607 files as a part of it’s code base, it has a huge number of Ruby and Node dependencies, along with a couple of fonts that it uses.<br>
Out of which, around 72 ruby gems, 58 node modules, 3 fonts, and other 27 packages which were the reverse dependencies needed work. Both, including packaged and unpackaged libraries.</p>
<p>Also, little did I know about the need of having <code>loomio-installer</code>.<br>
Thus a good amount of time went there as well (which I also talked about in my first and second report).</p>
<hr>
<h2 id="work-done-so-far">Work done so far!</h2>
<p>At the time of writing this report, the following work has been done:</p>
<h4 id="new-packages">NEW packages</h4>
<h5 id="packages-that-have-been-uploaded-to-the-archive">Packages that have been uploaded to the archive:</h5>
<p>» ruby-ahoy-matey<br>
» ruby-aws-partitions<br>
» ruby-aws-sdk-core<br>
» ruby-aws-sdk-kms<br>
» ruby-aws-sdk-s3<br>
» ruby-aws-sigv4<br>
» ruby-cancancan<br>
» ruby-data-uri<br>
» ruby-geocoder<br>
» ruby-google-cloud-core<br>
» ruby-google-cloud-env<br>
» ruby-inherited-resources<br>
» ruby-maxitest<br>
» ruby-safely-block<br>
» ruby-terrapin<br>
» ruby-memory-profiler<br>
» ruby-devise-i18n<br>
» ruby-discourse-diff<br>
» ruby-discriminator<br>
» ruby-doorkeeper-i18n<br>
» ruby-friendly-id<br>
» ruby-google-cloud-core<br>
» ruby-google-cloud-env<br>
» ruby-has-scope<br>
» ruby-has-secure-token<br>
» ruby-heroku-deflater<br>
» ruby-i18n-spec<br>
» ruby-iso<br>
» ruby-omniauth-openid-connect<br>
» ruby-paper-trail<br>
» ruby-referer-parser<br>
» ruby-safely-block<br>
» ruby-user-agent-parser<br>
» ruby-google-cloud-translate<br>
» ruby-maxminddb<br>
» ruby-omniauth-ultraauth</p>
<h5 id="packages-that-are-yet-to-be-uploaded">Packages that are yet to be uploaded:</h5>
<p>» ruby-arbre<br>
» ruby-paperclip<br>
» ruby-ahoy-email<br>
» ruby-ransack<br>
» ruby-benchmark-memory<br>
» ruby-ammeter<br>
» ruby-rspec-tag-matchers<br>
» ruby-formtastic<br>
» ruby-formtastic-i18n<br>
» ruby-rails-serve-static-assets<br>
» ruby-activeadmin<br>
» ruby-rails-12factor<br>
» ruby-rails-stdout-logging<br>
» loomio-installer</p>
<h4 id="updated-packages">Updated packages</h4>
<p>» rails<br>
» ruby-devise<br>
» ruby-globalid<br>
» ruby-pg<br>
» ruby-activerecord-import<br>
» ruby-rack-oauth2<br>
» ruby-rugged<br>
» ruby-task-list<br>
» gem2deb<br>
» node-find-up<br>
» node-matcher<br>
» node-supports-color<br>
» node-array-union<br>
» node-dot-prop<br>
» node-flush-write-stream<br>
» node-irregular-plurals<br>
» node-loud-rejection<br>
» node-make-dir<br>
» node-tmp<br>
» node-strip-ansi</p>
<hr>
<h2 id="work-left">Work left!</h2>
<p>Whilst it is clear how big and complex Loomio is, it was not humanly possible to complete the entire package of Loomio.<br>
At the moment, the following tasks are remaining for this project to get close to completion:</p>
<p>» Debug loomio-installer.<br>
» Check what all node dependencies are not really needed.<br>
» Package and update the needed dependencies for loomio.<br>
» Package loomio.<br>
» Fix autopkgtests (if humanly possible).<br>
» Maintain it for life :D</p>
<hr>
<h2 id="other-debian-activites">Other Debian activites!</h2>
<p>Debian is more than just my GSoC organisation to me.<br>
As my NM profile says and I quote,</p>
<blockquote>
<p>Debian has really been an amazing journey, an amazing place, and an amazing family!</p>
</blockquote>
<p>With such lovely people and teams and with my DM hat on, I have been involved with a lot more than just GSoC. In the last 3 months, my activity within Debian (other than GSoC) can be summarized as follows.</p>
<h3 id="cloud-team">Cloud Team</h3>
<p>Since I’ve been interested in the work they do, I joined the team recently and currently helping in packaging <code>image finder</code>.</p>
<h5 id="new-packages-1">NEW packages</h5>
<p>» python-flask-marshmallow<br>
» python-marshmallow-sqlalchemy</p>
<hr>
<h3 id="perl-team">Perl Team</h3>
<p>With Gregor, Intrigeri, Yadd, Nodens, and Bremner being there, I learned Perl packaging and helped in maintaining the Perl modules.</p>
<h5 id="new-packages-2">NEW packages</h5>
<p>» libdata-dumper-compact-perl<br>
» libminion-backend-sqlite-perl<br>
» libmoox-shorthas-perl<br>
» libmu-perl</p>
<h5 id="updated-packages-1">Updated packages</h5>
<p>» libasync-interrupt-perl<br>
» libbareword-filehandles-perl<br>
» libcatalyst-manual-perl<br>
» libdancer2-perl<br>
» libdist-zilla-plugin-git-perl<br>
» libdist-zilla-plugin-makemaker-awesome-perl<br>
» libdist-zilla-plugin-ourpkgversion-perl<br>
» libdomain-publicsuffix-perl<br>
» libfile-find-object-rule-perl<br>
» libfile-flock-retry-perl<br>
» libgeoip2-perl<br>
» libgraphics-colornames-www-perl<br>
» libio-aio-perl<br>
» libio-async-perl<br>
» libmail-box-perl<br>
» libmail-chimp3-perl<br>
» libmath-clipper-perl<br>
» libminion-perl<br>
» libmojo-pg-perl<br>
» libnet-amazon-s3-perl<br>
» libnet-appliance-session-perl<br>
» libnet-cli-interact-perl<br>
» libnet-frame-perl<br>
» libnetpacket-perl<br>
» librinci-perl<br>
» libperl-critic-policy-variables-prohibitlooponhash-perl<br>
» libsah-schemas-rinci-perl<br>
» libstrictures-perl<br>
» libsisimai-perl<br>
» libstring-tagged-perl<br>
» libsystem-info-perl<br>
» libtex-encode-perl<br>
» libxxx-perl</p>
<hr>
<h3 id="python-team">Python Team</h3>
<p>Since I lately learned Python packaging, there are a couple of packages that I worked on which I haven’t pushed yet, but by later this month.</p>
<p>» python3-dotenv<br>
» python3-phonenumbers<br>
» django-phonenumber-field<br>
» django-phone-verify<br>
» Helping newbies (thanks to DC19 talk).</p>
<hr>
<h3 id="javascript-team">JavaScript Team</h3>
<p>Super thanks to Xavier (yadd) and Praveen for being right there. Worked on the following things.</p>
<p>» Helping in webpack transition (bit).<br>
» Helping in nodejs transition.<br>
» Helping in complying pkg-js-tools in all packages.<br>
» Packaging dependencies of ava.<br>
» node-d3-request<br>
» node-find-up<br>
» node-matcher<br>
» node-supports-color<br>
» node-array-union<br>
» node-dot-prop<br>
» node-flush-write-stream<br>
» node-irregular-plurals<br>
» node-loud-rejection<br>
» node-make-dir<br>
» node-tmp<br>
» node-strip-ansi</p>
<hr>
<h3 id="golang-team">Golang Team</h3>
<p>I joined the Golang team to mostly help in doing the GitLab stuff. Thus did the following things.</p>
<p>» gitlab-workhorse<br>
» gitaly<br>
» Upstream contribution to gitaly.</p>
<hr>
<h3 id="ruby-team">Ruby Team</h3>
<p>This is where I started from. All thanks to Praveen, Abhijith, and Raju.<br>
In the last 3 months, except for maintaining packages for Loomio, I did the following things.</p>
<p>» Helping in maintaining GitLab (one of the maintainers).<br>
» Setting the fasttrack repo; announcements soon!<br>
» Fixing gem2deb for adding d/upstream/metadata.<br>
» Enabling Salsa CI for 1392 packages (yes, I broke salsa :/).<br>
» Reviewing and sponsoring packages.<br>
» Co-chairing the Ruby Team BoF.<br>
» And others.</p>
<hr>
<h3 id="others">Others</h3>
<p>» Part of DC19 Content Team (thanks to Antonio).<br>
» Part of DC19 Bursary Team (thanks to Jonathan).<br>
» Perl sprint (DebCamp).<br>
» Newbie’s Perspective Towards Debian talk (Open day).<br>
» Chairing Ruby Team BoF.<br>
» Presenting my GSoC project.<br>
» Part of DC19 Video Team.<br>
» Talking about Debian elsewhere (cf: <a href="https://lists.dgplug.org/pipermail/users-dgplug.org/2019-August/001948.html">mail archive</a>).<br>
» DC21 Indian bid ;)<br>
» Organising MiniDebConf Goa :D</p>
<hr>
<h3 id="acknowledgement-">Acknowledgement :)</h3>
<blockquote>
<p>Never forget your roots.</p>
</blockquote>
<p>And I haven’t. The last 8 months with Debian have been super amazing. Nothing I’d like to change, even if I could. Every person here is a mentor to me.<br>
But above all, there are a couple of people who helped me immensely.<br>
Starting with Pirate Praveen, Rajudev, Abhijith, Sruthi, Gregor, Xavier, Intrigeri, Nodens, Holger, Antonio Terceiro, Kanashiro, Boutil, Georg, Sanyam, Sakshi, Jatin, and Samyak.
And of course, my little brother, Aryan.<br>
Sorry if I’m forgetting anyone. Thank y’all :)</p>
<p>NOTE: Sorry for making this extremely long; someone told me to put in all the crap I did in last 90 days :P<br>
Also, sorry if it gets too long on planet.d.o. :)</p>
<p>Until next time.<br>
<code>:wq</code> for today.</p> GSoC Report #2 https://utkarsh2102.org/posts/gsoc-report-2/Mon, 15 Jul 2019 11:11:11 +0530 https://utkarsh2102.org/posts/gsoc-report-2/ <p>Hello there.</p>
<blockquote>
<p>I hope the next time I write a report, I’ll have no twists and adventures to share.</p>
</blockquote>
<p>Yay, nothing much “adventurous” happened.</p>
<p>Quick recap: My GSoC project is to package a software called
<a href="https://github.com/loomio/loomio/">Loomio</a>.
A little about Loomio:<br>
<strong>Loomio</strong> is a decision-making software, designed to assist groups with the
collaborative decision-making process.<br>
It is a free software web-application, where users can initiate discussions and
put up proposals.</p>
<p>In the last 2 weeks, that is, the 3rd and the 4th week, I worked on setting up
Loomio-installer and packaged it’s Ruby dependencies simulatenously.</p>
<p>The following dependencies were packaged and uploaded:<br>
» ruby-ahoy-matey<br>
» ruby-aws-partitions<br>
» ruby-aws-sdk-core<br>
» ruby-aws-sdk-kms<br>
» ruby-aws-sdk-s3<br>
» ruby-aws-sigv4<br>
» ruby-geocoder<br>
» ruby-terrapin</p>
<p>The following dependencies have been packaged but are yet to be uploaded:<br>
» ruby-cancancan<br>
» ruby-google-cloud-env<br>
» ruby-google-cloud-core<br>
» ruby-google-cloud-translate</p>
<p>The following packages were updated and uploaded:<br>
» ruby-pg<br>
» ruby-activerecord-import</p>
<p>The following dependencies have been fixed for <code>autopkgtest</code>:<br>
» ruby-paperclip (took a lot of time to debug :/)<br>
» ruby-maxminddb</p>
<p>In the following process, I discovered a new option that could be passed to
<code>dh_ruby</code> - <code>export DH_RUBY_GEM_INSTALL_WHITELIST_APPEND</code>.<br>
This was needed for <code>ruby-aws-partitions</code> as test-suite of <code>ruby-paperclip</code>
needed <code>partitions.json</code>, thus the need. Thanks to the man page of <code>dh_ruby</code> :D</p>
<p>Other than these dependencies, I tried setting up <code>loomio-installer</code>, the same
way as <code>diaspora-installer</code>. Just a few things had to be changed.<br>
Though I did the change it needed but I didn’t quite test it yet.<br>
I am still figuring out a way to run the installer, hopefully <code>gbp</code> should help,
like it normall does.</p>
<p>My other activities in Debian last month:<br>
» Participated in Perl team’s LHF and updated <code>libfuture-asyncawait-perl</code>.<br>
» Sponsored a couple of packages (DM access).<br>
» Worshipping Visa God to grant visa for DebConf19.</p>
<p>Plans for the next 2 weeks:<br>
» Testing and setting up <code>loomio-installer</code>.<br>
» Packaging and completing the last set of Ruby gem dependencies.<br>
» Prepare a list of node packages to be updated and packaged.</p>
<p>I hope the next time I write a report, I’ll have a better update on the
installer.</p>
<p>Until next time.<br>
<code>:wq</code> for today.</p> GSoC Report #1 https://utkarsh2102.org/posts/gsoc-report-1/Sat, 15 Jun 2019 11:11:11 +0530 https://utkarsh2102.org/posts/gsoc-report-1/ <p>Hello there.</p>
<p>The last two weeks have been adventurous. Here’s what happened.<br>
My GSoC project is to package a software called <a href="https://github.com/loomio/loomio/">Loomio</a>.
A little about Loomio:<br>
<strong>Loomio</strong> is a decision-making software, designed to assist groups with the
collaborative decision-making process.<br>
It is a free software web-application, where users can initiate discussions and put up proposals.</p>
<p>Loomio is mostly written in Ruby, but also includes some CoffeeScript, Vue,
JavaScript, with a little HTML, CSS.<br>
The idea is to package all the dependencies of Loomio and get Loomio easily
installable on the Debian machines.</p>
<p>The phase 1, that is, the first 4 weeks, were planned to package the Ruby and
the Node dependencies. When I started off, I hit an obstacle. Little did we know
about how to go about packaging complex applications like that.<br>
I have been helping out in packages like gitlab, diaspora, et al. And towards the
end of the last week, we learned that <code>loomio</code> needs to be done like <code>diaspora</code>.<br>
First goes the <code>loomio-installer</code>, then would come the main package, <code>loomio</code>.</p>
<p>Now, the steps that are to be followed for <code>loomio-installer</code> are as follows:<br>
» Get the app source.<br>
» Install gem dependencies.<br>
» Create database.<br>
» Create tables/run migrations.<br>
» Precomiple assets (scss -> css, et al).<br>
» Configure nginx.<br>
» Start service with systemd.<br>
» In case of diaspora, JS front end is pulled via wrapper gems and in case of gitlab, it is pulled via npm/yarn.<br>
» Loomio would be done with the same way we’re doing gitlab.</p>
<p>Thus, in the last two weeks, the following work has been done:<br>
» Ruby gems’ test failures patched.<br>
» 18 gems uploaded.<br>
» Looked into loomio-installer’s setup.<br>
» Basic scripts like nginx configuration, et al written.</p>
<p>My other activities in Debian last month:<br>
» Updated and uploaded gitlab 11.10.4 to experimental (thanks to praveen).<br>
» Uploaded gitaly, gitlab-workhorse.<br>
» Sponsored a couple of packages (DM access).<br>
» Learned Perl packaging and packaged 4 modules (thanks to gregoa and yadd).<br>
» Learned basic Python packaging.<br>
» Helping DC19 Bursary team (thanks to highvoltage).<br>
» Helping DC19 Content team (thanks to terceiro).</p>
<p>Plans for the next 2 weeks:<br>
» Get the app source via wget (script).<br>
» Install gem and node dependencies via <code>gem install</code> and <code>npm/yarn install</code> (script).<br>
» Create database for installer.<br>
» Precomiple assets (scss -> css, et al).</p>
<p>I hope the next time I write a report, I’ll have no twists and adventures to share.</p>
<p>Until next time.<br>
<code>:wq</code> for today.</p> Becoming a Debian Maintainer in 90 days! https://utkarsh2102.org/posts/becoming-a-dm-in-90-days/Mon, 15 Apr 2019 11:11:11 +0530 https://utkarsh2102.org/posts/becoming-a-dm-in-90-days/ <p>I started contributing to open source around a year back and on 1st January
2019 to Debian, specifically (wasn’t really a new year resolution, though :P).<br>
I’ll be honest here. The reason behind taking the “Debian road” was solely to
distract myself from the mental abuse I was going through.</p>
<p><a href="https://nm.debian.org/person/rajudev">Raju</a> was the person who started helping me out,
both, personally and professionally. He’s the one who taught me packaging from
scratch with utmost patience and kept answering all my stupid doubts :D<br>
To be honest, if it weren’t for him, I wouldn’t have been here, at this
position today.</p>
<p>Since I wanted to distract myself from various stuff, I learned things quickly and
kept working, <em>consistently</em>.<br>
I turned up on IRC every single day since then.
<a href="https://nm.debian.org/person/praveen">Praveen</a> became both, my guru and my package
sponsorer. He kept uploading and I kept packaging. This went on for a month
until my difficulty level was bumped. From basic Ruby gems and Node libraries, I
was given gems and modules that had test failures to debug and had a weirdly
different build system. This made me uncomfortable. I complained. To which,
Praveen said and I quote,</p>
<blockquote>
<p>“If you want to keep working on simple stuff, then it’s not going to help you
move forward. And it’s your loss. No one else would care. So it’s your call.“`</p>
</blockquote>
<p>There was probably no option there, isn’t it? :P<br>
I took it on. Struggled for a few days but it became normal and I made it
through. Like they say, “it gets better”, it indeed did!<br>
I took a little more challenging things, understood more concepts. Fixed test
failures, RC bugs and learned a lot of things (still a lot, lot more to learn,
though) in the process, like understanding about the Debian release cycle, how
the migration of package takes place, setting up my own repositories, et al.</p>
<p>In this process, I also met another JS guru, <a href="https://nm.debian.org/person/yadd">Xavier</a>.<br>
He did not only corrected my mistakes and sponsored my packages, but also helped me
in actually understanding a lot of things. From the mailing list, we started
conversing over private mail threads and soon, in a span of 3 months, the thread
stretched over to 300 mails! :x</p>
<p>In early March, I was told that I could apply for the position of the
Debian Maintainer, if only I understood the process of when to upload a package
to experimental and when to unstable. I was given a few packages as a test by
Praveen for the same.<br>
And “luckily”, I passed. This meant that the only part remaining was to fulfil
the initial keysigning requirement. For which, there was a MiniDebConf, Delhi
around the corner.</p>
<p>As it happened, Praveen, Abhijith, and Sruthi (all DDs) came to the MiniDebConf from
Kerala and I got my keys signed by them! :D<br>
Soon after, I applied for becoming a DM.</p>
<p>I was lucky enough to get 3 advocates, Praveen, Xavier, and Abhijith.<br>
Here’s my <a href="https://nm.debian.org/process/605">NM Process (#605)</a> for reference.<br>
And in a few days, I realized that I became the youngest Debian Maintainer in
India \o/</p>
<blockquote>
<p>Edit: I was later told at DC19 that I was the youngest DM in the entire commmunity! :o</p>
</blockquote>
<p>Lastly, I thank myself for being consistent, for turning up no matter what, and for
not giving up!<br>
Also, much thanks to <a href="https://twitter.com/ErSanyamKhurana">Sanyam</a>. He really
kept me going. Also to <a href="https://twitter.com/CocoaThePenguin">Cocoa</a> and
<a href="https://twitter.com/sakshisangwan04">Sakshi</a>.</p>
<p>Lastly, thanks to the entire Debian community. Debian has really been an amazing
journey, an amazing place, and an amazing family.<br>
I am just hoping to make it to DebConf and meet all the people I adore \o/</p>
<p>Until next time.<br>
<code>:wq</code> for today.</p> First snippet https://utkarsh2102.org/snippets/first/Mon, 01 Jan 0001 00:00:00 +0000 https://utkarsh2102.org/snippets/first/ <p>This content is in <code>snippets/first/index.md</code></p>
<div class="highlight"><pre style="color:#e5e5e5;background-color:#000;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh"><span style="color:#fff;font-weight:bold">pwd</span>
</code></pre></div> Hi there! 👋 https://utkarsh2102.org/about/Mon, 01 Jan 0001 00:00:00 +0000 https://utkarsh2102.org/about/ <p>I am Utkarsh, a 20 y/o undergrad student! 👨🎓</p>
<p>Besides being a full-time student, I am an open source advocate, a software
developer, and a somewhat-polyglot developer.</p>
<p>I am also a <strong>Debian core developer</strong>, maintaining & working on over 900+
packages (written in C, C++, Python, Ruby, JavaScript, Go, and Perl),
including some key packages like the Ruby interpreter, Rails, GitLab, some
Python libraries, Micro, and libgit2. Besides, I also co-maintain the
<a href="https://fasttrack.debian.net/">fasttrack.debian.net</a> service & act as an
<a href="https://ftp-master.debian.org/">FTP Traine</a>.</p>
<p>I was <a href="https://summerofcode.withgoogle.com/">Google Summer of Code</a> student
twice (once in <a href="https://summerofcode.withgoogle.com/archive/2019/projects/6014695855620096/">2019</a>
and then in <a href="https://summerofcode.withgoogle.com/archive/2020/projects/4736285727522816/">2020</a>,
both times in Debian, where I authored my “baby” project,
<a href="https://github.com/utkarsh2102/rubocop-packaging">RuboCop::Packaging</a>, which
is a linter and an auto-corrector, written in Ruby, helping downstream Ruby
teams (Debian, Ubuntu, Fedora, openSUSE, et al).</p>
<p>And finally, I work on <strong>Debian LTS</strong>, a project by Freexian, extending the
lifetime of all Debian stable releases to (at least) 5 years, where I patch
and backport security fixes for packages in the APT archive for oldstable
and oldoldstable releases.</p>
<p>Besides, I am a philatelist, a semi-occassional drummer, an avid reader,
and have perhaps mastered the art of sticker fights!</p>
<p>Please feel free to hit me up if you want to get in contact or want to know
more about me. I go by the handle <strong>utkarsh2102</strong> across the web! \o/</p> Second snippet https://utkarsh2102.org/snippets/second/Mon, 01 Jan 0001 00:00:00 +0000 https://utkarsh2102.org/snippets/second/ <p>This content is in <code>snippets/second/index.md</code></p>
<div class="highlight"><pre style="color:#e5e5e5;background-color:#000;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sh" data-lang="sh">ls -la
</code></pre></div>