My monthly report covers a large part of what I have been doing in the free software world. I write it for my donors (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.
This month I was allocated 12h but I only spent 10.5h. During this time, I continued my work on exiv2. I finished reproducing all the issues and then went on doing code reviews to confirm that vulnerabilities were not present when the issue was not reproducible. I found two CVE where the vulnerability was present in the wheezy version and I posted patches in the upstream bug tracker: #57 and #55.
Then another batch of 10 CVE appeared and I started the process over… I’m currently trying to reproduce the issues.
While doing all this work on exiv2, I also uncovered a failure to build on the package in experimental (reported here).
Misc Debian/Kali work
Debian Live. I merged 3 live-build patches prepared by Matthijs Kooijman and added an armel fix to cope with the the rename of the orion5x image into the marvell one. I also uploaded a new live-config to fix a bug with the keyboard configuration. Finally, I also released a new live-installer udeb to cope with a recent live-build change that broke the locale selection during the installation process.
Debian Installer. I prepared a few patches on pkgsel to merge a few features that had been added to Ubuntu, most notably the possibility to enable unattended-upgrades by default.
More bug reports. I investigated much further my problem with non-booting qemu images when they are built by vmdebootstrap in a chroot managed by schroot (cf #872999) and while we have much more data, it’s not yet clear why it doesn’t work. But we have a working work-around…
While investigating issues seen in Kali, I opened a bunch of reports on the Debian side:
- #874657: pcmanfm: should have explicit recommends on lxpolkit | polkit-1-auth-agent
- #874626: bin-nmu request to complete two transitions and bring back some packages in testing
- #875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)
Packaging. I sponsored two uploads (dirb and python-elasticsearch).
Debian Handbook. My work on updating the book mostly stalled. The only thing I did was to review the patch about wireless configuration in #863496. I must really get back to work on the book!
See you next month for a new summary of my activities.