Debian Fun in April 2017
4th May 2017
- releasing DLA-881-1 for ejabberd. The actual package was prepared by Philipp Huebner fixing two CVEs
- preparing and releasing DLA-896-1 for icedove. This update involved the debranding of Icedove back to Thunderbird fixing 17 CVEs
- preparing and releasing DLA-895-1 of openoffice.org-dictionaries so the provided dictionaries stay installable with the new thunderbird package
- preparing and releasing DLA-903-1 of hunspell-en-us so the provided dictionary stays intallable with the new thunderbird package
- preparing and releasing DLA-904-1 of uzbek-wordlist so the provided dictionaries stay installable with the new thunderbird package
- handling the communication with credativ regarding XSA-212
- triaging of several QEMU/KVM CVEs
- backporting large amounts of the cirrus_vga driver to Wheezy's qemu-kvm to fix 3 cirrus_vga related CVEs. The DLA is not released yet since I'm awaiting some more feedback about the test packages. Give them a try!
- Looking into the 9pfs related CVEs in qemu-kvm. Work will be resumed in May.
Other Debian stuff
- organized the 10th installment of the Debian Groupware Meeting. A more detailed report on this is pending.
- uploaded osinfo-db 0.20170225-2 to unstable which builds now reproducibly (thanks Chris Lamb) and has support added for the Stretch RC3 installer
- uploaded libvirt 1.2.9-9+deb8u4 to jessie which now works with newer QEMU (thanks Hilko Bengen)
- uploaded libvirt 3.0.0-4 to unstable unbreaking it for architectures that don't support probing CPU definitions in QEMU (like mips) and unbreaking the use of qemu-bridge-helper with apparmor so gnome-boxes works apparmored now too
- uploaded python-vobject 0.9.4.1-1 to experimental. The package was prepared by Jelmer Vernooĳ. I made some minor cleaups and added a autopkgtest.
- uploaded hunspell-en-us, uzbek-wordlist, openoffice.org-dictionaries to jessie-security to not conflict with the new thunderbird package (see above)
- sponsored the upload of icedove 1:45.8.0-3~deb8u1 to jessie-security.
- sponsored the upload of python-selenium 2.53.2+dfsg1-2 to experimental
- gbp buildpackage will now default to --merge-mode=replace for 3.0 (quilt) packages to avoid merges where no merge is necessary.
- gbp buildpackage --git-export=WC now implies --git-ignore-new --git-ignore-branch to make it simpler to use
- gbp buildpackge now has a "sloppy" mode to create a upstream tarball that uses the debian branch as base. This can help to test build from a patched tree. The main reason was to give people a way to not care about 3.0 (quilt) intrinsics when getting started with packaging.
gbp clone now supports vcsgit: and github: pseudo URLs:
$ gbp clone vcsgit:libvirt gbp:info: Cloning from 'https://anonscm.debian.org/git/pkg-libvirt/libvirt.git' … $ gbp clone github:agx/libvirt-debian gbp:info: Cloning from 'https://github.com/agx/libvirt-debian.git' …
The versions are also available on pypi.