Free software activities in June 2023

Here is my monthly update covering what I have been doing in the free software world during June 2023 (previous month):

• Filed an upstream pull request for Scott Griffiths' bitstring Python library to make the build reproducible. [...]

• In the last few months, I've been putting together a set of iCalendar .ICS files for the UK's Picturehouse Cinema chain, Seattle's SIFF cinema group [...] and the UK 'Vue' cinema chain [...] which allows them to be displayed within (e.g.) Google Calendar. This month, however, I extended this to support as well as started work on a similar scraper for IMDB's film listings. [...]

Reproducible Builds

The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

This month, I:

• Submitted six patches to fix specific reproducibility issues in elinks, fribidi, jtreg7, mkdocstrings-python-handlers, multipath-tools & python-bitstring.

• Filed an upstream pull requests for Scott Griffiths' bitstring Python library to make the build reproducible. [...]

• Kept isdebianreproducibleyet.com up to date. [...]

• Categorised a large number of packages and issues in the Reproducible Builds notes.git repository.

• Drafted, published and publicised our monthly report for May 2023.

• Updated the main Reproducible Builds website and documentation.

• Interviewed a prominent academic working in the area of reproducible builds working up to publishing a dialogue on our website to be published presently.

Debian

• memcached (1.6.21-1) — New upstream "bugfix and community contribution release" release.

• python-django (4.2.2-1) — New upstream release.

• diffoscope (243) — New upstream release.

Debian LTS

This month I have worked 18 hours on Debian Long Term Support (LTS) and 12 hours on its sister Extended LTS project.

• Investigated and triaged python-django, ruby2.5, ruby-doorkeeper, sofia-sip.

• Frontdesk duties, responding to user/developer questions, reviewing others' packages, participating in mailing list discussions, etc.

• Issued DLA 3441-1 as it was discovered that there was a series of heap overflow and integer overflow vulnerabilities in Sofia-SIP, a building block for creating VoIP/SIP and instant messaging applications.

• Issued DLA 3447-1 because two regular expression Denial of Service (ReDoS) issues were discovered in Ruby: the first in the URI component, and the second in the Time module. Each of these issues could have resulted in a dramatic increase in execution time given malicious input. Unfortunately, however, this release resulted in a regression that led to followup upload by Utkarsh Gupta.

You can find out more about the Debian LTS project via the following video:

You can subscribe to new posts via email or RSS.