Here is my monthly update covering a large part of what I have been doing in the free software world (previously):
- Modified LetsEncrypt's "certbot" tool (previously the Let's Encrypt Client) to ensure that the documentation is built reproducibly. The issue was that a Python default keyword argument was non-deterministic and was appearing in documentation with the function's definition. (#3005)
- Sent a pull request to Mailvelope, a browser extension for GPG/OpenPGP encryption with webmail services, to ensure that passphrase field is cleared when entered incorrectly. (#385)
- Proposed an optional addition to django-enumfield, a custom Django web development field for type-safe named constants, that automatically enumerations to the template context to save DRY violations in views, etc. (#33)
- Fixed an issue in the cdist configuration management's build system to ensure that the documentation builds reproducibly. It was previously including various documentation sections non-deterministically depending on the filesystem ordering. (#437)
- Various improvements to django-slack, my library to easily post messages to the Slack group-messaging utility from projects using the Django web development framework:
- Raise more specific exception types (instead of the more generic ValueError) wherever possible so that clients can detect specific error conditions. (#45)
- Pass through arbitrary Python keyword arguments to the backend, allowing custom behaviour for special case. (#46)
- Ensure that the backend result is returned by the Celery distributed task queue wrapper. (#47)
- Updated my Strava Enhancement Suite, a Chrome extension that improves and fixes annoyances in the web interface of the Strava cycling and running tracker, to hide more internal advertisements. (#49)
- Sent a pull request to the build system for gtk-gnutella (a server/client for the Gnutella peer-to-peer network) to ensure the build is reproducible if the SOURCE_DATE_EPOCH environment variable is available. (#17)
- Updated the SSL certificate for try.diffoscope.org, a hosted version of the diffoscope in-depth and content-aware diff utility. Thanks to Bytemark for sponsoring the hardware.
Debian
My work in the Reproducible Builds project was covered in our weekly reports. (#53, #54, #55, #56 & #57)
Debian LTS
This month I have been paid to work 18 hours on Debian Long Term Support (LTS). In that time I did the following:
- A week of "frontdesk" duties, triaging CVEs, assigning tasks, etc.
- Issued DLA 464-1 for libav, a multimedia player, server, encoder and transcoder library that fixed a use-after free vulnerability.
- Issued DLA 469-1 for libgwenhywfar (an OS abstraction layer that allows porting of software to different operating systems like Linux, *BSD, Windows, etc.) correcting the use of an outdated CA certificate bundle.
- Issued DLA 470-1 for libksba, a X.509 and CMS certificate support library. patching a buffer vulnerability.
- Issued DLA 474-1 for dosfstools, a collection of utilities for making and checking MS-DOS FAT filesystems, fixing an invalid memory and heap overflow vulnerability.
- Issued DLA 482-1 for libgd2 graphics library, rectifying a stack consumption vulnerability.
Uploads
- python-django (1.9.6-1) — New upstream bugfix release.
- redis (3.2.0-1, etc.) — New upstream release, correct build on more exotic architectures and minor packaging fixups.
- gunicorn (19.5.0-1 & 19.6.0-1) — New upstream releases and minor packaging fixups.
Bugs filed
Patches contributed
- apt-mirror: Please test that config file is readable, not strictly a file
- binutils: Please make the build reproducible
- cdist: Please make the build reproducible
- docbook-ebnf: Please make the build reproducible
- gtk-gnutella: Please make the build reproducible
- python-certbot: Please make the build reproducible
- python-latexcodec: Please make the build reproducible
RC bugs
- gradle-jflex-plugin: gradle-flex-plugin is incompatible with Gradle 2.12
- objenesis: Missing parent pom
I also filed 74 FTBFS bugs against abtransfers, asedriveiiie, assword, astroquery, audit, bibtool, cargo, ccdproc, clearsilver, discover, emoslib, etsf-io, gfs2-utils, globus-io, gnunet, graxxia, groovycsv, gtkspell3, hg-git, hgsubversion, ices2, jekyll, jhighlight, libdist-zilla-plugin-ourpkgversion-perl, libetonyek, libgd-perl, libgnomekbd, libimager-perl, libint2, libnet-dns-zonefile-fast-perl, libnl3, libspring-java, libtkx-perl, ltt-control, lua-discount, lua-lgi, metview, montage-wrapper, networkmanager-qt, nevow, ngrok, obex-data-server, octave-interval, omnievents, pcl, php-arc, php-codecoverage, proguard, pyexcelerator, python-autobahn, python-babel, python-biopython, python-mne, python-pgmagick, python-shotgun, python-snuggs, python-urllib3, python-xdo, qemu, radicale, raptor2, rjava, ruby-albino, scamper, simpleparse, spectral-cube, specutils, sugar-browse-activity, sugar-memorize-activity, swift, telepathy-haze, telepathy-ring, unicap & vorbis-tools.