Here is my monthly update covering a large part of what I have been doing in the free software world (previously):
- Did significant work on a healthcare-related project to be released under a free-software license
- Fixed an issue in dh-virtualenv where initscripts could be started before the Virtualenv has completely configured
- Added support to the mailvelope OpenPGP browser extension to show the key ID in the "Sign message with key" dialog
- Added Django 1.8 support to django-setuptest
- Added the ability for my tickle-me-email Getting Things Done toolbox to inject emails into "draft" folders, and subsequently added attachment support
- Fixed Strava Enhancement Suite's calculation of repeated segments to also include "hidden segments"
- Corrected the output filename calculation in Legofy, a program makes an image look as if it was built out of Lego
- Added per-activity rate limiting to my stravabot IRC bot
- Worked with Tyler Garner to add support in django-slack for reporting exceptions as well as with Bastian Hoyer towards Python 3 support
- Worked with freeyoung to merge support in dns-filter for "stripped" A records as well as to add more configuration options
- Uploaded all of my Python and Django packages to Python Package Index
- Updated my email address in Django's AUTHORS file to point to my typical Django-related email address
- Blogged about how to migrate away from add_to_builtins for Django 1.9
Debian
- Submitted a patch to ensure pyversions emits its output in a deterministic order. Further work is needed to ensure packages are deterministic.
- Registered and arranged logistics for MiniDebConf Cambridge 2015.
My work in the Reproducible Builds project was also covered in more depth in Lunar's weekly reports (#23, #24, #25, #26).
LTS
This month I have been paid to work 11 hours on Debian Long Term Support (LTS). In that time I did the following:
- DLA 326-1 for zendframework fixing an SQL injection vulnerability.
- DLA 332-1 for optipng correcting a use-after-free issue.
- DLA 333-1 for cakephp preventing a remote Denial of Service attack.
- DLA 337-1 for busybox fixing a vulnerability when unzipping a specially crafted zip file/
- DLA 338-1 for xscreensaver preventing a crash when hot-swapping monitors.
Uploads
- redis — New upstream release as well as changing the default UNIX socket location and correctly supporting "cluster" mode config file hardening and redis-sentinel's runtime directory handling under systemd. An update for jessie was also uploaded.
- python-redis — Attempting to get the autopkgtest tests to finally pass.
- debian-timeline — Making the build reproducible.
- gunicorn — New upstream release.
Patches contributed
- cpl-plugin-naco: Please make the build reproducible
- criu: Please make the build reproducible
- fonts-oldstandard: version string should be 2.2really2.02-$DEBIAN_REVISION
- lintian: Please warn about use of deprecated githubredir.debian.net in debian/watch files
- python3-defaults: pyversions emits its output in a deterministic order
RC bugs
- bochs: Support building under Linux 4.x
- go-mtpfs: Missing Build-Depends on pkg-config and libusb-1.0-0-dev
- openslide-python: Missing Build-Depends on python3-pil and libopenslide-dev
- python-changelog: Missing Build-Depends on python3-sphinx
- python-redmine: Missing Build-Depends on python3-requests
- python3-astropy: Incompatible with Python 3.5
- xserver-xorg-video-qxl: Missing Build-Depends on libglib2.0-dev and libssl-dev
I also filed FTBFS bugs against arora, barry, django-ajax-selects, django-polymorphic, django-sitetree, flask-autoindex, flask-babel, genparse, golang-github-jacobsa-ogletest, healpy, jarisplayer, jsurf-alggeo, kmidimon, libmapper, libpreludedb, mathgl, metview, miaviewit, moksha.common, monster-masher, node-connect, node-postgres, opensurgsim, php-xml-rss, pokerth, pylint-django, python-django-contact-form, python-pyqtgraph, python-pyramid, qlipper, r-bioc-cummerbund, r-bioc-genomicalignments, rawdns, ruby-haml-rails, ruby-omniauth-ldap, scute, stellarium, step, synfigstudio, tulip, xdot, & yelp.