Hi, Here is my public monthly report.
Thanks to our sponsors for making this possible, and to Freexian for handling the offering. https://www.freexian.com/services/debian-lts.html#sponsors In march (my first month) I spend my time on LTS as - creating the right environment (pbuilder, tools) to do the backport correctly. - work on imagemagick fixing DLA-3357-1. This release fix CVE-2020-19667, CVE-2020-25665, CVE-2020-25666, CVE-2020-25674, CVE-2020-25675, CVE-2020-25676, CVE-2020-27560, CVE-2020-27750, CVE-2020-27751, CVE-2020-27754, CVE-2020-27756, CVE-2020-27757, CVE-2020-27758, CVE-2020-27759, CVE-2020-27760, CVE-2020-27761, CVE-2020-27762, CVE-2020-27763, CVE-2020-27764, CVE-2020-27765, CVE-2020-27766, CVE-2020-27767, CVE-2020-27768, CVE-2020-27769, CVE-2020-27770, CVE-2020-27771, CVE-2020-27772, CVE-2020-27773, CVE-2020-27774, CVE-2020-27775, CVE-2020-27776, CVE-2020-29599, CVE-2021-3574, CVE-2021-3596, CVE-2021-20224, CVE-2022-44267, CVE-2022-44268. - This security update caused a regression in some perl packages due to overly restrictive hardening in a policy update (reading from /etc/ was forbidden). This hardening patch has been removed. ( DLA-3357-2) - I work also on libreoffice DLA-3368-1 fixing CVE-2021-25636, CVE-2022-3140, CVE-2022-26305, CVE-2022-26306, CVE-2022-26307. - I begin to work on apache2, particularly a new build time/autopkgtest test suite in order to avoid regression. For ELTS: - port fix for imagemagick from LTS to ELTS ELA-819-1: CVE-2017-18028 CVE-2020-27767 CVE-2021-3574 CVE-2021-20224 CVE-2022-44267 - found a hard to debug bug (thanks pochu, and bunk for help) on imagemagick. Imagemagick on ELTS FTBFS when pid of builder in > 1,000,000. I first think it was a regression so try a git bissect that fail due to PID becoming >1,000,000. This was a slow work due to build delay of imagemagick. - I patched dnsmasq in order to fix remaining security bug. I begin to write a test suite for this package in order to avoid regression. Unfortunately upstream does not have a test suite, even a basic unit test suite. I want to specially thanks pochu for porting the salsa CI to LTS and ELTS. Bastien
signature.asc
Description: This is a digitally signed message part.