August was the fourth month I contributed to Debian LTS under the
Freexian umbrella. In total I spent four hours working on:
pykerberors: Fixed a regression in DLA-265-1 affecting the
default parameters of checkPassword(). This resulted in
wordpress: Craig Small updated wordpress to fix CVE-2015-2213
CVE-2015-5622 CVE-2015-5731 CVE-2015-5732 and CVE-2015-5734. I
did some testing and released DLA-294-1.
Besides that I did CVE triaging of 9 CVEs to check if and how they
affect oldoldstable security as part of my LTS front desk work.
Debconf 15 was a great opportunity to meet some of the other LTS
contributors in person and to work on some of my packages:
git-buildpackage gained buildpackage-rpm based on the work by
Markus Lehtonnen and merging of mock support is hopefully around the
Debconf had two gbp skill shares hosted by dkg and a
BoF by myself. A summary is here. Integration with dgit as (discussed
with Ian) looks doable and I have parts of that on my todo list as
Among other things gbp import-orig gained a --merge-mode
option so you can replace the upstream branches verbatim on your
packaging branch but keep the contents of the debian/ directory.
I prepared an update for libvirt in Jessie fixing a crasher bug,
QEMU error reporting. apparmor support now works out of the box
in Jessie (thanks to intrigeri and Felix Geyer for that).
Speaking of apparmor I learned enough at Debconf to use this now by
default so we hopefully see less breackage in this area when new libvirt
versions hit the archive. The bug count wen't down quiet a bit and
we have a new version of virt-manager in unstable now as well.
As usual I prepared the RC candidates of libvirt 1.2.19 in experimental
and 1.2.19 final is now in unstable.