#Debian #bullseye fully frozen

https://lists.debian.org/debian-devel-announce/2021/07/msg00002.html

We have just reached the next milestone in the bullseye release: full freeze.

Time to check what is #newinbullseye

E.g. https://xmpp-team.pages.debian.net/blog/2021/07/xmpp-novelties-in-debian-11-bullseye.html

XMPP Novelties in Debian 11 Bullseye

#xmpp #jabber #debian #bullseye #newinbullseye #ox #yearoftheox

Was tun, wenn ein Programm abbricht bzw. man den Entwicklern bei der Analyse eines Fehlers helfen möchte? Hier kann ein Backtrace sehr hilfreich sein.

Hat man das Programm nicht selber kompiliert, benötigt man die Debug-Symbole, diese lassen sich über die Debug-Symbolpakete installieren.

Möchte man eine Anwendung selber kompilieren, so gibt man beim kompilieren die Option -g -Og mit.

Debug-Symbolpakete

In der Konfigurationsdatei /etc/apt/sources.list trägt man folgendes ein:

deb http://deb.debian.org/debian-debug/ bullseye-debug main

Danach führt man ein apt update aus und bekommt jetzt neben den Paketen auch die debug-symbole (-dbgsym) angeboten.

Beispielsweise lassen sich die Symbole für die Anwendung profanity wie folgt installieren:

        apt install profanity-dbgsym

Im Debugger sieht man jetzt den unterschied wie folgt. Ohne Debug-Symbole:

Reading symbols from neomutt...
(No debugging symbols found in neomutt)
(gdb) break main              
Function "main" not defined.  

Mit Debug-Symbole sieht es wie folgt aus

Reading symbols from neomutt...
Reading symbols from /usr/lib/debug/.build-id/d8/6e3cd58e273b8aab160f05f7f1ff65e33ae357.debug...
(gdb) break main              
Breakpoint 1 at 0x22ee0: file ../main.c, line 369.

Debugger und Anwendung starten

Eine Anwendung lässt sich jetzt mit gdb neomutt oder gdb profanity in den Debugger laden..
Mit dem Befehl run oder r kann man den Anwendung im Debugger startet:

    (gdb) run

Kommt es z.b. zu einem Segmentation fault (core dumped), so wird die Anwendung im Debugger abgefangen.

Program received signal SIGSEGV, Segmentation fault.
0x000055555555513e in main () 

Mit dem Befehl backtrace oder bt kann man sich den backtrace anzeigen lassen.

Reading symbols from ./test...
(gdb) r
Starting program: /tmp/test 

Program received signal SIGSEGV, Segmentation fault.
0x000055555555512c in y (b=3, b@entry=2) at test.c:6
6		*x = "1";
(gdb) bt
#0  0x000055555555512c in y (b=3, b@entry=2) at test.c:6
#1  0x000055555555513e in x (a=2, a@entry=1) at test.c:11
#2  0x0000555555555149 in main () at test.c:15
(gdb) bt full
#0  0x000055555555512c in y (b=3, b@entry=2) at test.c:6
        f = 2
        x = 0x0
#1  0x000055555555513e in x (a=2, a@entry=1) at test.c:11
        z = 1
#2  0x0000555555555149 in main () at test.c:15
No locals.
(gdb) 

#gcc #gdb #debian

Just a small picture of my desk.

I'm writting the Movim sourcecode since 2013 on this #Thinkpad T430. It's a wonderful computer that I'm planning to keep as long as possible. A really nice keyboard, replaceable battery, 1Tb of SSD, Full HD IPS screen, 8Gb of RAM… and a nice dock to easily switch to a triple FullHD screens setup.

Everything is running on #Debian Testing with #XFCE 💕

It's also funny to see what you can do today with a small setup like that.

In some work environments it is - unfortunately - not yet possible to avoid the use of certain shady, non-free services. Even in the area of #freesoftware. Of course, many of us would prefer not to use #Zoom or #Slack etc.

Still, many #job description do not contain any hint, that such tools are used at work. (I'm not looking for a job, so I might have missed a new trend here.) Therefore kudos to #OTS (Open Tech Strategies) for including this warning in their job posting on the #Debian jobs mailing list:

Please note that some of our clients use proprietary communications tools, e.g., Zoom, Google Docs, Slack, etc, and therefore applicants need to be willing to use such tools when interacting with those clients.

https://lists.debian.org/debian-jobs/2021/05/msg00001.html

Nice!

Here’s my (nineteenth) monthly update about the activities I’ve done in the F/L/OSS world.

Debian

This was my 28th month of active contributing to Debian . I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

Crazy month, as always. Lots of things happening and lots of moving parts.
Now that I am working on Ubuntu-full time, I barely get much time to do any extra stuff. Then the massive COVID wave that has plunged India had made this month further crazier. More on that later, maybe. IDK.

Anyway, I did some Debian stuff, thanks to Salzburg BSP (more down below). I worked on the following stuff:

Uploads and bug fixes:

• ruby2.7 (2.7.3-1) - New upstream version, fixing CVE-2021-28965 / #986807 .
• jackson-databind (2.9.8-3+deb10u3) - buster-pu upload, fixing CVE-2020-24616 , CVE-2020-24750 , CVE-2020-25649 , CVE-2020-35490 , CVE-2020-35491 , CVE-2020-35728 , CVE-2020-36179 , CVE-2020-36180 , CVE-2020-36181 , CVE-2020-36182 , CVE-2020-36183 , CVE-2020-36184 , CVE-2020-36185 , CVE-2020-36186 , CVE-2020-36187 , CVE-2020-36188 , CVE-2020-36189 , and CVE-2021-20190 .
• ruby-librarian (0.6.4-3) - Fixing autpkgtest; cf: #987113 .
• opendmarc (1.3.2-6+deb10u2) - buster-pu upload, fixing CVE-2020-12460 / #966464 .
• Sponsored upload of fluidsynth (2.1.7-1.1) to unstable , fixing CVE-2021-28421 / #987168 for Reiner Herrmann.
• Sponsored upload of fluidsynth (1.1.11-1+deb10u1) to buster , fixing CVE-2021-28421 / #987168 for Reiner Herrmann.
• Sponsored upload of libpam-alreadyloggedin (0.3-9) to unstable , fixing #958224 , #986247 , and #969122) ) for Reiner Herrmann.

Other $things:

• Mentoring for newcomers and assisting people in BSP.
• Moderation of -project mailing list.

Salzburg BSP 2021

This was my first virtual BSP and the first BSP in Salzburg and it was absolutely amazing!
Many kudos to Bernd Zeimetz for organizing it so smoothly and wonderfully, for real! \o/

We had a bunch of amazing sessions, besides hacking, of course, like:

• yoga,
• sports,
• games, and
• datacenter tour -> which was super!

We also had lots of things happening at #debian-bsp-2021-szg and did a lot of work.
Whilst everything we did is available on the pad , I work on the following things:

• [deki/utkarsh]: CVE-2021-28421/fluidsynth (sid); cf: #987168/#987471.
• [deki/utkarsh]: CVE-2021-28421/fluidsynth (buster); cf: #987168/#987494.
• [utkarsh]: 18 CVEs for jackson-databind (buster); cf: #987489.
• [utkarsh]: fix for ruby-librarian/#987113 (unblock request: #987501).
• [utkarsh]: 17 CVEs for jackson-databind (stretch); LTS upload.
• [utkarsh]: CVE-2020-12460/opendmarc (stretch); LTS upload.
• [utkarsh]: CVE-2020-12460/opendmarc (buster); cf: #987531.
• [deki/utkarsh]: libpam-alreadyloggedin, broken autopkgtest; #958224
• [deki/utkarsh]: libpam-alreadyloggedin, installed in wrong directory; #986247
• [deki/utkarsh]: libpam-alreadyloggedin, FTCBFS; #969122
• [donfede/utkarsh] 10 CVEs for salt (buster)
• [donfede/utkarsh] 10 CVEs for salt (bullseye)

And finally, we clicked a picture! \o/

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

This was my nineteenth month as a Debian LTS and tenth month as a Debian ELTS paid contributor.
I was assigned 60.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:

LTS CVE Fixes and Announcements:

• Issued DLA 2615-1 , fixing CVE-2020-1946 , for spamassassin .
  For Debian 9 stretch, these problems have been fixed in version 3.4.2-1~deb9u4.
• Issued DLA 2624-1 , fixing CVE-2021-20307 , for libpano13 .
  For Debian 9 stretch, these problems have been fixed in version 2.9.19+dfsg-2+deb9u1.
• Issued DLA 2625-1 , fixing CVE-2021-28374 , for courier-authlib .
  For Debian 9 stretch, these problems have been fixed in version 0.66.4-9+deb9u1.
• Issued DLA 2626-1 , fixing CVE-2021-1405 , for clamav .
  For Debian 9 stretch, these problems have been fixed in version 0.102.4+dfsg-0+deb9u2.
• Uploaded ruby2.7 to sid , fixing CVE-2021-28965 .
  For Debian sid, these problems have been fixed in version 2.7.3-1.
• Issued DLA 2630-1 , fixing CVE-2021-29447 and CVE-2021-29450 , for wordpress .
  For Debian 9 stretch, these problems have been fixed in version 4.7.20+dfsg-1+deb9u1.
• Issued DLA 2633-1 , fixing CVE-2021-23961 , CVE-2021-23994 , CVE-2021-23995 , CVE-2021-23998 , CVE-2021-23999 , CVE-2021-24002 , CVE-2021-29945 , and CVE-2021-29946 , for firefox-esr .
  For Debian 9 stretch, these problems have been fixed in version 78.10.0esr-1~deb9u1. Thanks, Emilio, for all your help on this! \o/
• Issued DLA 2638-1 , fixing CVE-2020-24616 , CVE-2020-24750 , CVE-2020-35490 , CVE-2020-35491 , CVE-2020-35728 , CVE-2020-36179 , CVE-2020-36180 , CVE-2020-36181 , CVE-2020-36182 , CVE-2020-36183 , CVE-2020-36184 , CVE-2020-36185 , CVE-2020-36186 , CVE-2020-36187 , CVE-2020-36188 , CVE-2020-36189 , CVE-2021-20190 , and CVE-2020-25649 , for jackson-databind .
  For Debian 9 stretch, these problems have been fixed in version 2.8.6-1+deb9u9.
• Issued DLA 2639-1 , fixing CVE-2020-12460 , for opendmarc .
  For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u3.
• Uploaded fluidsynth to sid , fixing CVE-2021-28421 .
  For Debian sid, these problems have been fixed in version 2.1.7-1.1. Thanks to Reiner Herrmann for their work.
• Uploaded fluidsynth to buster-pu , fixing CVE-2021-28421 .
  For Debian sid, these problems have been fixed in version 2.1.7-1.1. Thanks to Reiner Herrmann for their work.

ELTS CVE Fixes and Announcements:

• Issued ELA 396-1 , fixing CVE-2021-23358 , for underscore .
  For Debian 8 jessie, these problems have been fixed in version 1.7.0~dfsg-1+deb8u1.
• Issued ELA 397-1 , fixing CVE-2020-1946 , for spamassassin .
  For Debian 8 jessie, these problems have been fixed in version 3.4.2-0+deb8u4.
• Issued ELA 400-1 , fixing CVE-2020-25286 , CVE-2020-28032 , CVE-2020-28033 , CVE-2020-28034 , CVE-2020-28035 , CVE-2020-28036 , CVE-2020-28037 , CVE-2020-28038 , CVE-2020-28039 , and CVE-2020-28040 , for wordpress .
  For Debian 8 jessie, these problems have been fixed in version 4.1.32+dfsg-0+deb8u1.
• Help issued ELA 401-1 , fixing CVE-2021-25329 and CVE-2020-9484 , for tomcat7 , along with Markus.
  For Debian 8 jessie, these problems have been fixed in version 7.0.56-3+really7.0.100-1+deb8u3.
• Issued ELA 403-1 , fixing CVE-2020-24616 , CVE-2020-24750 , CVE-2020-25649 , CVE-2020-35490 , CVE-2020-35491 , CVE-2020-35728 , CVE-2020-36179 , CVE-2020-36180 , CVE-2020-36181 , CVE-2020-36182 , CVE-2020-36183 , CVE-2020-36184 , CVE-2020-36185 , CVE-2020-36186 , CVE-2020-36187 , CVE-2020-36188 , CVE-2020-36189 , and CVE-2021-20190 , for jackson-databind .
  For Debian 8 jessie, these problems have been fixed in version 2.4.2-2+deb8u16.
• Uploaded jackson-databind to buster-pu , fixing CVE-2020-24616 , CVE-2020-24750 , CVE-2020-25649 , CVE-2020-35490 , CVE-2020-35491 , CVE-2020-35728 , CVE-2020-36179 , CVE-2020-36180 , CVE-2020-36181 , CVE-2020-36182 , CVE-2020-36183 , CVE-2020-36184 , CVE-2020-36185 , CVE-2020-36186 , CVE-2020-36187 , CVE-2020-36188 , CVE-2020-36189 , and CVE-2021-20190 .
  For Debian 10 buster, these problems have been fixed in version 2.9.8-3+deb10u3.
• Issued ELA 404-1 , fixing CVE-2021-1405 , for clamav .
  For Debian 8 jessie, these problems have been fixed in version 0.102.4+dfsg-0+deb8u2.
• Issued ELA 409-1 , fixing CVE-2019-16378 and CVE-2020-12460 , for opendmarc .
  For Debian 8 jessie, these problems have been fixed in version 1.3.0+dfsg-1+deb8u1.

Other (E)LTS Work:

• Front-desk duty from 29-03 until 04-04 and then from 26-04 until 02-05 for both LTS and ELTS.
• Triaged spamassassin , codemirror-js , jackson-databind , wordpress , gstreamer , underscore , python-bleach , plinth , libpano13 , salt , dojo , ruby2.7 , firefox-esr , clamav , composter , courier-authlib , opendmarc , openexr , libimage-exiftool-perl , tomcat7 , libjs-handlebars , libnet-netmask-perl , network-manager , and curl .
• Mark CVE-2021-20297/network-manager as not-affected for jessie.
• Mark CVE-2021-22890/curl as not-affected for jessie and stretch.
• Mark CVE-2020-7760/codemirror-js as not-affected for jessie.
• Mark CVE-2021-25122/tomcat8 as not-affected for jessie.
• Mark CVE-2021-XXXX/plinth as no-dsa for stretch.
• Mark CVE-2021-29424/libnet-netmask-perl as no-dsa for stretch.
• Mark CVE-2021-28374/courier-authlib as fixed in 0.58-3.1 for jessie.
• Mark CVE-2021-1252/clamav as not-affected for jessie.
• Mark CVE-2021-1404/clamav as not-affected for jessie.
• Mark CVE-2020-4051/dojo as no-dsa for jessie.
• Mark CVE-2021-29447/wordpress as not-affected for jessie.
• Mark CVE-2021-29450/wordpress as not-affected for jessie.
• Mark CVE-2019-20920/libjs-handlebars as ignored for stretch and jessie.
• Mark CVE-2021-23369/libjs-handlebars as ignored for stretch and jessie.
• Mark CVE-2020-4051/dojo as fixed in 1.15.4+dfsg1-1 for sid and bullseye.
• Mark CVE-2021-28965/ruby2.7 fixed in 2.7.3-1 for sid.
• Mark CVE-2020-12272/opendmarc as postponed for jessie.
• Mark CVE-2021-20296, CVE-2021-3475, CVE-2021-3476, CVE-2021-3477, CVE-2021-3478, and CVE-2021-3479, affecting openexr, as no-dsa for jessie and stretch.
• Suggest proposed fixes for CVE-2021-22876/curl on LTS public list .
• Publish the missing DLA update for website on behalf of the community contribution. Thread here .
• Help suggest and unblock work if FD is missing or something. Thread here .
• Suggest marking CVE-2021-23369/{node,libjs}-handlebars as no-dsa/ignored for all suites. Thread here .
• Help unblock Anton with the failed python2.7 build on i386 by co-ordinating with the sec team. Thread here .
• Private ELTS-related discussion on the ELTS list (+ w/ Raphael).
• Auto EOL’ed webkit2gtk, python-bleach, tika, linux, ircii, spice-vdagent, libspring-security-2.0-java, file-roller, rustc, python-django-registration, gsoap, thunderbird, mosquitto, ruby-sidekiq, gnuchess, libpodofo, unbound, drupal7, 389-ds-base, and scrollz for jessie.
• Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
• General and other discussions on LTS private and public mailing list .

Until next time.
:wq for today.

Značky: #Debian

Happy Free Software Day!

• #gnu - operating system
• #linux - operating system (kernel)
• #debian - operating system
• #neomutt - A console based E-Mail Client
• #xsf - XMPP Standards Foundation
• #profanity - A console based XMPP client
• #movim - Social Media via XMPP
• #gajim - XMPP Client
• #gnupg - Implementation of OpenPGP
• #tmux - terminal multiplexer
• #prosody - XMPP Server
• #ejabberd - XMPP Server
• #jitsi - Video conference
• #i3wm - Windows Manager
• #notmuch - indexing, searching, reading, and tagging email messages
• #FSF / #FSFE Free Software Foundation ( Europe )
• ............

#iloveFS

Gajim 1.3.0 has been released

And it is already in #Debian unstable!

#gajim #jabber #xmpp #federation #freesoftware