Monthly report about Debian Long Term Support, October 2023

Like each month, have a look at the work funded by Freexian’s Debian LTS offering.

Debian LTS contributors

In October, 18 contributors have been paid to work on Debian LTS, their reports are available:

• Adrian Bunk did 8.0h (out of 7.75h assigned and 10.0h from previous period), thus carrying over 9.75h to the next month.
• Anton Gladky did 9.5h (out of 9.5h assigned and 5.5h from previous period), thus carrying over 5.5h to the next month.
• Bastien Roucariès did 16.0h (out of 16.75h assigned and 1.0h from previous period), thus carrying over 1.75h to the next month.
• Ben Hutchings did 8.0h (out of 17.75h assigned), thus carrying over 9.75h to the next month.
• Chris Lamb did 17.0h (out of 17.75h assigned), thus carrying over 0.75h to the next month.
• Emilio Pozuelo Monfort did 17.5h (out of 17.75h assigned), thus carrying over 0.25h to the next month.
• Guilhem Moulin did 9.75h (out of 17.75h assigned), thus carrying over 8.0h to the next month.
• Helmut Grohne did 1.5h (out of 10.0h assigned), thus carrying over 8.5h to the next month.
• Lee Garrett did 10.75h (out of 17.75h assigned), thus carrying over 7.0h to the next month.
• Markus Koschany did 30.0h (out of 30.0h assigned).
• Ola Lundqvist did 4.0h (out of 0h assigned and 19.5h from previous period), thus carrying over 15.5h to the next month.
• Roberto C. Sánchez did 12.0h (out of 5.0h assigned and 7.0h from previous period).
• Santiago Ruano Rincón did 13.625h (out of 7.75h assigned and 8.25h from previous period), thus carrying over 2.375h to the next month.
• Sean Whitton did 13.0h (out of 6.0h assigned and 7.0h from previous period).
• Sylvain Beucler did 7.5h (out of 11.25h assigned and 6.5h from previous period), thus carrying over 10.25h to the next month.
• Thorsten Alteholz did 14.0h (out of 14.0h assigned).
• Tobias Frost did 16.0h (out of 9.25h assigned and 6.75h from previous period).
• Utkarsh Gupta did 0.0h (out of 0.75h assigned and 17.0h from previous period), thus carrying over 17.75h to the next month.

Evolution of the situation

In October, we have released 49 DLAs.

Of particular note in the month of October, LTS contributor Chris Lamb issued DLA 3627-1 pertaining to Redis, the popular key-value database similar to Memcached, which was vulnerable to an authentication bypass vulnerability. Fixing this vulnerability involved dealing with a race condition that could allow another process an opportunity to establish an otherwise unauthorized connection. LTS contributor Markus Koschany was involved in the mitigation of CVE-2023-44487, which is a protocol-level vulnerability in the HTTP/2 protocol. The impacts within Debian involved multiple packages, across multiple releases, with multiple advisories being released (both DSA for stable and old-stable, and DLA for LTS). Markus reviewed patches and security updates prepared by other Debian developers, investigated reported regressions, provided patches for the aforementioned regressions, and issued several security updates as part of this.

Additionally, as MariaDB 10.3 (the version originally included with Debian buster) passed end-of-life earlier this year, LTS contributor Emilio Pozuelo Monfort has begun investigating the feasibility of backporting MariaDB 10.11. The work is in early stages, with much testing and analysis remaining before a final decision can be made, as this only one of several available potential courses of action concerning MariaDB.

Finally, LTS contributor Lee Garrett has invested considerable effort into the development the Functional Test Framework here. While so far only an initial version has been published, it already has several features which we intend to begin leveraging for testing of LTS packages. In particular, the FTF supports provisioning multiple VMs for the purposes of performing functional tests of network-facing services (e.g., file services, authentication, etc.). These tests are in addition to the various unit-level tests which are executed during package build time. Development work will continue on FTF and as it matures and begins to see wider use within LTS we expect to improve the quality of the updates we publish.

Thanks to our sponsors

Sponsors that joined recently are in bold.

• Platinum sponsors:
  • TOSHIBA (for 98 months)
  • Civil Infrastructure Platform (CIP) (for 66 months)
• Gold sponsors:
  • Roche Diagnostics International AG (for 109 months)
  • Linode (for 103 months)
  • Babiel GmbH (for 92 months)
  • Plat’Home (for 92 months)
  • University of Oxford (for 48 months)
  • Deveryware (for 35 months)
  • VyOS Inc (for 30 months)
  • EDF SA (for 19 months)
• Silver sponsors:
  • Domeneshop AS (for 113 months)
  • Nantes Métropole (for 107 months)
  • Univention GmbH (for 99 months)
  • Université Jean Monnet de St Etienne (for 99 months)
  • Ribbon Communications, Inc. (for 93 months)
  • Exonet B.V. (for 83 months)
  • Leibniz Rechenzentrum (for 77 months)
  • CINECA (for 66 months)
  • Ministère de l’Europe et des Affaires Étrangères (for 60 months)
  • Cloudways Ltd (for 50 months)
  • Dinahosting SL (for 48 months)
  • Bauer Xcel Media Deutschland KG (for 42 months)
  • Platform.sh (for 42 months)
  • Moxa Inc. (for 36 months)
  • sipgate GmbH (for 33 months)
  • OVH US LLC (for 31 months)
  • Tilburg University (for 31 months)
  • GSI Helmholtzzentrum für Schwerionenforschung GmbH (for 23 months)
  • Soliton Systems K.K. (for 20 months)
• Bronze sponsors:
  • Evolix (for 114 months)
  • Seznam.cz, a.s. (for 114 months)
  • Intevation GmbH (for 111 months)
  • Linuxhotel GmbH (for 111 months)
  • Daevel SARL (for 109 months)
  • Bitfolk LTD (for 108 months)
  • Megaspace Internet Services GmbH (for 108 months)
  • Greenbone AG (for 107 months)
  • NUMLOG (for 107 months)
  • WinGo AG (for 107 months)
  • Ecole Centrale de Nantes - LHEEA (for 103 months)
  • Entr’ouvert (for 98 months)
  • Adfinis AG (for 95 months)
  • GNI MEDIA (for 90 months)
  • Laboratoire LEGI - UMR 5519 / CNRS (for 90 months)
  • Tesorion (for 90 months)
  • Bearstech (for 81 months)
  • LiHAS (for 81 months)
  • Catalyst IT Ltd (for 76 months)
  • Supagro (for 71 months)
  • Demarcq SAS (for 70 months)
  • Université Grenoble Alpes (for 56 months)
  • TouchWeb SAS (for 48 months)
  • SPiN AG (for 45 months)
  • CoreFiling (for 40 months)
  • Institut des sciences cognitives Marc Jeannerod (for 35 months)
  • Observatoire des Sciences de l’Univers de Grenoble (for 32 months)
  • Tem Innovations GmbH (for 27 months)
  • WordFinder.pro (for 26 months)
  • CNRS DT INSU Résif (for 25 months)
  • Alter Way (for 18 months)
  • Institut Camille Jordan (for 7 months)

by Roberto C. Sánchez 13 Nov, 2023 . Tags : debian-lts, planet-debian, report , 1007 Words.