Hi, I am funded by Freexian SARL and thus reporting about my work in April 2023.
(E)LTS ====== I issued DLA-3393-1 and ELA-836-1 for protobuf in buster, stretch and jessie. In that process, I deemed three out of six vulnerabilities (all being denial of service conditions in the Java implementation) as not backportable. The others were backportable with noticeable changes. I also assisted with reviewing the dnsmasq update. Debian funding ============== The changes to dpkg proposed as DEP17 were heavily discussed in April. The solution space has significantly widened and I spend significant time analyzing the effects of moving all files to their canonical locations and their impacts on various tools such as dpkg, dpkg-divert, update-alternatives, and dpkg-statoverride. Debian ====== As usual, I continued maintaining rebootstrap. During the freeze, there is little breakage in the toolchain, so I could handle issues for specific architectures including loong64, a new riscv32 architecture, sparc (32), and x32. I sent patches for 13 cross build failures in unstable. As a side quest of DEP17, I looked into missing Breaks + Replaces declarations and files 104 rc bugs about them. Helmut
