--- /dev/null
+Title: Free software activity in July 2024
+Slug: activity-2024-07
+Date: 2024-08-02 13:27:07 +01:00
+Category: columbiform
+Tags: activity, columbiform, freexian, planet-debian, planet-ubuntu
+
+My Debian contributions this month were all
+[sponsored](https://www.freexian.com/about/debian-contributions/) by
+Freexian.
+
+You can also support my work directly via
+[Liberapay](https://liberapay.com/cjwatson).
+
+## OpenSSH
+
+At the start of the month, I uploaded a quick fix (via Salvatore Bonaccorso)
+for a regression from
+[CVE-2006-5051](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051),
+found by
+[Qualys](https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt);
+this was because I expected it to take me a bit longer to merge OpenSSH
+9.8, which had the full fix.
+
+This turned out to be a good guess: it took me until the last day of the
+month to get the merge done. OpenSSH 9.8 included some substantial changes
+to split the server into a listener binary and a per-session binary, which
+required some corresponding changes in the GSS-API key exchange patch. At
+this point I was very grateful for the [GSS-API integration
+test](https://salsa.debian.org/ssh-team/openssh/-/merge_requests/24)
+contributed by Andreas Hasenack a little while ago, because otherwise I
+might very easily not have noticed my mistake: this patch adds some entries
+to the key exchange algorithm proposal, and on the server side I'd
+accidentally moved that to after the point where the proposal is sent to the
+client, which of course meant it didn't work at all. Even with a failing
+test, it took me quite a while to spot the problem, involving a lot of
+staring at `strace` output and comparing debug logs between versions.
+
+There are still some regressions to sort out, including a [problem with
+socket activation](https://bugs.debian.org/1077765), and problems in
+[libssh2](https://bugs.debian.org/1077735) and
+[Twisted](https://github.com/twisted/twisted/issues/12273) due to DSA now
+being disabled at compile-time.
+
+Speaking of DSA, I wrote a [release
+note](https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/209)
+for this change, which is now merged.
+
+## GCC 14 regressions
+
+I fixed a number of build failures with GCC 14, mostly in my older packages:
+[grub (legacy)](https://bugs.debian.org/1075047),
+[imaptool](https://bugs.debian.org/1075089),
+[kali](https://bugs.debian.org/1075107),
+[knews](https://bugs.debian.org/1075114), and
+[vigor](https://bugs.debian.org/1075619).
+
+## autopkgtest
+
+I contributed a change to [allow maintaining Incus container and VM images
+in
+parallel](https://salsa.debian.org/ci-team/autopkgtest/-/merge_requests/371).
+I use both of these regularly (containers are faster, but some tests need
+full machine isolation), and the build tools previously didn't handle that
+very well.
+
+I now have a script that just does this regularly to keep my images up to
+date (although for now I'm running this with `PATH` pointing to autopkgtest
+from git, since my change hasn't been released yet):
+
+ :::sh
+ RELEASE=sid autopkgtest-build-incus images:debian/trixie
+ RELEASE=sid autopkgtest-build-incus --vm images:debian/trixie
+
+## Python team
+
+I fixed dnsdiag's uninstallability in unstable, and [contributed the fix
+upstream](https://github.com/farrokhi/dnsdiag/pull/116).
+
+I reverted python-tenacity to an earlier version due to regressions in a
+number of OpenStack packages, including
+[octavia](https://bugs.debian.org/1074690) and
+[ironic](https://bugs.debian.org/1074730). (This seems to be due to
+[#486](https://github.com/jd/tenacity/issues/486) upstream.)
+
+I fixed a [build failure](https://bugs.debian.org/1074669) in
+python3-simpletal due to Python 3.12 removing the old `imp` module.
+
+I added non-superficial autopkgtests to a number of packages, including
+httmock, py-macaroon-bakery, python-libnacl, six, and storm.
+
+I switched a number of packages to build using [PEP
+517](https://peps.python.org/pep-0517/) rather than calling `setup.py`
+directly, including alembic, constantly, hyperlink, isort, khard,
+python-cpuinfo, and python3-onelogin-saml2. (Much of this was by working
+through the
+[missing-prerequisite-for-pyproject-backend](https://udd.debian.org/lintian/?email1=team%2Bpython%40tracker.debian.org<_information=on&lintian_tag=missing-prerequisite-for-pyproject-backend)
+Lintian tag, but there's still lots to do.)
+
+I upgraded frozenlist, ipykernel, isort, langtable, python-exceptiongroup,
+python-launchpadlib, python-typeguard, pyupgrade, sqlparse, storm, and
+uncertainties to new upstream versions. In the process, I added myself to
+`Uploaders` for isort, since the previous primary uploader has
+[retired](https://bugs.debian.org/1041185).
+
+## Other odds and ends
+
+I applied a suggestion by Chris Hofstaedtler to [create /etc/subuid and
+/etc/subgid](https://bugs.debian.org/1074121) in base-passwd, since the
+login package is no longer essential.
+
+I fixed a [wireless-tools regression](https://bugs.debian.org/1076623) due
+to iproute2 dropping its `(/usr)/sbin/ip` compatibility symlink.
+
+I applied a suggestion by Petter Reinholdtsen to [add AppStream
+metainfo](https://bugs.debian.org/1077051) to pcmciautils.
~cjwatson / blog.git / commitdiff