From ffc994c226410089d928fb457a63d009f5e98acc Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 2 Aug 2024 13:31:20 +0100 Subject: [PATCH] Free software activity in July 2024 --- content/activity-2024-07.md | 115 ++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 content/activity-2024-07.md diff --git a/content/activity-2024-07.md b/content/activity-2024-07.md new file mode 100644 index 00000000..63b22320 --- /dev/null +++ b/content/activity-2024-07.md @@ -0,0 +1,115 @@ +Title: Free software activity in July 2024 +Slug: activity-2024-07 +Date: 2024-08-02 13:27:07 +01:00 +Category: columbiform +Tags: activity, columbiform, freexian, planet-debian, planet-ubuntu + +My Debian contributions this month were all +[sponsored](https://www.freexian.com/about/debian-contributions/) by +Freexian. + +You can also support my work directly via +[Liberapay](https://liberapay.com/cjwatson). + +## OpenSSH + +At the start of the month, I uploaded a quick fix (via Salvatore Bonaccorso) +for a regression from +[CVE-2006-5051](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051), +found by +[Qualys](https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt); +this was because I expected it to take me a bit longer to merge OpenSSH +9.8, which had the full fix. + +This turned out to be a good guess: it took me until the last day of the +month to get the merge done. OpenSSH 9.8 included some substantial changes +to split the server into a listener binary and a per-session binary, which +required some corresponding changes in the GSS-API key exchange patch. At +this point I was very grateful for the [GSS-API integration +test](https://salsa.debian.org/ssh-team/openssh/-/merge_requests/24) +contributed by Andreas Hasenack a little while ago, because otherwise I +might very easily not have noticed my mistake: this patch adds some entries +to the key exchange algorithm proposal, and on the server side I'd +accidentally moved that to after the point where the proposal is sent to the +client, which of course meant it didn't work at all. Even with a failing +test, it took me quite a while to spot the problem, involving a lot of +staring at `strace` output and comparing debug logs between versions. + +There are still some regressions to sort out, including a [problem with +socket activation](https://bugs.debian.org/1077765), and problems in +[libssh2](https://bugs.debian.org/1077735) and +[Twisted](https://github.com/twisted/twisted/issues/12273) due to DSA now +being disabled at compile-time. + +Speaking of DSA, I wrote a [release +note](https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/209) +for this change, which is now merged. + +## GCC 14 regressions + +I fixed a number of build failures with GCC 14, mostly in my older packages: +[grub (legacy)](https://bugs.debian.org/1075047), +[imaptool](https://bugs.debian.org/1075089), +[kali](https://bugs.debian.org/1075107), +[knews](https://bugs.debian.org/1075114), and +[vigor](https://bugs.debian.org/1075619). + +## autopkgtest + +I contributed a change to [allow maintaining Incus container and VM images +in +parallel](https://salsa.debian.org/ci-team/autopkgtest/-/merge_requests/371). +I use both of these regularly (containers are faster, but some tests need +full machine isolation), and the build tools previously didn't handle that +very well. + +I now have a script that just does this regularly to keep my images up to +date (although for now I'm running this with `PATH` pointing to autopkgtest +from git, since my change hasn't been released yet): + + :::sh + RELEASE=sid autopkgtest-build-incus images:debian/trixie + RELEASE=sid autopkgtest-build-incus --vm images:debian/trixie + +## Python team + +I fixed dnsdiag's uninstallability in unstable, and [contributed the fix +upstream](https://github.com/farrokhi/dnsdiag/pull/116). + +I reverted python-tenacity to an earlier version due to regressions in a +number of OpenStack packages, including +[octavia](https://bugs.debian.org/1074690) and +[ironic](https://bugs.debian.org/1074730). (This seems to be due to +[#486](https://github.com/jd/tenacity/issues/486) upstream.) + +I fixed a [build failure](https://bugs.debian.org/1074669) in +python3-simpletal due to Python 3.12 removing the old `imp` module. + +I added non-superficial autopkgtests to a number of packages, including +httmock, py-macaroon-bakery, python-libnacl, six, and storm. + +I switched a number of packages to build using [PEP +517](https://peps.python.org/pep-0517/) rather than calling `setup.py` +directly, including alembic, constantly, hyperlink, isort, khard, +python-cpuinfo, and python3-onelogin-saml2. (Much of this was by working +through the +[missing-prerequisite-for-pyproject-backend](https://udd.debian.org/lintian/?email1=team%2Bpython%40tracker.debian.org<_information=on&lintian_tag=missing-prerequisite-for-pyproject-backend) +Lintian tag, but there's still lots to do.) + +I upgraded frozenlist, ipykernel, isort, langtable, python-exceptiongroup, +python-launchpadlib, python-typeguard, pyupgrade, sqlparse, storm, and +uncertainties to new upstream versions. In the process, I added myself to +`Uploaders` for isort, since the previous primary uploader has +[retired](https://bugs.debian.org/1041185). + +## Other odds and ends + +I applied a suggestion by Chris Hofstaedtler to [create /etc/subuid and +/etc/subgid](https://bugs.debian.org/1074121) in base-passwd, since the +login package is no longer essential. + +I fixed a [wireless-tools regression](https://bugs.debian.org/1076623) due +to iproute2 dropping its `(/usr)/sbin/ip` compatibility symlink. + +I applied a suggestion by Petter Reinholdtsen to [add AppStream +metainfo](https://bugs.debian.org/1077051) to pcmciautils. -- 2.30.2