Free software activity in May 2026
My Debian contributions this month were all sponsored by Freexian.
You can also support my work directly via Liberapay or GitHub Sponsors.
OpenSSH
I backported various security fixes from 10.3 to trixie, bookworm, bullseye, buster, and stretch. For trixie, I also backported several IPQoS fixes to line up with upstream’s traffic management settings and drop a rather hacky Debian-specific patch; this needed a quick follow-up fix.
I upgraded trixie-backports to 10.3.
I fixed openssh uses pidof but does not depend on procps.
PuTTY
I upgraded from 0.83 to 0.84.
Python packaging
New upstream versions:
- bitstruct
- ormar
- pdm (fixing a build failure)
- pydantic
- pydantic-core
- pydantic-settings
- pyglet (fixing a build failure)
- python-asyncssh
- python-bitarray
- python-btrees
- python-build
- python-certifi
- python-charset-normalizer (fixing a build failure)
- python-fakeredis (contributed supporting fix upstream)
- python-holidays
- python-jsonschema-path
- python-memray (fixing a build failure and CVE-2026-32722)
- python-openapi-schema-validator
- python-pathable
- python-persistent
- python-pyftpdlib
- python-pytest-run-parallel
- sorl-thumbnail
- twisted
- zope.interface
- zope.proxy
Other build/test failures:
- beets
- buildbot (contributed upstream)
- dep-logic (contributed upstream)
- diskcache
- khard
- matplotlib
- mkdocs-rss-plugin
- ormar: compatibility with fastapi 0.125 and pydantic 2.13
- pgzero
- py7zr
- pydantic-extra-types (contributed upstream)
- pydata-sphinx-theme
- python-invocations (contributed upstream)
- python-localzone
- python-maturin
- python-nacl
- python-pampy
- python-treq (contributed upstream, including fixing some CI bitrot)
- python-txrequests (contributed upstream)
Other bugs:
- buildbot: (Build-)depends on deprecated module python3-pkg-resources (contributed upstream)
- pysodium: Depends on cruft package libsodium
- python-fakeredis: lua support not working, breaking django-redis cache locking
- python3.14: Drop libnsl-dev build-dependency
I updated python-treq upstream to stop vendoring multipart, now that the packaging issues with that have been sorted out.
Code reviews
- debmirror: User-Agent blocked by Ubuntu/Launchpad repositories (uploaded, and cherry-picked into trixie)
- pydantic: Fix CVE-2024-3772 in bookworm (merged and uploaded)
- pyodbc: Run SQLite tests (merged and uploaded)
- python-jsonschema-path: Transition to starlette 1.0 (merged and uploaded)
- python-maison: FTBFS with the nocheck build profile (followed up to fix the
nodocbuild profile as well) - python-openapi-core: Transition to starlette 1.0
- python-openapi-schema-validator: Transition to starlette 1.0 (merged and uploaded)
- python-openapi-spec-validator: Transition to starlette 1.0 (merged and uploaded)
- python-pathable: Transition to starlette 1.0 (merged and uploaded)
- python-rich-argparse: New upstream version 1.8.0 (merged and uploaded)
Other bits and pieces
I contributed a debian-policy patch to fix several links related to build profiles.