Free software activity in July 2024
My Debian contributions this month were all sponsored by Freexian.
You can also support my work directly via Liberapay.
OpenSSH
At the start of the month, I uploaded a quick fix (via Salvatore Bonaccorso) for a regression from CVE-2006-5051, found by Qualys; this was because I expected it to take me a bit longer to merge OpenSSH 9.8, which had the full fix.
This turned out to be a good guess: it took me until the last day of the
month to get the merge done. OpenSSH 9.8 included some substantial changes
to split the server into a listener binary and a per-session binary, which
required some corresponding changes in the GSS-API key exchange patch. At
this point I was very grateful for the GSS-API integration
test
contributed by Andreas Hasenack a little while ago, because otherwise I
might very easily not have noticed my mistake: this patch adds some entries
to the key exchange algorithm proposal, and on the server side I’d
accidentally moved that to after the point where the proposal is sent to the
client, which of course meant it didn’t work at all. Even with a failing
test, it took me quite a while to spot the problem, involving a lot of
staring at strace
output and comparing debug logs between versions.
There are still some regressions to sort out, including a problem with socket activation, and problems in libssh2 and Twisted due to DSA now being disabled at compile-time.
Speaking of DSA, I wrote a release note for this change, which is now merged.
GCC 14 regressions
I fixed a number of build failures with GCC 14, mostly in my older packages: grub (legacy), imaptool, kali, knews, and vigor.
autopkgtest
I contributed a change to allow maintaining Incus container and VM images in parallel. I use both of these regularly (containers are faster, but some tests need full machine isolation), and the build tools previously didn’t handle that very well.
I now have a script that just does this regularly to keep my images up to
date (although for now I’m running this with PATH
pointing to autopkgtest
from git, since my change hasn’t been released yet):
RELEASE=sid autopkgtest-build-incus images:debian/trixie
RELEASE=sid autopkgtest-build-incus --vm images:debian/trixie
Python team
I fixed dnsdiag’s uninstallability in unstable, and contributed the fix upstream.
I reverted python-tenacity to an earlier version due to regressions in a number of OpenStack packages, including octavia and ironic. (This seems to be due to #486 upstream.)
I fixed a build failure in
python3-simpletal due to Python 3.12 removing the old imp
module.
I added non-superficial autopkgtests to a number of packages, including httmock, py-macaroon-bakery, python-libnacl, six, and storm.
I switched a number of packages to build using PEP
517 rather than calling setup.py
directly, including alembic, constantly, hyperlink, isort, khard,
python-cpuinfo, and python3-onelogin-saml2. (Much of this was by working
through the
missing-prerequisite-for-pyproject-backend
Lintian tag, but there’s still lots to do.)
I upgraded frozenlist, ipykernel, isort, langtable, python-exceptiongroup,
python-launchpadlib, python-typeguard, pyupgrade, sqlparse, storm, and
uncertainties to new upstream versions. In the process, I added myself to
Uploaders
for isort, since the previous primary uploader has
retired.
Other odds and ends
I applied a suggestion by Chris Hofstaedtler to create /etc/subuid and /etc/subgid in base-passwd, since the login package is no longer essential.
I fixed a wireless-tools regression due
to iproute2 dropping its (/usr)/sbin/ip
compatibility symlink.
I applied a suggestion by Petter Reinholdtsen to add AppStream metainfo to pcmciautils.