Free software activity in February 2025
Most of my Debian contributions this month were sponsored by Freexian.
You can also support my work directly via Liberapay.
OpenSSH
OpenSSH upstream released 9.9p2 with fixes for CVE-2025-26465 and CVE-2025-26466. I got a heads-up on this in advance from the Debian security team, and prepared updates for all of testing/unstable, bookworm (Debian 12), bullseye (Debian 11), buster (Debian 10, LTS), and stretch (Debian 9, ELTS). jessie (Debian 8) is also still in ELTS for a few more months, but wasn’t affected by either vulnerability.
Although I’m not particularly active in the Perl team, I fixed a libnet-ssleay-perl build failure because it was blocking openssl from migrating to testing, which in turn was blocking the above openssh fixes.
I also sent a minor sshd -T
fix upstream, simplified
a number of autopkgtests using the newish Restrictions:
needs-sudo facility, and prepared for
removing the obsolete slogin symlink.
PuTTY
I upgraded to the new upstream version 0.83.
GCC 15 build failures
I fixed build failures with GCC 15 in a few packages:
Python team
A lot of my Python team work is driven by its maintainer
dashboard.
Now that we’ve finished the transition to Python 3.13 as the default
version, and inspired by a recent debian-devel thread started by
Santiago, I
thought it might be worth spending a bit of time on the “uscan error”
section. uscan is typically
scraping upstream web sites to figure out whether new versions are
available, and so it’s easy for its configuration to become outdated or
broken. Most of this work is pretty boring, but it can often reveal
situations where we didn’t even realize that a Debian package was out of
date. I fixed these packages:
- cssutils (this in particular was very out of date due to a new and active upstream maintainer since 2021)
- django-assets
- django-celery-email
- django-sass
- django-yarnpkg
- json-tricks
- mercurial-extension-utils
- pydbus
- pydispatcher
- pylint-celery
- pyspread
- pytest-pretty
- python-apptools
- python-django-libsass (contributed a packaging fix upstream in passing)
- python-django-postgres-extra
- python-django-waffle
- python-ephemeral-port-reserve
- python-ifaddr
- python-log-symbols
- python-msrest
- python-msrestazure
- python-netdisco
- python-pathtools
- python-user-agents
- sinntp
- wchartype
I upgraded these packages to new upstream versions:
- cssutils (contributed a packaging tweak upstream)
- django-iconify
- django-sass
- domdf-python-tools
- extra-data (fixing a numpy 2.0 failure)
- flufl.i18n
- json-tricks
- jsonpickle
- mercurial-extension-utils
- mod-wsgi
- nbconvert
- orderly-set
- pydispatcher (contributed a Python 3.12 fix upstream)
- pylint
- pytest-rerunfailures
- python-asyncssh
- python-box (contributed a packaging fix upstream)
- python-charset-normalizer
- python-django-constance
- python-django-guid
- python-django-pgtrigger
- python-django-waffle
- python-djangorestframework-simplejwt
- python-formencode
- python-holidays (contributed a test fix upstream)
- python-legacy-cgi
- python-marshmallow-polyfield (fixing a test failure)
- python-model-bakery
- python-mrcz (fixing a numpy 2.0 failure)
- python-netdisco
- python-npe2
- python-persistent
- python-pkginfo (fixing a test failure)
- python-proto-plus
- python-requests-ntlm
- python-roman
- python-semantic-release
- python-setproctitle
- python-stdlib-list
- python-trustme
- python-typeguard (fixing a test failure)
- python-tzlocal
- pyzmq
- setuptools-scm
- sqlfluff
- stravalib
- tomopy
- trove-classifiers
- xhtml2pdf (fixing CVE-2024-25885)
- xonsh
- zodbpickle
- zope.deprecation
- zope.testrunner
In bookworm-backports, I updated python-django to 3:4.2.18-1 (issuing BSA-121) and added new backports of python-django-dynamic-fixture and python-django-pgtrigger, all of which are dependencies of debusine.
I went through all the build failures related to python-click 8.2.0 (which was confusingly tagged but not fully released upstream and posted an analysis.
I fixed or helped to fix various other build/test failures:
- cython
- dask
- deepdish
- hickle (contributed upstream)
- mdp (contributed upstream)
- mypy
- pillow
- pynput
- python-fonticon-fontawesome6
- python-persistent (contributed upstream)
- python-srsly
I dropped support for the old setup.py ftest
command from
zope.testrunner upstream.
I fixed various odds and ends of bugs:
- django-memoize: autopkgtest must be marked superficial
- extra-data: extra-data: please add autopkgtests (to add coverage for python3-numpy)
- fpylll: missing dependency on numpy abi
- python-box: autopkgtest must be marked superficial
- python-hdmedians: missing dependency on numpy abi
- python-legacy-cgi: missing requirement: openstack-pkg-tools
- python-tzlocal: doesn’t run any tests during the build or as autopkgtest
- requests: will FTBFS during trixie support period (contributed supporting fix upstream)
- setuptools-scm: project was renamed from
setuptools_scmtosetuptools-scm
Installer team
Following up on last month, I merged and
uploaded Helmut’s /usr-move
fix.
Comments
With an account on the Fediverse or Mastodon, you can respond to this post. Since Mastodon is decentralized, you can use your existing account hosted by another Mastodon server or compatible platform if you don't have an account on this one. Known non-private replies are displayed below.
Learn how this is implemented here.