Free software activity in October 2025
About 95% of my Debian contributions this month were sponsored by Freexian.
You can also support my work directly via Liberapay or GitHub Sponsors.
OpenSSH
OpenSSH upstream released 10.1p1 this month, so I upgraded to that. In the process, I reverted a Debian patch that changed IP quality-of-service defaults, which made sense at the time but has since been reworked upstream anyway, so it makes sense to find out whether we still have similar problems. So far I haven’t heard anything bad in this area.
10.1p1 caused a regression in the ssh-agent-filter package’s tests, which I bisected and chased up with upstream.
10.1p1 also had a few other user-visible regressions (#1117574, #1117594, #1117638, #1117720); I upgraded to 10.2p1 which fixed some of these, and contributed some upstream debugging help to clear up the rest. While I was there, I also fixed ssh-session-cleanup: fails due to wrong $ssh_session_pattern in our packaging.
Finally, I got all this into trixie-backports, which I intend to keep up to date throughout the forky development cycle.
Python packaging
For some time, ansible-core has had occasional autopkgtest failures that
usually go away before anyone has a chance to look into them properly. I
ran into these via openssh recently and decided to track them down. It
turns out that they only happened when the libpython3.13-stdlib package
had different versions in testing and unstable, because an integration test
setup script made a change that would be reverted if that package was ever
upgraded in the testbed, and one of the integration tests accidentally
failed to disable system apt sources comprehensively enough while testing
the behaviour of the ansible.builtin.apt module. I fixed this in
Debian
and contributed the relevant part
upstream.
We’ve started working on enabling Python 3.14 as a supported version in Debian. I fixed or helped to fix a number of packages for this:
- cxxopt
- cython
- m2crypto
- pymongo (already fixed by Alexandre Detiste, but after checking this I took the opportunity to simplify its arrangements for disabling broken tests and to switch to autopkgtest-pkg-pybuild)
- python-cytoolz
- python-lz4
- python-msgspec
I upgraded these packages to new upstream versions:
- aiomysql (fixing CVE-2025-62611)
- audioread
- bitstruct
- black (fixing a build failure)
- blake3-py
- buildbot (fixing a regression)
- cxxopt
- django-cte
- django-pipeline
- django-q
- isort
- khard
- lazy-object-proxy (fixing a build failure)
- psycopg3 (fixing a build failure)
- pydantic
- pydantic-core
- pydantic-extra-types
- pytest-mock
- pytest-rerunfailures
- python-bcrypt
- python-bitarray
- python-confluent-kafka (#1089748)
- python-crispy-bootstrap4
- python-crispy-bootstrap5
- python-django-mptt
- python-ewoksppf (fixing a build failure)
- python-greenlet (fixing a build failure on powerpc and a Python 3.14 build failure)
- python-gssapi
- python-holidays
- python-persistent
- python-pyluach
- python-pytest-asyncio
- python-pytest-run-parallel
- python-pytokens (contributed supporting fix upstream)
- python-semantic-release
- python-stdlib-list
- python-tblib
- python-telethon
- python-treq
- python-typing-inspection
- python-watchfiles
- pyupgrade
- rpds-py (fixing a build failure)
- zope.hookable
- zope.schema
- zope.testrunner (removing run-time dependency on setuptools)
I packaged python-blockbuster and python-pytokens, needed as new dependencies of various other packages.
Santiago Vila filed a batch of
bugs
about packages that fail to build when using the nocheck build
profile, and I fixed several of
these (generally just a matter of adjusting build-dependencies):
- pastedeploy (#1116833)
- python-ewokscore (#1116858)
- python-ewoksdask (#1116859)
- python-ewoksorange (#1116862)
- python-odmantic (#1116866)
- python-processview (#1116871)
- python-semantic-release (#1116881)
- sqlfluff (#1116916)
I helped out with the scikit-learn 1.7 transition:
I fixed or helped to fix several other build/test failures:
- beangulp (contributed upstream)
- beanquery
- buildbot (contributed upstream)
- celery (contributed upstream)
- cython (only on i386; involved a rather slow bisection process first)
- django-measurement
- django-select2
- ocrmypdf (partial investigation, still open)
- poetry-plugin-export
- pytest-aiohttp
- python-aiohttp-session
- python-cups (cross-building)
- python-django-postgres-extra (actually needed a fix in python-django)
- python-fabio
- python-jellyfish (contributed upstream)
- python-maturin (thanks to a patch from Peter Michael Green in #1115459)
- python-requests-oauthlib
- python-telethon
- python-webargs
- silx
- sphinx-inline-tabs
I fixed some other bugs:
- cython: The man page is
/usr/bin/env: 'python': No such file or directory - depthcharge-tools: SyntaxWarnings with Python 3.12 about invalid escape sequences (contributed upstream a while ago)
- django-auditlog: Please drop dependencies on python3-pytzdata
- pysmi: Might trigger: AttributeError: module ‘importlib’ has no attribute ‘machinery’ (attempted to contribute upstream, although that repository is dead)
- python-msgspec: Please use pseudo-packages for architecture whitelisting
- python-tomlkit: Binary package rejected
I investigated a python-py build failure, which turned out to have been fixed in Python 3.13.9.
I adopted zope.hookable and zope.location for the Python team.
Following an IRC question, I ported linux-gpib-user to pybuild-plugin-pyproject, and added tests to make sure the resulting binary package layout is correct.
Rust packaging
Another Pydantic upgrade meant I had to upgrade a corresponding stack of Rust packages to new upstream versions:
- rust-idna
- rust-jiter
- rust-pyo3
- rust-regex
- rust-regex-automata
- rust-speedate
- rust-uuid
I also upgraded rust-archery and rust-rpds.
Other bits and pieces
I fixed a few bugs in other packages I maintain:
- halibut: FTCBFS: passes host flags to the build compiler
- iprutils: No package available for other architectures
I investigated a malware report against tini, which I think we can prove to be a false positive (at least under the reasonable assumption that there isn’t malware hiding in libgcc or glibc). Yay for reproducible builds!
I noticed and fixed a small UI deficiency in debbugs, making the checkboxes under “Misc options” on package pages easier to hit. This is merged but we haven’t yet deployed it.
I notced and fixed a typo in the Being kind to porters section of the Debian Developer’s Reference.
Code reviews
- base-passwd: Add clock group (rejected)
- debbugs: Fix dep8 autopkgtests, make Salsa CI fully green (reviewed, awaiting revisions)
- python-gmpy2: FTBFS (sponsored fix for Martin Kelly)
Comments
With an account on the Fediverse or Mastodon, you can respond to this post. Since Mastodon is decentralized, you can use your existing account hosted by another Mastodon server or compatible platform if you don't have an account on this one. Known non-private replies are displayed below.
Learn how this is implemented here.