Free software activity in May 2026
My Debian contributions this month were all sponsored by Freexian.
You can also support my work directly via Liberapay or GitHub Sponsors.
OpenSSH
I backported various security fixes from 10.3 to trixie, bookworm, bullseye, buster, and stretch. For trixie, I also backported several IPQoS fixes to line up with upstream’s traffic management settings and drop a rather hacky Debian-specific patch; this needed a quick follow-up fix.
I upgraded trixie-backports to 10.3.
I fixed openssh uses pidof but does not depend on procps.
PuTTY
I upgraded from 0.83 to 0.84.
Python packaging
New upstream versions:
- bitstruct
- ormar
- pdm (fixing a build failure)
- pydantic
- pydantic-core
- pydantic-settings
- pyglet (fixing a build failure)
- python-asyncssh
- python-bitarray
- python-btrees
- python-build
- python-certifi
- python-charset-normalizer (fixing a build failure)
- python-fakeredis (contributed supporting fix upstream)
- python-holidays
- python-jsonschema-path
- python-memray (fixing a build failure and CVE-2026-32722)
- python-openapi-schema-validator
- python-pathable
- python-persistent
- python-pyftpdlib
- python-pytest-run-parallel
- sorl-thumbnail
- twisted
- zope.interface
- zope.proxy
Other build/test failures:
- beets
- buildbot (contributed upstream)
- dep-logic (contributed upstream)
- diskcache
- khard
- matplotlib
- mkdocs-rss-plugin
- ormar: compatibility with fastapi 0.125 and pydantic 2.13
- pgzero
- py7zr
- pydantic-extra-types (contributed upstream)
- pydata-sphinx-theme
- python-invocations (contributed upstream)
- python-localzone
- python-maturin
- python-nacl
- python-pampy
- python-treq (contributed upstream, including fixing some CI bitrot)
- python-txrequests (contributed upstream)
Other bugs:
- buildbot: (Build-)depends on deprecated module python3-pkg-resources (contributed upstream)
- pysodium: Depends on cruft package libsodium
- python-fakeredis: lua support not working, breaking django-redis cache locking
- python3.14: Drop libnsl-dev build-dependency
I updated python-treq upstream to stop vendoring multipart, now that the packaging issues with that have been sorted out.
Code reviews
- debmirror: User-Agent blocked by Ubuntu/Launchpad repositories (uploaded, and cherry-picked into trixie)
- pydantic: Fix CVE-2024-3772 in bookworm (merged and uploaded)
- pyodbc: Run SQLite tests (merged and uploaded)
- python-jsonschema-path: Transition to starlette 1.0 (merged and uploaded)
- python-maison: FTBFS with the nocheck build profile (followed up to fix the
nodocbuild profile as well) - python-openapi-core: Transition to starlette 1.0
- python-openapi-schema-validator: Transition to starlette 1.0 (merged and uploaded)
- python-openapi-spec-validator: Transition to starlette 1.0 (merged and uploaded)
- python-pathable: Transition to starlette 1.0 (merged and uploaded)
- python-rich-argparse: New upstream version 1.8.0 (merged and uploaded)
Other bits and pieces
I contributed a debian-policy patch to fix several links related to build profiles.
Comments
With an account on the Fediverse or Mastodon, you can respond to this post. Since Mastodon is decentralized, you can use your existing account hosted by another Mastodon server or compatible platform if you don't have an account on this one. Known non-private replies are displayed below.
Learn how this is implemented here.