Free software activity in June 2026
My Debian contributions this month were all sponsored by Freexian.
You can also support my work directly via Liberapay or GitHub Sponsors. Thanks to new sponsor @fernandocc17!
bugs.debian.org documentation
Sometimes I ask users to file bugs upstream themselves because I think they’d be better placed to have the ensuing discussion with the upstream maintainers directly rather than everything having to go through me. Of course sometimes they don’t want to do so, perhaps because it requires creating another account somewhere. Rarely, I’ve had people refuse to do this because the letter of the bug tracking system’s documentation seemed to tell them not to. Since I don’t believe that was the intention, I corrected this.
OpenSSH
I spent two and a half hours extensively revising debian/copyright so that lrc believes it to be in sync with the output of licensecheck. I’m unconvinced that this was remotely worth the mind-numbing effort - as far as I can tell, it makes no difference to the practical legal position, to policy compliance, or to any reasonable user - but the DFSG team increasingly seems to be objecting to any discrepancies here any time a package crosses their radar, so this was a pre-emptive measure to avoid problems with some upcoming trips through the NEW queue.
OpenSSL 4.0
I fielded a few of the OpenSSL 4.0 build failure bugs:
- omniorb-dfsg (along with upgrading to 4.3.4)
- openssh
- yubihsm-shell
Python packaging
New upstream versions:
- certipy
- juptyer-server (fixing CVE-2025-61669, CVE-2026-35397, CVE-2026-40110, and CVE-2026-40934)
- magicgui
- pydantic
- pydantic-core
- pydantic-settings
- pylint
- pytest-rerunfailures (fixing a build failure with pytest 9.1)
- python-certifi
- python-django-celery-beat
- python-numpy-groupies
- python-packaging (aided by Debusine testing of reverse-dependencies)
- python-pytest-run-parallel
- python-pytest-unmagic
- python-service-identity
- python-tabulate
- python-urllib3 (fixing CVE-2026-9375 and CVE-2026-44432)
- python-watchfiles
- python-yubihsm
- responses
- uncertainties
pytest 9.1 was uploaded to unstable this month, resulting in quite a few new build/test failure bugs. I tried to keep on top of as many of these as I could; most of them had one of a small number of similar causes.
- domdf-python-tools (contributed upstream)
- flask-caching (contributed upstream)
- magicgui (contributed upstream)
- pydantic-core
- pydantic-extra-types (contributed upstream)
- pydantic (contributed upstream)
- pylint
- pytest-codeblocks
- python-docx (contributed upstream)
- python-numpy-groupies (contributed upstream)
- python-openapi-core (contributed upstream)
- python-urllib3 (contributed upstream)
- python-watchfiles
- sphinx-automodapi
Python 3.14 became the default Python version in unstable towards the end of the month, starting a transition. These usually involve quite a bit of work, and there’s much more to do, but I fixed a few things:
- depthcharge-tools: Traceback with 3.14: args for positionals must be != 0
- domdf-python-tools: autopkgtest failure with Python 3.14
Other build/test failures:
- dh-python: Dependency parsing is too picky about spacing
- psygnal: Allow building without msgspec
- pydantic-core: Accept and require uuid 1.23.0, now that it’s in Debian
- pygame: FTBFS: FAIL: test_fill_rle (pygame.tests.surface_test.SurfaceTypeTest.test_fill_rle)
- pyro5: FTBFS: Unable to determine debhelper compatibility version
- python-persistent: Bump timeout in test_rapid_create_destroy_cycle (contributed upstream)
- python-yubihsm: Depends: python3-cryptography (< 47) but 47.0.0-1 is to be installed
- sphinx-gallery: <!nodoc> build dependency removed from testing
- tpm2-pytss: Fix support for cryptography 47
- twisted: Tests fail with pyopenssl 26.3.0: module ‘OpenSSL.crypto’ has no attribute ‘X509Req’
Other bugs:
- psygnal: Fix reproducibility
- python-nacl: Updating the python-nacl Uploaders list
- python-tabulate: Fails to build source after successful build
- tpm2-pytss: Fails to build source after successful build
Rust packaging
New upstream versions:
- rust-asn1 (needed by new python-cryptography)
- rust-asn1-derive
Code reviews
- buildbot: [INTL:sv] Swedish translation of debconf templates (merged and uploaded)
- openssh: Support DPKG_ROOT (merged and uploaded)
- openssh: Fix GSS C25519 server blob bounds check (merged and uploaded)
- python-pyramid: CVE-2023-40587 Backport patch (merged and uploaded)