{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreicqhqpjyw653x5oy2qs63itilty4v5gvxkpsnqcmtswyt3wyhvwmm",
"uri": "at://did:plc:46ti67tc37qcmwp2vaynk6fq/app.bsky.feed.post/3mlldcxxnr4b2"
},
"path": "/~cjwatson/blog/activity-2026-04.html",
"publishedAt": "2026-05-11T12:59:41.110Z",
"site": "https://www.chiark.greenend.org.uk",
"tags": [
"sponsored",
"Liberapay",
"GitHub Sponsors",
"lose data",
"initial merge request",
"CVE-2026-3497",
"BSA-130",
"proper API documentation",
"CVE-2026-39377",
"CVE-2026-39378",
"file conflicts",
"upstream discussion",
"python-libnacl: Depends on cruft package libsodium23",
"rust-minijinja",
"libfido2 1.17.0-1",
"python-backports.zstd: Obsolete with Python 3.14",
"python-better-exceptions 0.4.0-2"
],
"textContent": "My Debian contributions this month were all sponsored by Freexian.\n\nYou can also support my work directly via Liberapay or GitHub Sponsors.\n\n## dput-ng\n\nIan Jackson reported that dput-ng could lose data when using the local install method (relevant in tests of other packages, for instance) and filed an initial merge request to fix it. I improved this to isolate its tests properly, and uploaded it.\n\n## groff\n\nI upgraded from 1.23.0 to 1.24.1. 1.24.0 and 1.24.1 were the first upstream releases since 2023, and had extensive changes; I’d had the corresponding packaging changes in the works since January, but it took me a while to get round to finishing them off. It was good to get this off my list.\n\n## OpenSSH\n\nI released bookworm and trixie fixes for CVE-2026-3497, and issued the corresponding BSA-130 for trixie-backports.\n\nI upgraded from 10.2p1 to 10.3p1.\n\n## parted\n\nI upgraded from 3.6 to 3.7. 3.7 was the first upstream release since 2023, but the changes were nowhere near as extensive as groff, so this was a fairly quick job. I also fixed the parted-doc package to ship proper API documentation.\n\n## Python packaging\n\nNew upstream versions:\n\n * django-modeltranslation\n * nbconvert (fixing CVE-2026-39377 and CVE-2026-39378)\n * pydantic-extra-types\n * pydantic-settings\n * python-agate (fixing file conflicts)\n * python-nacl\n * zope.configuration\n * zope.interface\n\n\n\nI started an upstream discussion about how best to handle the pydantic and pydantic-core packages now that they share an upstream git repository.\n\nOther bug fixes:\n\n * python-libnacl: Depends on cruft package libsodium23\n\n\n\n## Rust packaging\n\nNew upstream versions:\n\n * rust-jiter\n * rust-minijinja\n\n\n\n## YubiHSM packaging\n\nI upgraded from 2.7.2 to 2.7.3.\n\n## Code reviews\n\n * libfido2 1.17.0-1 (sponsored upload for Patrick Winnertz, since their key had expired)\n * python-backports.zstd: Obsolete with Python 3.14 (sponsored upload for YOKOTA Hiroshi)\n * python-better-exceptions 0.4.0-2 (sponsored upload for Seyed Mohamad Amin Modaresi)\n\n",
"title": "Colin Watson: Free software activity in April 2026",
"updatedAt": "2026-05-11T12:25:58.000Z"
}