py-hishel: updated to 1.2.1
What's Changed in 1.2.1
Miscellaneous Tasks
* explicitly set build backend by @karpetrosyan
What's Changed in 1.2.0
Refactoring
* improve sqlite concurrency by @karpetrosyan
Miscellaneous Tasks
* simplify pyproject.toml, use src layout by @karpetrosyan
Documentation
* mention support for Zapros HTTP Client by @karpetrosyan
[2 lines not shown]
py-subunit: updated to 1.4.6
1.4.6 (2026-05-04)
BUG FIXES
* Fix compatibility with testtools 2.8.2. (Jelmer Vernooij)
* Fix ``ExecTestCase`` to work without executable permissions on the
test script. (Jelmer Vernooij)
* Fix ``ExecTestCase`` to properly handle shell scripts. (Jelmer Vernooij)
IMPROVEMENTS
* Stop installing tests. (Jelmer Vernooij)
* Add ``subunit-combine`` script that runs multiple subunit-producing
commands and merges their streams, optionally prefixing each command's
[12 lines not shown]
redis: updated to 8.6.3
Redis 8.6.3 Released Tue 5 May 2026 16:00:00 IST
Update urgency: `SECURITY`: There are security fixes in the release.
Security fixes
- (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
- (CVE-2026-25243) Invalid memory access in `RESTORE` may lead to Remote Code Execution
- (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
- (CVE-2026-25588) Invalid memory access in `RESTORE` may lead to Remote Code Execution (Time Series)
- (CVE-2026-25589) Invalid memory access in `RESTORE` may lead to Remote Code Execution (Probabilistic)
Bug fixes
- `SUBSCRIBE`, `PSUBSCRIBE`, `SSUBSCRIBE`: crash on OOM (RED-167788)
- `CONFIG SET`: some settings allow invalid characters (RED-167787)
- `SCRIPT DEBUG`: potential crash on scripts (RED-175507)
[30 lines not shown]
doxygen: updated to 1.17.0
1.17.0
Features
Added support for Mermaid diagrams, via new commands @mermaid, @endmermaid, and @mermaidfile and new configuration options MERMAID_PATH, MERMAID_CONFIG_FILE, MERMAID_RENDER_MODE, MERMAID_JS_URL, MERMAIDFILE_DIRS
Added support for running dot on batches of dot graphs to reduce process creation overhead. Can be tuned via new option DOT_BATCH_SIZE.
issue 6926 Added support for documenting unnamed parameters
Improve multi-threading performance by avoiding mutex contention
Updated Portuguese, Polish and Greek translators to 1.16.0.
Add support for long path name (>260 characters) for Doxygen on Windows (embedded manifest file)
Added engines chart, nwdiag, packetdiag and project for PlantUML
Minor incompatibilities
Dropped the jQuery dependency.
expat: updated to 2.8.1
Release 2.8.1 Sun May 10 2026
Security fixes:
CVE-2026-45186 -- Fix quadratic runtime from attribute name
collision checks that allowed denial of service attacks
through moderately sized crafted XML input (CWE-407).
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
Other changes:
Drop more casts related to `void *` that C99 does not need
xmlwf: Streamline use of `mmap`
Version info bumped from 13:0:12 (libexpat*.so.1.12.0)
to 13:1:12 (libexpat*.so.1.12.1); see https://verbump.de/
for what these numbers do
unbound: updated to 1.25.0
1.25.0
Features
Merge 1337: 0 TTL cached replies and some TTL behavior changes.
TTL change: Cached records that reach TTL 0 are expired.
TTL change: TTL 0 upstream answers are no longer cached by cachedb, as they should.
TTL change: 'serve-expired-reply-ttl' is now capped by the original TTL value of the record to try and make some sense when replying with expired records.
TTL change: TTL decoding was updated to adhere to RFC8767 section 4 where a 'set high-order bit' means the value is positive instead of 0.
Merge 1374: Mesh reply counters. This adds the statistics num.queries.replyaddr_limit and requestlist.current.replies.
Introduce the 'log-thread-id' configuration option to manage logging the system-wide Linux thread ID for easier debugging with system tools.
Fix 1389: [FR] replacement with ECC-GOST12 according to RFC9558. Patch contributed by Igor V. Ruzanov, available in contrib/gost12.patch.
Merge 1411: Allow synthesized DNAME TTL=0 to be served from cache within grace period. The responses are served from cache within a 1-second grace period. Reduces recursion when authoritative servers return DNAME with TTL=0 (RFC 2308). Response still returns TTL=0 to clients. Adds a test for it.
Fix 278: DoT: complete unbound restart required on certificate renew. Fix so that a reload checks if the files have changed, and if so, reload the contexts. Also for DoH, DoQ and outgoing DoT.
For 278: fast_reload can reload tls-service-key, tls-service-pem and tls-cert-bundle changes. It checks the modification time of the tls-service-key and tls-service-pem files for update.
Fix to allow the control-interface config to use ip at port notation.
Fix to shorten RRSIG count in scrubber, this protects against an overly large number of RRSIGs. It can be configured with `iter-scrub-rrsig: 8`, it has default 8. Thanks to Yuxiao Wu, Tsinghua University for the report.
Introduce new 'tls-protocols' configuration option that specifies which of the supported TLS protocols will be used. TLSv1.2 is again enabled by default, but can be selectively turned off if desired (related to 1303).
Merge 1400: Support pthread_setname_np. Adds support for pthread_setname_np and variants to set the name on spawned threads for easier debugging/monitoring.
luanti: update to 5.16.1
5.16.1:
Fixed bug introduced in 5.16.0 with water rendering
5.16.0:
Deprecations and compatibility notes
- Writing to mod directories is now disallowed
Client / Audiovisuals
- Texture pack override.txt now supports overriding overlay tiles
- Restore inventory cube (item mesh) shading
- Fixed incorrect animation state when placing nodes quickly
- Fixed a graphical issue where the fog incorrectly changed the
color of semi-transparent particles
- Support more mouse buttons (beyond X2)
- Add keybinds for camera movement
- Formspec: Bug fixes related to inventory list interactions
- Formspec: Focus behavior improvements
[44 lines not shown]
haproxy: updated to 3.3.9
3.3.9
- BUG/MINOR: sink: do not free existing sinks on allocation error
- BUG/MINOR: vars: make parse_store() return error on var_set() failure
- BUG/MINOR: vars: don't store the variable twice with set-var-fmt
- BUG/MINOR: vars: only print first invalid char in fill_desc()
- BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx()
- BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect
- BUG/MINOR: acl: fix a possible arg corruption in smp_fetch_acl_parse()
- BUG/MINOR: map: do not leak a map descriptor on load error
- CLEANUP: map/cli: fix some map-related help messages
- BUG/MINOR: pattern: release the reference on failure to load from file
- CI: github: add DEBUG_STRICT=2 to ASAN jobs
- BUG/MEDIUM: mux-h2: fix the body_len to check when parsing request trailers
- BUG/MAJOR: mux-h2: preset MSGF_BODY_CL on H2_SF_DATA_CLEN in h2c_dec_hdrs()
- BUG/MINOR: dns: always validate the source address in responses
- BUG/MINOR: tcpcheck: Properly report error for http health-checks
- BUG/MINOR: resolvers: Free new requester on error when linking a resolution
[17 lines not shown]
ugrep: updated to 7.8.1
7.8.1
Fixed two issues:
fix 545 --disable-avx512 tested and working
fix 544 (same as 537) a bug in the ugrep v7.6 ~ v7.8 (since March 5, 2026) that can't handle very long lines in huge files properly, outputting uninitialized input file buffer contents as if part of the matching line or contents read after the input file buffer as if part of the matching line.
taglib: updated to 2.3
TagLib 2.3 (May 10, 2026)
* MP4: Support for chapters (Nero and QuickTime).
* WAV: Support for BEXT and iXML chunks.
* FLAC: Support for BEXT and iXML application blocks.
* Opus: New audio property `outputGain()`.
* Speed up Matroska reading by using seek head for element lookup.
* Speed up Matroska writing by offering multiple write style modes.
* More tolerant handling of files with oversized RIFF chunks, zero size ID3v2
frames and Matroska chapters without edition.
* Avoid wrong content-based detection as MPEG files.
* Fix bitrate calculations for MPEG ADTS and MP4 ESDS.
* Fix data race with multi-threaded use of `MP4::ItemFactory`.
* Fix unbounded recursion in EBML/Matroska `MasterElement` and MP4 atoms.
* Limit number of MP4 atoms at top level.
* Fix writing too many offsets when updating MP4 stco/co64 atoms.
* Fix k bounds in Shorten Rice-Golomb coding.
py-asyncssh: updated to 2.23.0
Release 2.23.0 (8 Feb 2026)
* Added support for "Match localnetwork". Thanks go to Théophile Bastian
for reporting this new match type, added in OpenSSH 9.4.
* Enabled support for RSA with SHA-2 signatures in ssh-agent and Pageant.
Thanks go to GitHub user Netzvamp for reporting this.
* Changed MAC algorithm negotation to be skipped when using AEAD ciphers.
Thanks go to GitHub user LilleCarl for reporting this issue and
suggesting a potential fix.
* Improved graceful termination when using ProxyCommand, waiting for
the ProxyCommand tunnel to close when cleaning up a connection. Thanks
go to Simon Liétar for reporting this issue and helping to investigate
possible solutions.
[20 lines not shown]
py-gssapi: updated to 1.11.1
1.11.1
Add Free-Threading and Limited API/Stable ABI
Fix up classifier from typo
1.11.0
Add Free-Threading and Limited API/Stable ABI
