PR port-sparc64/60428
Just return instead of asserting that devhandle is DEVHANDLE_TYPE_OF.
This happens for USB disks (sd @ scsibus @ umass @ @ uhub @ usb) which
are not enumerated by the firmware.
Original patch from riastradh@ .
Apply the same for wd and fc-al as well.
libffi: updated to 3.7.0
3.7.0 adds three new public interfaces (ffi_call_plan_alloc,
ffi_call_plan_invoke, ffi_call_plan_free) additively, with no
existing interface removed or changed. Per the libtool rules:
increment current, reset revision, increment age (11:1:3 -> 12:0:4).
This keeps the change ABI backward-compatible; the soname stays
libffi.so.8 (current - age = 8).
py-testfixtures: updated to 12.3.0
12.3.0 (8 Jul 2026)
- Added :doc:`pydantic <pydantic>` support: a :func:`comparer <testfixtures.pydantic.compare_basemodel>`
for :class:`~pydantic.BaseModel` is automatically registered, and the ``testfixtures[pydantic]``
extra installs a compatible version.
- Added :class:`ReprComparison` and :func:`repr_like` for asserting an object's type along with its
:func:`repr`.
- Added :class:`StrComparison` and :func:`str_like` for asserting an object's type along with its
:class:`str`.
- Added :func:`mapping`, the typed helper for :class:`MappingComparison`.
- :func:`like` now accepts a regular expression, as a string or a compiled :class:`re.Pattern`,
returning a :class:`TextComparison` typed as a :class:`str`. :class:`TextComparison` can also
now be built directly from a compiled :class:`re.Pattern`.
[9 lines not shown]
py-flask-caching: updated to 2.4.1
2.4.1
- Use ``pallets_sphinx_themes`` for the documentation.
- Type ``CachedResponse.__init__`` so it doesn't trigger mypy ``[no-untyped-call]``
in strict downstream codebases. :issue:`628`
- Docs: clarify that ``@memoize`` uses ``repr(obj)``
(or ``__caching_id__``) for the ``self``/``cls`` identity, not Python's
:func:`id`. :issue:`555`
- Fix test failure with pytest 9.1. :issue:`651`
py-asn1: updated to 0.6.4
0.6.4, released 08-07-2026
- CVE-2026-59885 (GHSA-8ppf-4f7h-5ppj): Fixed quadratic time
complexity in the OBJECT IDENTIFIER and RELATIVE-OID decoders.
A small crafted substrate encoding many arcs could consume
excessive CPU. Arcs are now accumulated in linear time; decoded
values are unchanged (thanks for reporting, tynus2)
- CVE-2026-59884 (GHSA-m4p7-r5rc-7g4j): Limited BER long-form tag
IDs to 20 octets (140 bits), matching the OID arc limit introduced
in 0.6.2. Unbounded tag IDs allowed a crafted substrate to consume
excessive CPU and memory; longer tag IDs are now rejected with
PyAsn1Error. Also fixed Tag and TagSet repr() failing on huge tag
(thanks for reporting, mikeappsec)
IDs due to the integer-to-string conversion limit (Python 3.11+)
- CVE-2026-59886 (GHSA-hm4w-wwcw-mr6r): Fixed excessive memory and
CPU consumption in Real.__float__() for values with large base-10
exponents. Conversion no longer materializes huge intermediate
[7 lines not shown]
Verify signal delivery preserves various FPU state.
Should also test AVX512 but I'm not sure I have hardware handy to do
this right now and qemu doesn't emulate it, as far as I know! TBD.
(Plus: there's umpteen different cpuid feature bits to consider,
annoyingly, and that means a lot of manual reading to sort through
them.)
PR kern/60426: Signal handler corrupts AVX (YMM) registers
prusaslicer: update to 2.9.6
PrusaSlicer 2.9.6
Changes with respect to 2.9.6-rc1:
* Toolpath moves between FLUSH_START and FLUSH_END tags are now not shown in
the G-code preview.
* Fan speed was incorrectly being restored to the value belonging to wrong
filament when toolchange command was prepended by whitespace.
PrusaSlicer 2.9.6-rc1
Improvements with respect to 2.9.6-beta1
* Use area-dominant extruder instead of the default one when applying "Maximum
width of a segmented region".
* Incorporate filament_load_time and filament_unload_time into cooling
slowdown logic.
[66 lines not shown]
dev/ic/mpt_netbsd.c - another clang appeasement attempt
and change all strncat() (which were not what was intended)
into strlcat() which implement the original intent.
p5-ack: update to 3.10.0.
v3.10.0 Sun Jun 7 11:50:37 CDT 2026
========================================
[SECURITY]
CVE-2026-49147: filename ANSI escape sequences
CVE-2026-49146: project .ackrc -A -B -C memory exhaustion
CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration
[FIXES]
Fixed a bug where types set in the .ackrc could not be overridden from the
command line. Thanks, Dmitri Vereshchagin. (GH #393)
v3.9.0 Mon May 26 15:02:57 CDT 2025
========================================
The --not option can be used with either --and or --or.
The -g option can now use any of the boolean options, --and, --or or --not.
[39 lines not shown]
p5-YAML-PP: update to 0.41.0.
v0.41.0 2026-06-17 22:01:34+02:00
- tests: replace Test::Warn with Test::Warnings (PR #59, @haarg)
- Fix test suite tag data
v0.40.0 2026-04-24 16:51:28+02:00
- Security: Limit default allowed maximum nesting level.
Set it via new option 'max_depth'.
v0.39.0 2025-02-10 00:01:45+01:00
- Allow unknown tags again, reverting the previous change in v0.38.1 which
only was supposed to be a dev release
- Add new option require_footer
v0.38.1 2025-01-25 00:30:13+01:00
[17 lines not shown]
p5-Imager: update to 1.033.
Imager 1.033 - 7 July 2026
============
- fix mishandling of large EXIF IFD entry count values, treating them
as negative numbers. This could lead to an attempt to allocate a
block nearly the size of the address space, which fails and causes
an exit. Such counts are now treated as unsigned and caught either
when the multiplication result is checked, or when the end of the
IFD referenced memory is outside the EXIF block.
Thanks to cpan-security.
CVE-2026-14454
- JPEG: depend on Imager 1.033 for the EXIF fix.
- fix a thread context object reference count leak in the bumpmap and
bumpmap_complex filters.
[2 lines not shown]