py-pydantic-settings: updated to 2.14.0
2.14.0
Fix parsing env vars into Optional Strict types
Fix RecursionError with mutually recursive models in CLI
Fix env_file from model_config ignored in CliApp.run()
Update dependencies
Add Dependabot configuration
Bump samuelcolvin/check-python-version from 4.1 to 5
Bump actions/upload-artifact from 4 to 7
Bump actions/checkout from 4 to 6
Bump astral-sh/setup-uv from 5 to 7
Bump actions/setup-python from 5 to 6
Ignore chardet and group GitHub Actions in Dependabot
Bump actions/download-artifact from 4 to 8 in the github-actions group
Bump the python-packages group with 2 updates
Support reading .env files from FIFOs (e.g. 1Password Environments)
Fix AliasChoices ignored when changing provider priority
[20 lines not shown]
postgresql-timescaledb: updated to 2.26.4
2.26.4
Sanitize `DT_NOBEGIN` next_start to recover jobs stuck after primary failover
Fix `now()` constification for continuous aggregate queries
Fix out of memory when propagating `ALTER TABLE` to many chunks
Fix `InstrStartNode` called twice in a row
Fix use-after-free of `PlaceHolderVar.phrels` in cached ChunkAppend plans
Fix `PlaceHolderVar` error in runtime chunk exclusion
Remove stale hypertable entries during upgrade
Fix segfault with transition tables after column drop
Use `DROP CASCADE` for trigger removal
Error when querying compressed chunks under Apache license
Make `timescaledb_post_restore()` reliably restart background workers in a single call
Fix lost orderby sparse index
Replace `ERRCODE_INTERNAL_ERROR` on user-reachable error paths
Add Error on missing custom job function in `ts_bgw_job_get_funci`
Fix data corruption when merging chunks with different compression settings
[5 lines not shown]
libgsf: updated to 1.14.57
1.14.57
* Fix problems with ole files bigger than 4G.
* Document property fix.
* Introspection fixes.
* Make gzip, bzip, zip handle 4G+ writes.
* Make gzip, bzip, zip handle 4G+ reads.
* Improve testing.
* Ole performace improvements with loads of children.
gurk: update to 0.9.3.
0.9.3
Remove stray previous() in select_next_channel (#533)
0.9.2
Features
Message deletion support (delete for everyone + delete for me) (#519)
Show typing indicator in channel list (#520)
Add ctrl+l to force full screen redraw (#521)
Disappearing messages support (#522)
Separate draft input per channel (#524)
Bug Fixes
Handle incoming edit messages from other users (#518)
[9 lines not shown]
sccache: updated to 0.15.0
sccache 0.15.0 brings several notable improvements:
Multi-tier caching: New support for layered caches with fallback and automatic backfilling between tiers
C++20 modules: Initial (partial) support for compiling C++20 modules
Expanded MSVC support: New flags handled including d1nodatetime, await:strict
New platforms: loongarch64 support
ccache interop: Avoid double-caching when ccache is also installed in PATH
Cargo integration: CARGO_ENCODED_RUSTFLAGS is now excluded from the env var hash to prevent spurious cache misses
Distribution: cargo-binstall metadata for prebuilt binary installation
Reliability fixes: GCS initialization
py-sip6: updated to 6.15.3
v6.15.3
Bug fixes
Fixed the handling of virtuals that return enums with a non-int base type.
A regression in v6.15.2 that caused a crash if MinimumABIVersion was not specified was fixed.
Deprecations
The use of the %MinimumABIVersion directive will be required in SIP v7. Failing to use it now results in a deprecation warning.
Testing
The tests now amend CXXFLAGS instead of overwriting them. This fixes blhc (build log hardening check) in Debian.
qt6-qtwebengine: updated to 6.11.0
The 6.11 release for Qt Framework is now available, with improved performance,
newly supported techniques and capabilities on graphics, connectivity and
languages, not to mention a whole new approach to asynchronous C++ coding. Take
a closer look.
https://www.qt.io/blog/qt-6.11-released
qt6: updated to 6.11.0
The 6.11 release for Qt Framework is now available, with improved performance,
newly supported techniques and capabilities on graphics, connectivity and
languages, not to mention a whole new approach to asynchronous C++ coding. Take
a closer look.
https://www.qt.io/blog/qt-6.11-released
Enable __USE_TOPDOWN_VM; this was set on sun2 and sun3, but somehow
forgotten on the rest of m68k. (Seriously, why is this even optional?)
Tested on both Utah and new pmap.
inetutils: update to 2.8.
# Noteworthy changes in release 2.8 (2026-04-29) [stable]
** telnetd no longer supports the --debug (-D) option. Previously, it
would open a predictable file name at /tmp/telnet.debug, following it if
it were a symbolic link. The data printed to it could also be
controlled by a client. These behaviors could be combined to result in
a local privilege escalation. Reported by Justin Swartz in
<https://lists.gnu.org/r/bug-inetutils/2026-03/msg00040.html>.
Guillem Jover also mentioned that another user can create the file
before telnetd does, keep the file open, and snoop on sessions which may
include credentials in
<https://lists.gnu.org/r/bug-inetutils/2026-03/msg00048.html>.
** telnet no longer leaks the value of unexported environment variables
to servers sending the NEW-ENVIRON SEND USERVAR command.
Reported by Justin Swartz in
<https://www.openwall.com/lists/oss-security/2026/03/13/1>.
[55 lines not shown]
gnutls: update to 3.8.13.
* Version 3.8.13 (released 2026-04-29)
** libgnutls: Add more checks to DTLS reassembly
Previously, gnutls didn't check that DTLS fragments claimed
a consistent message_length value.
Additionally, a crucial array size check was missing,
enabling an attacker to cause a heap overwrite.
Reject fragments with mismatching length and add a missing boundary check.
Independently reported by
Haruto Kimura (Stella), Oscar Reparaz and Zou Dikai.
[GNUTLS-SA-2026-04-29-1, CVSS: high] [CVE-2026-33846]
** libgnutls: Fix qsort comparator in DTLS reassembly
The comparator function used for ordering DTLS packets
by sequence numbers did not follow qsort comparator contracts
in case of packets with duplicate sequence numbers,
which could lead to unstable ordering or undefined behaviour.
[197 lines not shown]
