Verify signal delivery preserves various FPU state.
Should also test AVX512 but I'm not sure I have hardware handy to do
this right now and qemu doesn't emulate it, as far as I know! TBD.
(Plus: there's umpteen different cpuid feature bits to consider,
annoyingly, and that means a lot of manual reading to sort through
them.)
PR kern/60426: Signal handler corrupts AVX (YMM) registers
prusaslicer: update to 2.9.6
PrusaSlicer 2.9.6
Changes with respect to 2.9.6-rc1:
* Toolpath moves between FLUSH_START and FLUSH_END tags are now not shown in
the G-code preview.
* Fan speed was incorrectly being restored to the value belonging to wrong
filament when toolchange command was prepended by whitespace.
PrusaSlicer 2.9.6-rc1
Improvements with respect to 2.9.6-beta1
* Use area-dominant extruder instead of the default one when applying "Maximum
width of a segmented region".
* Incorporate filament_load_time and filament_unload_time into cooling
slowdown logic.
[66 lines not shown]
dev/ic/mpt_netbsd.c - another clang appeasement attempt
and change all strncat() (which were not what was intended)
into strlcat() which implement the original intent.
p5-ack: update to 3.10.0.
v3.10.0 Sun Jun 7 11:50:37 CDT 2026
========================================
[SECURITY]
CVE-2026-49147: filename ANSI escape sequences
CVE-2026-49146: project .ackrc -A -B -C memory exhaustion
CVE-2026-49145: project .ackrc --follow / --files-from file exfiltration
[FIXES]
Fixed a bug where types set in the .ackrc could not be overridden from the
command line. Thanks, Dmitri Vereshchagin. (GH #393)
v3.9.0 Mon May 26 15:02:57 CDT 2025
========================================
The --not option can be used with either --and or --or.
The -g option can now use any of the boolean options, --and, --or or --not.
[39 lines not shown]
p5-YAML-PP: update to 0.41.0.
v0.41.0 2026-06-17 22:01:34+02:00
- tests: replace Test::Warn with Test::Warnings (PR #59, @haarg)
- Fix test suite tag data
v0.40.0 2026-04-24 16:51:28+02:00
- Security: Limit default allowed maximum nesting level.
Set it via new option 'max_depth'.
v0.39.0 2025-02-10 00:01:45+01:00
- Allow unknown tags again, reverting the previous change in v0.38.1 which
only was supposed to be a dev release
- Add new option require_footer
v0.38.1 2025-01-25 00:30:13+01:00
[17 lines not shown]
p5-Imager: update to 1.033.
Imager 1.033 - 7 July 2026
============
- fix mishandling of large EXIF IFD entry count values, treating them
as negative numbers. This could lead to an attempt to allocate a
block nearly the size of the address space, which fails and causes
an exit. Such counts are now treated as unsigned and caught either
when the multiplication result is checked, or when the end of the
IFD referenced memory is outside the EXIF block.
Thanks to cpan-security.
CVE-2026-14454
- JPEG: depend on Imager 1.033 for the EXIF fix.
- fix a thread context object reference count leak in the bumpmap and
bumpmap_complex filters.
[2 lines not shown]
www/freenginx-devel: update from 1.31.2 to 1.31.3
Sponsored by: tipi.work
<ChangeLog>
*) Feature: additional checks are now used during variable substitution,
including during execution of the ngx_http_rewrite_module directives,
to prevent buffer overruns in case of errors in the code.
*) Bugfix: if the "auth_request_set" directive or regular expression
named captures were used to change prefix variables, such as
"$http_...", corresponding variables became empty in other parts of
the configuration.
*) Bugfix: changing the $limit_rate and $args variables with the
"auth_request_set" directive or regular expression named captures
worked incorrectly.
[23 lines not shown]
go: update to 1.26.5 and 1.25.12 (security)
These releases include 2 security fixes following the security policy:
- os: Root escape via symlink plus trailing slash
On Unix systems, opening a file in an os.Root improperly
followed symlinks to locations outside of the Root when
the final path component of the a path is a symbolic link
and the path ends in /.
For example, root.Open("symlink/") would open "symlink" even when
"symlink" is a symbolic link pointing outside of the root.
On Unix, openat(fd, path, O_NOFOLLOW) will follow symlinks
in path when path ends in a /. Root failed to account for
this behavior, permitting paths with a trailing / to escape.
It now properly sanitizes the path parameter provided to openat.
[18 lines not shown]
py-mocket: updated to 3.14.2
3.14.2
tests: add tests for hexdump and hexload, including ValueError on invalid hex
Better can_handle_fun documentation
Raise an error when both can_handle_fun and match_querystring are used
carburetta: Update to 0.8.28
0.8.28 - 2026-01-11
- Will now emit #line so C/C++ compilation errors on generated code
will be located at the corresponding snippet code in the .cbrt input
file, where appropatiate. Use --nolinedir to disable.
- Can now emit a symbol_names[] table for all ordinal constants, this
can be useful when writing code that uses Carburetta's internal
structures more dynamically and you wish to emit debug information.
Only generated when --sym-names is specified.
- Instead of specifying a filename, you can now pass - (a dash) for
the filename and the grammar input will be read from stdin.
0.8.25 - 2025-04-14
- New 'visit' feature. When specifying either %visit or %visit_params
[87 lines not shown]
games/ajbsp: Update to 1.05
* support UDMF maps, creating XGL3 nodes
* better ability to embed as a library
* lots of code improvements, require C++11 now
* a facility for source ports: XWA files