PR bin/60248 Various fixes to shutdown
First, fix (in a slightly different way than suggested)
the incorrect use of (1 minutes) sometimes.
While here, add more error checking to the shutdown time
parsing, and fix -k to be what it was originally intended
to be, which was nothing like "kick the users off" (which
it didn't do, unless all the "shutdown coming" messages
scared them away), all it did was install /etc/nologin so
no-one could log in (from 5 mins before the scheduled time).
That's pointless, if you want to install a /etc/nologin, just
install it (cat >/etc/nologin).
The -k flag was intended to assist with debugging, "k" was for
"kidding" - shutdown goes though all the motions, writing
messages, writing to syslog, etc - but that's all it does,
no manipulation of /etc/nologin at all, and no actual shutting
[6 lines not shown]
PR lib/60249 add some casts, and #include <stdlib.h>
Casts needed for assigning size_t value to int variable.
bit_alloc() uses calloc under the hood, and is a macro, so
anything calling it needs to have <stdlib.h> in scope. The
doc doesn't indicate it is required of the application, so
include it from <bitstring.h>
arm/generic: use generic setstatclockrate
This allows us to get rid of the weak symbol hack in a9tmr since GENERIC is the only configuration with both a9tmr and gtmr active in one configuration. Configurations without __HAVE_GENERIC_SETSTATCLOCKRATE still get a setstatclockrate from the ifdef.
arm/fdt: introduce a generic setstatclockrate function
These changes lay the groundwork for cleaning up setstatclockrate implementations across arm timers.
Pull up the following, requested by christos in ticket #283:
external/ibm-public/postfix//dist/README_FILES/NON_BERKELEYDB_README up to
external/ibm-public/postfix//dist/README_FILES/REQUIRETLS_README up to
external/ibm-public/postfix//dist/conf/postfix-non-bdb-script up to
external/ibm-public/postfix//dist/html/NON_BERKELEYDB_README.html up to
external/ibm-public/postfix//dist/html/REQUIRETLS_README.html up to
external/ibm-public/postfix//dist/html/nbdb_reindexd.8.html up to
external/ibm-public/postfix//dist/html/postfix-non-bdb.1.html up to
external/ibm-public/postfix//dist/man/man1/postfix-non-bdb.1 up to
external/ibm-public/postfix//dist/man/man8/nbdb_reindexd.8 up to
external/ibm-public/postfix//dist/mantools/check-proxy-type-table up to
external/ibm-public/postfix//dist/proto/NON_BERKELEYDB_README.html up to
external/ibm-public/postfix//dist/proto/REQUIRETLS_README.html up to
external/ibm-public/postfix//dist/src/cleanup/cleanup_message_test.c up to
external/ibm-public/postfix//dist/src/global/ehlo_mask_test.c up to
external/ibm-public/postfix//dist/src/global/nbdb_clnt.c up to
external/ibm-public/postfix//dist/src/global/allowed_prefix.c up to
external/ibm-public/postfix//dist/src/global/allowed_prefix.h up to
[575 lines not shown]
py-hishel: updated to 1.2.1
What's Changed in 1.2.1
Miscellaneous Tasks
* explicitly set build backend by @karpetrosyan
What's Changed in 1.2.0
Refactoring
* improve sqlite concurrency by @karpetrosyan
Miscellaneous Tasks
* simplify pyproject.toml, use src layout by @karpetrosyan
Documentation
* mention support for Zapros HTTP Client by @karpetrosyan
[2 lines not shown]
py-subunit: updated to 1.4.6
1.4.6 (2026-05-04)
BUG FIXES
* Fix compatibility with testtools 2.8.2. (Jelmer Vernooij)
* Fix ``ExecTestCase`` to work without executable permissions on the
test script. (Jelmer Vernooij)
* Fix ``ExecTestCase`` to properly handle shell scripts. (Jelmer Vernooij)
IMPROVEMENTS
* Stop installing tests. (Jelmer Vernooij)
* Add ``subunit-combine`` script that runs multiple subunit-producing
commands and merges their streams, optionally prefixing each command's
[12 lines not shown]
redis: updated to 8.6.3
Redis 8.6.3 Released Tue 5 May 2026 16:00:00 IST
Update urgency: `SECURITY`: There are security fixes in the release.
Security fixes
- (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
- (CVE-2026-25243) Invalid memory access in `RESTORE` may lead to Remote Code Execution
- (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
- (CVE-2026-25588) Invalid memory access in `RESTORE` may lead to Remote Code Execution (Time Series)
- (CVE-2026-25589) Invalid memory access in `RESTORE` may lead to Remote Code Execution (Probabilistic)
Bug fixes
- `SUBSCRIBE`, `PSUBSCRIBE`, `SSUBSCRIBE`: crash on OOM (RED-167788)
- `CONFIG SET`: some settings allow invalid characters (RED-167787)
- `SCRIPT DEBUG`: potential crash on scripts (RED-175507)
[30 lines not shown]
doxygen: updated to 1.17.0
1.17.0
Features
Added support for Mermaid diagrams, via new commands @mermaid, @endmermaid, and @mermaidfile and new configuration options MERMAID_PATH, MERMAID_CONFIG_FILE, MERMAID_RENDER_MODE, MERMAID_JS_URL, MERMAIDFILE_DIRS
Added support for running dot on batches of dot graphs to reduce process creation overhead. Can be tuned via new option DOT_BATCH_SIZE.
issue 6926 Added support for documenting unnamed parameters
Improve multi-threading performance by avoiding mutex contention
Updated Portuguese, Polish and Greek translators to 1.16.0.
Add support for long path name (>260 characters) for Doxygen on Windows (embedded manifest file)
Added engines chart, nwdiag, packetdiag and project for PlantUML
Minor incompatibilities
Dropped the jQuery dependency.
expat: updated to 2.8.1
Release 2.8.1 Sun May 10 2026
Security fixes:
CVE-2026-45186 -- Fix quadratic runtime from attribute name
collision checks that allowed denial of service attacks
through moderately sized crafted XML input (CWE-407).
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
Other changes:
Drop more casts related to `void *` that C99 does not need
xmlwf: Streamline use of `mmap`
Version info bumped from 13:0:12 (libexpat*.so.1.12.0)
to 13:1:12 (libexpat*.so.1.12.1); see https://verbump.de/
for what these numbers do
unbound: updated to 1.25.0
1.25.0
Features
Merge 1337: 0 TTL cached replies and some TTL behavior changes.
TTL change: Cached records that reach TTL 0 are expired.
TTL change: TTL 0 upstream answers are no longer cached by cachedb, as they should.
TTL change: 'serve-expired-reply-ttl' is now capped by the original TTL value of the record to try and make some sense when replying with expired records.
TTL change: TTL decoding was updated to adhere to RFC8767 section 4 where a 'set high-order bit' means the value is positive instead of 0.
Merge 1374: Mesh reply counters. This adds the statistics num.queries.replyaddr_limit and requestlist.current.replies.
Introduce the 'log-thread-id' configuration option to manage logging the system-wide Linux thread ID for easier debugging with system tools.
Fix 1389: [FR] replacement with ECC-GOST12 according to RFC9558. Patch contributed by Igor V. Ruzanov, available in contrib/gost12.patch.
Merge 1411: Allow synthesized DNAME TTL=0 to be served from cache within grace period. The responses are served from cache within a 1-second grace period. Reduces recursion when authoritative servers return DNAME with TTL=0 (RFC 2308). Response still returns TTL=0 to clients. Adds a test for it.
Fix 278: DoT: complete unbound restart required on certificate renew. Fix so that a reload checks if the files have changed, and if so, reload the contexts. Also for DoH, DoQ and outgoing DoT.
For 278: fast_reload can reload tls-service-key, tls-service-pem and tls-cert-bundle changes. It checks the modification time of the tls-service-key and tls-service-pem files for update.
Fix to allow the control-interface config to use ip at port notation.
Fix to shorten RRSIG count in scrubber, this protects against an overly large number of RRSIGs. It can be configured with `iter-scrub-rrsig: 8`, it has default 8. Thanks to Yuxiao Wu, Tsinghua University for the report.
Introduce new 'tls-protocols' configuration option that specifies which of the supported TLS protocols will be used. TLSv1.2 is again enabled by default, but can be selectively turned off if desired (related to 1303).
Merge 1400: Support pthread_setname_np. Adds support for pthread_setname_np and variants to set the name on spawned threads for easier debugging/monitoring.
