dpkg: updated to 1.23.7
1.23.7
* dpkg-deb: Remove ancient code to handle buggy old .deb format variants.
* Perl modules:
- Dpkg::Source::Package::V1: Do not print source root on modified files
list.
- Dpkg::Source::Package::V1: Fix building from within the source tree.
openldap: updated to 2.6.13
OpenLDAP 2.6.13 Release (2026/03/09)
Fixed liblber ber_bvreplace_x potential NULL dereference
Fixed libldap heap buffer overflow in parse_whsp
Fixed slap(add|modify) to not recreate config frontend
Fixed slapd authzPrettyNormal function memory leak
Fixed slapd memory leak in get_mra function
Fixed slapd memory leak in parseAssert and parseReturnFilter functions
Fixed slapd memory leak in parseReadAttrs function
Fixed slapd slapd_sasl_mechs race condition
Fixed slapd syncrepl to be more efficient with refresh task
Fixed slapd unbind/close race condition
Fixed slapd-ldap memory leak in ldap_chain_parse_ctrl function
Fixed slapd-mdb always initialize pausepoll
Fixed slapo-constraint to not propagate request controls to internal ops
Fixed slapo-dds minttl incorrectly set in certain scenarios
Fixed slapo-memberof to not propagate request controls to internal ops
Fixed slapo-nestgroup to not propagate request controls to internal ops
[7 lines not shown]
fast_float: updated to 8.2.4
8.2.4
This release can boost the performance by about 10% in some cases thanks to @kolemannix
Add more boundary test cases for double and float parsing
fix warning C4702: unreachable code
Mention C under other languages
A few inlines
libjwt: updated to 3.3.2
3.3.2
Patch release to fix symbol visibility for the JSON abstraction layer.
Build fix: Mark all JSON abstraction functions with JWT_NO_EXPORT to prevent them from being exported in the shared library's public symbol table. These are internal implementation details of the JSON backend abstraction (Jansson/json-c) and should not be visible to library consumers.
py-apsw: updated ot 3.52.0.0
3.52.0.0
Comprehensive async support - connections run in a dedicated worker thread with the event loop able to await the results.
asyncio, trio (note), and anyio (note) are supported and tested
Async callbacks can be used anywhere including:
scalar, window, and aggregate functions
virtual tables (only the methods you want)
apsw.ext.make_virtual_module()
VFS (again, only the methods you want)
the various other SQLite hooks
Cancellations and deadlines (timeouts) from the event loop apply to executing SQL as well as async callbacks
Type stubs as used by type checkers and IDEs reflect async usage
sqlite3: updated to 3.52.0
3.52.0
Fix the WAL-reset database corruption bug.
Enhance ALTER TABLE to permit adding and removing NOT NULL and CHECK constraints.
Add the Query Result Formatter (QRF) library for formatting the results of SQL queries for human readability on a fixed-pitch font screen.
Add the format method to the TCL Interface so that QRF is accessible from TCL.
QRF is used for result formatting in the CLI, resulting in improved display capabilities.
New built-in SQL functions: json_array_insert(), and jsonb_array_insert().
Renovations to the CLI:
Major enhancements to the .mode command.
Improved result formatting, due to the addition of the QRF extension. For example, numeric values are now right-justified by default in tabular output modes.
The default output mode for interactive CLI sessions now uses QRF to display query results in boxes formed using Unicode box-drawing characters, for improved legibility. Batch CLI sessions use the legacy output format for compatibility.
Bare (unquoted) semicolons at the end of dot-commands are silently ignored. ← Potential incompatibility!
Fix the .testcase and .check commands so that they actually work, and use those commands in scripts that part of the standard SQLite test suite included with the source tree.
Command-line arguments that match *.sql or *.txt and are the names of non-empty files are read and interpreted as scripts of SQL statements and/or dot-commands.
The argument to the ".timer" command can now be "once", to run the timer on only the next SQL statement.
The new "--timeout S" option to the ".progress" dot-command causes SQL statements to interrupt after S seconds.
[22 lines not shown]
py-pdf: updated to 6.8.0
6.8.0, 2026-03-09
Security (SEC)
- Limit allowed `/Length` value of stream
New Features (ENH)
- Add /IRT (in-reply-to) support for markup annotations
Documentation (DOC)
- Avoid using `PageObject.replace_contents` on PdfReader
- Document how to disable jbig2dec calls
py-pkgconfig: updated to 1.6.0
1.6.0
Drop support for Python < 3.9, support 3.9 .. 3.14.
README: clarify pkg-config and pkgconf
Switch CI from Travis to GitHub Actions; test on all supported Python versions.
Use src/ layout for project, fixes 36. Also move tests and test data to tests/.
Replace deprecated distutils with setuptools to make tests work on Python 3.12.
Fix configure_extension for empty cflags or libs.
py-pikepdf: updated to 10.5.0
v10.5.0
- Fixed logger in ``ctm`` module using ``__file__`` instead of ``__name__``,
which produced unhelpful log names. :issue:`712`
- Modernized README.
- Test all README code blocks instead of just one.
v10.4.0
- Enums are now proper Python ``enum.Enum``/``enum.IntFlag`` types (PEP 435
compliant), migrated from pybind11's deprecated ``py::enum_`` to
``py::native_enum``.
- Reimplemented the PDFDocEncoding codec in pure Python using the standard
library charmap pattern, removing the C++ dependency on qpdf for encoding.
- Upgraded to qpdf 12.3.2.
- Fixed incorrect docstrings for ``StreamDecodeLevel``. :issue:`708`
- Fixed type stubs: added PEP 570 positional-only markers, and corrected
``index()`` signature.
gource: updated to 0.56
0.56:
* Added --author-time option (onlyJakob).
* Fixed build with Boost 1.89.0 by no longer linking boost system.
* Increased minimum required version of Boost to 1.69.
* Request compatibility profile when creating OpenGL context.
graphviz: updated to 14.1.3
14.1.3 – 2026-03-02
Changed
- Using long node names in combination with the fdp layout algorithm no longer
results in truncated generated names.
- Vertical centering of text within HTML-like table cells has been improved.
- The existing ability to provide a numeric parameter to `-v`
to specify verbosity level are newly documented in `dot --help`.
Fixed
- `gvmap` no longer dereferences a null pointer when reading position-less
graphs.
- `gvmap` no longer crashes when adding coordinate data.
- `mm2gv` no longer accepts input matrices with non-`real` element type.
Previously these would be accepted but processed incorrectly leading to
[21 lines not shown]
py-tornado: updated to 6.5.5
What's new in Tornado 6.5.5
Security fixes
- ``multipart/form-data`` requests are now limited to 100 parts by default, to prevent a
denial-of-service attack via very large requests with many parts. This limit is configurable
via `tornado.httputil.ParseMultipartConfig`. Multipart parsing can also be disabled completely
if not required for the application. Thanks to [0x-Apollyon](https://github.com/0x-Apollyon) and
[bekkaze](https://github.com/bekkaze) for reporting this issue.
- The ``domain``, ``path``, and ``samesite`` arguments to `.RequestHandler.set_cookie` are now
validated for illegal characters, which could be abused to inject other attributes on the cookie.
Thanks to Dhiral Vyas (Praetorian) for reporting this issue.
- Carriage return characters are no longer accepted in ``multipart/form-data`` headers. Thanks to
[sergeykochanov](https://github.com/sergeykochanov) for reporting this issue.
py-setuptools: updated to 82.0.1
82.0.1
Bugfixes
Fix the loading of launcher manifest.xml file.
Replaced deprecated json.__version__ with fixture in tests.
Improved Documentation
Add advice about how to improve predictability when installing sdists.
py-acme py-certbot*: updated to 5.4.0
5.4.0 - 2026-03-10
Added
- The webroot plugin now supports IP address issuance.
Changed
- certbot-nginx now requires pyparsing>=3.0.0.
nginx-devel: updated to 1.29.6
Changes with nginx 1.29.6 10 Mar 2026
*) Feature: session affinity support; the "sticky" directive in the
"upstream" block of the "http" module; the "server" directive
supports the "route" and "drain" parameters.
*) Change: now nginx limits the size and rate of QUIC stateless reset
packets.
*) Bugfix: receiving a QUIC packet by a wrong worker process could cause
the connection to terminate.
*) Bugfix: "[crit] cache file ... contains invalid header" messages
might appear in logs when sending a cached HTTP/2 response.
*) Bugfix: proxying to scgi backends might not work when using chunked
transfer encoding and the "scgi_request_buffering" directive.
[9 lines not shown]
ppsspp ppsspp-qt libretro-ppsspp: updated to 1.20.2
What's new in 1.20.2
Improved server list for ad hoc multiplayer, dynamically updated and you can now add/remove entries
Fix broken multitouch on iOS with OpenGL
Ad hoc relay connection improvements
Fix a lot of minor UI issues
Fix background image selection on Android and iOS
Fix file permission issue on iOS
Add a "hold" version of axis swap toggle
Fix regression in Gripshift
Fix crash on audio device switch on Windows
Fix timing glitches in gamepad input on Windows
And other assorted fixes.