neomutt: update to 20260616.
2026-06-16 Richard Russon \<rich at flatcap.org\>
* Security
- #4900 bcache: sanitize mailbox names that escape the cache dir
- #4901 auth_gss: fix out-of-bounds read of GSS security token
* Bug Fixes
- #4866 Fix broken message-hook in the pager
- #4869 Fix duplicate "no mail" message
- #4874 Restore the `-C` command-line flag
- #4882 Refresh notmuch tag completion cache, and fix a tag completion crash
- #4893 Fix index-format-hook parsing
- #4897 Allow `<entire-thread>` from any mailbox type, and fix a related crash
- email: fix header rewind after mbox separator
- imap: retry login after a failure
- maildir/notmuch: fix memory leak
- config: fix inherited has_been_set
- main: fix inverted condition in init_nntp
* Code
- test: fix conddate after 2038
khard: update to 0.21.0.
v0.21.0 2026-06-15
- Remove support for python 3.9
- Fix bug skipping config's skip_unparsable setting (#355)
- Fix special handling for ambiguous date formats (#349)
- Add failing test for partial date with leap day
- Remove the autodoc typehints extension in sphinx
qbittorrent: update to 5.2.2.
Mon Jun 15th 2026 - sledgehammer999 <sledgehammer999 at qbittorrent.org> - v5.2.2
- FEATURE: Use D-Bus to show file in file managers (Chocobo1) #24340
- BUGFIX: Fix friendlyUnitCompact precision calculation (vafada) #24323
- BUGFIX: Remove all top-level folders (glassez) #24333
- BUGFIX: Use proper API for checking exit status (Chocobo1) #24349
- BUGFIX: Delete stale lockfile when hostname mismatch (TurboTheTurtle, glassez) #24363
- BUGFIX: Fix wrong removal procedure of watched folder paths (Chocobo1) #24413
- BUGFIX: Don't reannounce before interface changes are applied (glassez) #24447
- BUGFIX: Use Latin script for Bosnian locale name (Andy Ye) #24342
- WEBUI: Fix performance of global checkbox toggling (tehcneko) #24316
- WEBUI: Fix Safari transfer list header misalignment (Piccirello) #24377
- WEBUI: Fix error when submitting magnet before metadata loads (Piccirello) #24378
- WEBUI: Use correct row id when updating Rss Downloader feed selection (Chocobo1) #24402
- WEBUI: Use SameSite=Lax for session cookie to fix cross-site login (Piccirello) #24422
- WEBUI: Bring back properties panel expand/collapse button (vafada) #24430
- WEBAPI: Only use X-Forwarded-Host header when reverse proxy support is enabled (Chocobo1) #24457
- RSSS: Fix "RSS Smart Episode Filter" RegEx (nathanon-akk, glassez) #24398
[3 lines not shown]
nginx: Update to 1.30.3
Changes with nginx 1.30.3 17 Jun 2026
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with "ignore_invalid_headers off;"
and "large_client_header_buffers" with large configured values when
proxying a specially crafted request to HTTP/2 or gRPC backend,
allowing an attacker to cause worker process memory corruption or
segmentation fault in a worker process (CVE-2026-42055).
Thanks to Mufeed VH of Winfunc Research.
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially sent response with decoding from
UTF-8 via the "charset_map" directive, allowing an attacker to cause
a limited disclosure of worker proccess memory or segmentation fault
in a worker process (CVE-2026-48142).
Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.
(devel/R-testthat) Updated 3.2.3 to 3.3.2, Fix build against R-4.6.0
# testthat 3.3.2
----------------
* testthat now emits OpenTelemetry traces for tests when tracing is
enabled. Requires the otel and otelsdk packages (#2282).
* `default_parallel_reporter()` is no longer exported; use
`default_reporter(parallel = TRUE)` instead (#2305).
* `expect_snapshot()` once again reports the original error class for
base errors, rather than `rlang_error` (#2286).
* `expect_snapshot_file()` once again works with shinytest2 on CI
(#2293, #2288).
* `expect_snapshot_file()` correctly reports file name if duplicated
(@MichaelChirico, #2296).
[232 lines not shown]
(math/R-nimble) Updated 1.3.0 to 1.4.2, Fix build against R-4.6.0
# CHANGES IN VERSION 1.4.2 (March 2026)
## USER LEVEL CHANGES
- Improve efficiency of `findSamplersOnNodes`, which is used in finding
samplers assigned to node(s) (PR #1614; thanks to 'hoxo-m').
## DEVELOPER LEVEL CHANGES
- Switch to using `R_getVar` and `R_getVarEx` in place of `Rf_findVar` and
`Rf_findVarInFrame` in C++ code at request of CRAN (PR #1616).
# CHANGES IN VERSION 1.4.1 (February 2026)
## USER LEVEL CHANGES
- Add a new sampler to sample portions of a multivariate normal node when some
[136 lines not shown]
