xsetroot: update to 1.1.4.
Alan Coopersmith (8):
-help should exit(0) not (1)
Accept --help & --version as aliases to -help & -version
Improve man page formatting
man page: fix warnings from `mandoc -T lint`
gitlab CI: drop the ci-fairy check-mr job
Strip trailing whitespace from source files
meson: Add option to build with meson
xsetroot 1.1.4
xset: update to 1.2.6.
Alan Coopersmith (6):
Add -help option
Improve man page formatting
man page: fix warnings from `mandoc -T lint` and `groff -rCHECKSTYLE=10`
gitlab CI: drop the ci-fairy check-mr job
meson: Add option to build with meson
xset 1.2.6
Bjarni Ingi Gislason (1):
xset.1: some editorial changes for this man page [Debian bug #1072502]
xrefresh: update to 1.1.1.
Alan Coopersmith (10):
Assume target platforms have strcasecmp now
Use _stricmp() instead of strcasecmp() on Windows
Accept --help & --version as aliases to -help & -version
Improve man page formatting
man page: fix warnings from `mandoc -T lint`
man page: add -delay & -help options
gitlab CI: drop the ci-fairy check-mr job
Strip trailing whitespace from source files
meson: Add option to build with meson
xrefresh 1.1.1
xrdb: update to 1.2.3.
Alan Coopersmith (8):
Accept --help & --version as aliases to -help & -version
Make -help exit with 0 instead of 1
Improve man page formatting
man page: fix warnings from `mandoc -T lint`
gitlab CI: drop the ci-fairy check-mr job
meson: Add option to build with meson
Git rid of -Wstringop-truncation warnings
xrdb 1.2.3
p11-kit: updated to 0.26.4
0.26.4
Build fix
Update translations
0.26.3
server: fixed stack exhaustion via unbounded recursion in RPC attribute parsing by enforcing a recursion depth limit (CVE-2026-13757)
fixed confusing error message when trying to store an existing cert with trust anchor
fixed assert when parsing p11-kit files with value (")
fixed numerous memory management issues
Build and test fixes
libffi: updated to 3.7.1
3.7.1
Fix aarch64 ffi_call memory corruption when passing many large
structs by value.
Fix i386 thiscall/fastcall closure stack cleanup for 64-bit
integer and struct arguments.
Fix aarch64 int128 argument split between x7 and the stack on
Darwin
Fix aarch64 clang-cl link failure for HFA helper functions
Build a generic ffi_call_plan fallback on Windows x86-64.
Add Windows ARM64 (MSVC) build and continuous integration support.
resterm: Update to 0.46.2
v0.46.2
What' New
When the update check finds a newer version, the version section of the status bar shows both your current version and the latest one, joined by a "?" icon. Example: ? v0.46.1 ? v0.46.2
Increased startup latency animation to 1s.
v0.46.1
This release rebuilds how resterm updates itself. Downloads are now verified end to end against checksums served by the GitHub release API, the new binary has to prove it is the right release before it replaces the current one.
Verified self-updates
resterm --update now verifies every download against the sha256 digest the GitHub release API publishes for each asset. There is no separate checksum file to fetch anymore - the expected hash arrives with the release metadata and the downloaded binary must match it exactly.
Verification is mandatory. A missing digest, a size mismatch or a checksum mismatch aborts the update and leaves the current install untouched.
As a final check, the downloaded binary is executed with --version and must report the release it claims to be before it is moved into place.
The new binary is staged next to the current one and swapped in with an atomic rename. On Windows the update now installs in place instead of waiting for a restart: the previous executable stays beside the new one as resterm.exe.old and is cleaned up by the next update once no process is still running it.
Safer installs
install.sh and install.ps1 verify the downloaded binary against the release API digest before installing and refuse to install when the checksum does not match.
[4 lines not shown]
py-tzdata: updated to 2026.3
2026.3
Briefly:
Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on
2026-09-20. More integer overflow bugs have been fixed in zic.
py-discid: updated to 1.4.2
Changes in 1.4.2 (2026-07-10):
* Provide Python wheel on PyPI.
* Removed remaining Python 2 specific code from ``util.py``.
cargo-deny: updated to 0.20.2
0.20.2
Fixed
- fixed snapshot filenames on Windows which caused the release binary publish to fail...again.
0.20.1
Fixed
- fixed snapshot filenames on Windows which caused the release binary publish to fail.
0.20.0
Changed
- refactored the CLI, moving some duplicated options/flags into the root and removing several deprecated options/flags/values. See the PR for a full list of changes.
Added
- resolved 873 by adding a new [`bans.std-replacements`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-std-replacements-field-optional) lint which checks the graph for crates.io sourced crates that have been partially or fully replaced in `std` and/or `core`.
Fixed
- resolved 765 by respecting non-default build script paths in manifests.
- resolved 874 by cleaning up the CLI, deduplicating some options/flags that caused bug in the `list` subcommand.
py-cffi: updated to 2.1.0
2.1.0
Added the cffi-gen-src command-line tool (also invocable as python -m cffi.gen_src), which generates CFFI C extension source code, so that a build backend such as meson-python can build the extension. See Generating C Sources for CFFI Extensions for details. Integrated from the cffi-buildtool project by Rose Davidson.
Added support for arm64 iOS wheels.
Dropped support for Python 3.9.
Added support for Python 3.15 and support for C extensions generated by CFFI to target the new abi3t free-threaded ABI.
Avoid crashes inside of __delitem__.
Avoid “string too big” error under MSVC.
Fix mingw builds.
py-build: updated to 1.5.1
1.5.1 (2026-07-09)
Features
- Add ``--report=PATH`` to write a machine-readable JSON report of built artifacts; ``--metadata`` now also accepts
``.whl`` files - by :user:`gaborbernat` (:issue:`198`)
- The ``srcdir`` argument now accepts ``.tar.gz`` source distributions, extracting and building from them - by
:user:`gaborbernat` (:issue:`311`)
- The "Unmet dependencies" error from ``--no-isolation`` builds now shows the wanted version, found version, and
interpreter - by :user:`gaborbernat` (:issue:`504`)
- Add ``--sdist-extract-dir`` to extract the intermediate sdist into a persistent directory, enabling compiler cache reuse
across rebuilds - by :user:`gaborbernat` (:issue:`614`)
- Add ``--env-dir`` to place the isolated build environment at a fixed path, enabling compiler cache reuse across builds -
by :user:`gaborbernat` (:issue:`655`)
- Print a summary of resolved dependency versions (``name==version``) after installing them in isolated builds - by
:user:`gaborbernat` (:issue:`959`)
- On build failure, print a tip pointing to ``--env-dir`` and ``--sdist-extract-dir`` for debugging and link to the "Debug
[26 lines not shown]
memcached: updated to 1.6.45
1.6.45
Fixes
proxy: extra warning for user config error
proto: convert more strto calls
proto: meta preparse F flag fix
proxy: fix res:line() returning wrong response
proxy: fix overread of spaces for large gets
ascii: safely convert flag args to numerics
ascii: fix unlocked refcount-- on error path
proxy: key filter null byte written to wrong place
proxy: fix detail len clamp in request logging
proxy: enforce minimum rate limit
ascii: fix refcount leak on ms parse error
proxy: reserve enough log space for proxy BE_EVENT
network: fix segfault on OOM during net read
[16 lines not shown]
rclone: updated to 1.74.4
1.74.4
Bug Fixes
accounting
Fix goroutine leak in ResetCounters (Nick Craig-Wood)
Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs (Sanjays2402)
archive extract: Fix path traversal letting archives escape the destination CVE-2026-59732 (Nick Craig-Wood)
build
Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood)
CVE-2026-39822: os: Root escape via symlink plus trailing slash
CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak
Update golang.org/x/image to v0.43.0 to fix image decoding vulnerabilities (Nick Craig-Wood)
CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip offset
CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile sizes
CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch
CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms
cmd/mount2
[43 lines not shown]
py-django5: updated to 5.2.16
Django 5.2.16 fixes three security issues with severity “low” in 5.2.15.
CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
CVE-2026-53877: Heap buffer over-read in GDALRaster
CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input
py-django: updated to 6.0.7
6.0.7
Django 6.0.7 fixes three security issues with severity “low” and one bug in 6.0.6.
CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
CVE-2026-53877: Heap buffer over-read in GDALRaster
CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input
Bugfixes
Fixed a regression in Django 6.0 where the PBKDF2 and MD5 password hashers
raised UnicodeDecodeError for bytes passwords that were not valid UTF-8.
Passwords supplied as str or as UTF-8 bytes are unaffected