biology/openbabel: update to 3.2.0
This release reflects the latest stable version, including multiple feature enhancements and many, many bug fixes. It is backwards compatible with 3.0 and 3.1.
We anticipate more bug-fix releases over the course of 2026 and appreciate the many contributions and reports from everyone.
Major Features and Fixes
Many memory and crash bugs fixed, thanks to OSS-Fuzz (Google) for infrastructure, including Cisco TALOS, Trail of Bits, ADA Logics, and Claude Mythos for bug reports. At the moment, all reported bugs are fixed.
L-BFGS optimizer added to OBForceField (internal LBFGS.h); gen3d and conformer search now use L-BFGS by default (with CG fallback when Eigen is unavailable). @ghutchis (#2933)
New macrocycle ring builder with Dale codes for cycloalkanes with n > 24, plus a post-pass crown builder for unmatched rings up to n ≤ 24. Substantially improves initial 3D geometry for macrocycles. @ghutchis (#2923)
Distance-geometry improvements: faster, vectorized implementation ensuring stereochemistry is preserved @ghutchis (#2896, #2897)
KET format (Ketcher JSON) read/write, including aromatic-bond preservation and alias expansion for clean round-trip. @romanbsd (#2909)
ChemicalJSON (.cjson) format support — Avogadro's native format — with rich metadata: total charge & spin multiplicity, NMR and electronic spectra, conformer energies, unit-cell vectors, and space-group info. @ghutchis (#2486, #2491, #2516, #2640, #2654)
InChI bumped to 1.07.5; library version now reported in the format description. @e-kwsm @ghutchis (#2857, #2947)
Python 2 dropped; Python 3.13 supported (distutils removed). @e-kwsm @chrisjonesBSU (#2924, #2809) Integrated PyPI binary wheels @njzjz #2925
CMake 4 compatibility, FindPython refactor, Eigen 2 dropped, Eigen3::Eigen imported target adopted. @PPN-SD @e-kwsm (#2784, #2753, #2858)
OBRandomMT: new std::mt19937_64-based PRNG wrapper (opt-in via USE_RANDOMMT, default on); OB_RANDOM_SEED environment variable documented for reproducibility. @e-kwsm (#2241)
New Features and Improvements
[74 lines not shown]
py-httpbin: updated to 0.10.4
0.10.4
Made flasgger an optional dependency (falls back to a static landing page when absent), thanks @AdamWill and @mgorny
Fixed invalid escape sequence SyntaxWarnings on Python 3.12+, thanks @hseg
Included tox.ini and the tests in the source distribution, thanks @Mirochill
Added Python 3.13 and 3.14 to the test matrix and classifiers
py-checkdmarc: updated to 5.17.1
5.17.1
Fixed
Accept uppercase SPF macro letters (e.g. %{S}), which are valid per RFC 7208 section 7.3
5.17.0
Added
Warnings for deprecated Sender ID TXT records
Changed
NXDOMAIN errors are more detailed
gstreamer1: updated to 1.28.4
GStreamer 1.28.4 stable bug fix release
Highlighted bugfixes:
Various security fixes and playback fixes
audioaggregator: fixes for conversion of in-progress buffers when input caps change
audioresample: more armv7 fixes
camerabin: Fix caps negotiation failure when starting video capture
Debug logging performance improvements
fmp4mux: Fix draining in chunk mode after partial GOPs were drained
gldownload: fix handling of directly imported dmabufs from glupload
matroskamux: Write ReferenceBlock for non-keyframe video in BlockGroups
rtp2: session: add "stats" property
rtspsrc2: handle parse errors with TCP interleaved more gracefully where the server just drops data
rtspsrc2: implement support for SRTP, authentication, HTTP tunnelling, keep alive, stream selection, TLS validation, latency configuration
st2038combiner: only forward video pad segment, fixing issues for cases where the ST2038 segment differs
Wavpack audio: Various channel and channel-mask related fixes
[6 lines not shown]
strawberry: updated to 1.2.20
1.2.20 (2026.06.21):
Bugfixes:
* Defer writing playcount and rating tags for the currently playing MP3 file to prevent playback issues
* Fixed volume being reset during gapless playback when the sample rate changes between tracks
* Prevent duplicate songs with identical URL
* Fixed album shuffle to use the effective album artist
* Fixed collection watcher skipping symlinked directories
* Fixed collection subdirectory path handling when renaming directories
* Fixed songlyrics.com, elyrics.net and letras lyrics parsing
* Fixed SPC (GME) file parsing
* Fixed Tidal session not being cleared on authentication errors
* Fixed global shortcuts to use the first backend that registers successfully
* Prefer the volume UUID when identifying removable devices
* Save settings when the session manager requests a commit
* Set StartupWMClass in the desktop file to org.strawberrymusicplayer.strawberry
* Fixed two tabs closed when middle clicking on a playlist tab
[16 lines not shown]
pugixml: updated to 1.16
1.16
Add xml_node::ensure_child and xml_node::ensure_attribute that return the child/attribute with the specified name, adding one if it does not exist
PUGIXML_CHARCONV_FLOAT option can be enabled to switch floating point conversions to <charconv>, making conversions locale-independent and improving performance
Several performance improvements (XPath queries, node/attribute lookup) and bug fixes (remove_child stack overflow, load_file integer overflow on 32-bit systems)
py-dulwich: updated to 1.2.6
1.2.6 2026-05-31
* SECURITY: Honor ``core.protectNTFS``/``core.protectHFS`` on all
work-tree updates. The 1.2.5 path hardening (CVE-2026-42305) only
reached ``checkout`` and ``reset``; ``update_working_tree`` (used by
``merge``, ``pull`` and others) fell back to the default validator, so
a crafted branch could still check out an NTFS-unsafe name such as
``git~2`` even with ``core.protectNTFS=true``.
(Jelmer Vernooij; reported by donovan-jasper)
* SECURITY: Reject patch target paths that escape the work tree in
``apply_patches``. Patch headers are untrusted (e.g. ``git am`` of a
mailbox), so a ``+++``/rename path such as ``../../etc/cron.d/x`` or an
absolute path was joined onto the repo path and written outside the
working tree. Such paths are now refused.
(netliomax25-code)
[11 lines not shown]
py-ruff: updated to 0.15.18
0.15.18
Preview features
Handle nested ruff:ignore comments
Stop displaying severity in output
Use human-readable names in CLI output
Use human-readable names in LSP and playground diagnostics
[pydocstyle] Prevent property docstrings starting with verbs (D421)
[flake8-pyi] Extend PYI033 to Python files
Bug fixes
Detect equivalent numeric mapping keys
Detect mapping keys equivalent to booleans
Detect repeated signed and complex dictionary keys
[35 lines not shown]
catch2: updated to 3.15.1
3.15.1
Fixes
* Fixed potential OOB access when looking for start of broken UTF-8 sequence during linebreaking
* Fixed `TEMPLATE_LIST_TEST_CASE_METHOD` and `CATCH_TEMPLATE_PRODUCT_TEST_CASE` potentially causing ODR violations
