Update to version 9.2.0747.
Changes:
- patch 9.2.0747: cscope: connection leak when growing the array fails
- patch 9.2.0746: NULL pointer dereference in gui_photon
- patch 9.2.0745: Crash with truncated spellfile
- patch 9.2.0744: popup_atcursor() closes immediately on white space
- runtime(odin): Update indent script, add indent tests
- CI: MS-Windows: Run gvim/vim tests in parallel
- patch 9.2.0743: string macros silently accept a size of the wrong type
- runtime(vim): Fix heredoc triggering misidentifcation of Vim9 script
- patch 9.2.0742: filetype: SSH keys and related filetypes not recognized
- runtime(css): add more missing CSS properties
- patch 9.2.0741: complete_check() does not return TRUE for mapped input
- patch 9.2.0740: GTK4: scrollbar wrongly displayed
- patch 9.2.0739: completion: 'autocompletedelay' blocks the main loop and drops autocommands
- runtime: guard recommended style settings consistently
- patch 9.2.0738: ml_recover() may write beyond block buffer
- CI: Bump actions/checkout in the github-actions group across 1 directory
[35 lines not shown]
resterm: Update to version 0.44.4
v0.44.4
What's Changed
Refreshed status bar icons - replaced the editor icon, which rendered as broken on some fonts.
Status hints now clear when an action is confirmed or focus changes, instead of staying as stale text.
games/Zork-III: import Zork-III-1.0
Zork III: The Dungeon Master
This is Zork, the famous text adventure game from 1977.
Through a number of subsidiaries, it is now owned by Microsoft and
they have chosen to re-release it under the MIT license.
This package is the third installment of the multi-part version,
which was released in 1982.
games/Zork-II: import Zork-II-1.0
Zork II: The Wizard of Frobozz
This is Zork, the famous text adventure game from 1977.
Through a number of subsidiaries, it is now owned by Microsoft and
they have chosen to re-release it under the MIT license.
This package is the second installment of the multi-part version,
which was released in 1981.
games/Zork-I: import Zork-I-1.0
Zork I: The Great Underground Empire
This is Zork, the famous text adventure game from 1977.
Through a number of subsidiaries, it is now owned by Microsoft and
they have chosen to re-release it under the MIT license.
This package is the first installment of the multi-part version,
which was released in 1980.
py-protego: updated to 0.6.2
0.6.2 (2026-06-25)
- Fixed a ReDoS (regular expression denial of service) vulnerability: URL
patterns from ``robots.txt`` ``Allow`` and ``Disallow`` directives were
compiled into regular expressions, where multiple ``*`` wildcards could
cause exponential backtracking. A server could exploit this to cause denial
of service by serving a crafted ``robots.txt`` file. Wildcard matching is
now performed without regular expressions. Please, see the
`CVE-2026-55520`_ and `GHSA-wjmf-p669-5m5p`_ security advisories for more
information.
0.6.1 (2026-06-11)
- Fixed parsing of ``Request-rate`` values where the seconds field has no
time-unit suffix (e.g. ``1/60`` instead of ``1/60s``). Previously the last
digit of the number was silently dropped.
psmisc: updated to 23.7
Changes in 23.7
* build-sys: Make disable-statx work
* fuser: Fallback to stat() if no statx() Debian 1030747
* fuser: silently ignore EACCES when scanning proc directories
* killall: small formatting fixes Debian
* pstree: Do not assume root PID
* pslog: include config.h
* misc: Update gettext to 0.21
py-pandas: updated to 3.0.4
3.0.4
Fixed regressions
Fixed a performance regression in Series.searchsorted() and Index.searchsorted() with the string dtype, where a full O(n) NA scan made the operation much slower than the binary search itself (GH 65837)
Fixed a regression in isin() raising an error when checking for pd.NA with ArrowDtype, which also affected DataFrame.drop() with ArrowDtype-backed indexes (GH 63304)
Fixed a regression in arithmetic operations involving StringDtype and custom Python objects incorrectly raising instead of returning object-dtype results (GH 64107)
Fixed a regression in localizing timestamps beyond the year 2100 when using zoneinfo timezones (GH 65733)
Fixed a regression in setting into a DataFrame with MultiIndex columns and mixed-dtype level silently doing nothing (GH 65118)
Bug fixes
Fixed a bug in DataFrame.iloc() silently ignoring the assignment when setting values with an unordered or duplicated column indexer on a DataFrame whose values are referenced by another object (GH 65446)
Fixed a bug in DataFrame.to_sql() and read_sql_table() when using an ADBC engine where table and schema names were not quoted as SQL identifiers, causing failures for identifiers containing spaces or reserved words, and making it vulnerable to SQL injection (GH 65065)
Fixed a bug in Series.str.__getitem__() raising AttributeError when underlying array is ArrowExtensionArray (GH 65112)
Fixed a bug in Series.str.match() and Index.str.match() with PyArrow-backed string dtypes where a leading ^ only anchored the first branch of an alternation pattern (e.g. r"^foo|bar") (GH 66069)
Fixed a bug in eval() not honoring Copy-on-Write with the Python engine when columns were reused in the expression, causing unexpected mutation of the original DataFrame (GH 65664)
Fixed a bug in arithmetic adding or subtracting a non-tick DateOffset (e.g. offsets.MonthEnd, offsets.QuarterEnd) to datetime data that could cause a segmentation fault when another thread was running concurrently, e.g. under pytest-xdist (GH 66031)
py-scikit-build: updated to 0.19.1
Scikit-build 0.19.1
This is a patch release to add support for Visual Studio 2026.
Features
* Support Visual Studio 18 2026 in :pr:`1186`
Bug fixes
* Correctness bugs found in code review in :pr:`1191`
* Resolve Visual Studio generator environments lazily in :pr:`1193`
Testing
* Add windows-latest job for Visual Studio 2026 in :pr:`1194`
* Convert decorator into fixture in :pr:`1175`
[12 lines not shown]
py-django-treebeard: updated to 5.3.0
5.3.0
Added support for loading data for many-to-many relationships with load_bulk(). These were previously exported when using dump_bulk(), but were not handled when loading the same data.
Fixed an exception arising when running delete() operations on querysets that had a prefetch.
Added a warning when the default manager for a model extending a Treebeard Node class does not subclass the corresponding Treebeard model manager. This will raise an error in the next major release of Treebeard.
tor: updated to 0.4.9.11
0.4.9.11
Security release follows in quick succession after the previous one due to
additional high-priority security issues including one concerning onion
services. We strongly recommend upgrading as soon as possible.
o Major bugfixes (onion services):
- Prevent a race condition where in just the right circumstances a
rendezvous point could man-in-the-middle (impersonate) the onion
service that the client was trying to reach. Fixes bug 41297;
bugfix on 0.3.5.3-alpha.
o Major bugfixes (client):
- Clients no longer assert and exit if an onion service encodes an
all-zero public key for one of its introduction points. Fixes bug
41295; bugfix on 0.3.2.1-alpha.
[22 lines not shown]
GraphicsMagick p5-GraphicsMagick: updated to 1.3.47
1.3.47
Security Fixes:
DPX: Fix subsampling validation logic which was failing due to incorrect logic. This avoids a divide by zero possibility.
JNG writer: Properly handle and report the case where ImageToBlob()returns NULL.
MNG writer: Enforce that MNG only supports a color palette up to 256 colors (ImageMagick CVE-2026-28690).
MagickXImageWindowCommand(): Assure that static buffer does not overflow if the user keeps a numeric key depressed (ImageMagick CVE-2026-33535).
PCD: Prevent an out of bounds read (ImageMagick security advisory GHSA-wrhr-rf8j-r842).
PNG writer: Detect and report an excessively large profile, an other unexpected conditions (ImageMagick CVE-2026-30883).
RenderFreetype(): Use MagickConfirmAccess() to verify that font file name is allowed to be read.
TIFF EXIF IFD writer: Detect and prevent infinite looping (EXIF IFD writer code may be excluded by the -DEXPERIMENTAL_EXIF_TAGS=0 define).
TIFF EXIF IFD writer: Only transfer tags from EXIF and GPS IFDs. Do not transfer tags from the main IFDs.
YUV: Fix validation of 'sampling-factor' argument. (ImageMagick CVE-2026-25799). Given that the argument normally comes from a user (rather than an input file) this seems to be a minor security issue at most.
PS, PS2, PS3: Enforce that width and height dimensions, and total pixels, to/from Ghostscript are within the same limits as specified for GraphicsMagick. This helps avoid Ghostscript-based denial of service opportunities.
SVG: Add validations for element id syntax. Reject invalid attribute values which contain single quotes.
XCF: Report an error if there are no layers. Fix two unsigned integer overflow cases.
[53 lines not shown]
py-matplotlib: updated to 3.11.0
3.11.0
The largest change within this release is a complete overhaul of text and font
processing. Through the use of libraqm, HarfBuzz, SheenBidi, and an updated
release of FreeType, all text should now support modern font features, enabling
full internationalization in all languages. Not all features of these libraries
are supported yet, but we expect this work to enable further improvements in an
easier manner.
Outside of text handling, there are several improvements to 3D Axes,
performance, new accessible colour sequences, flexible figure management, and
more. See the release notes for more information.
