rspamd: update to 4.0.1.
4.0.1: 05 Apr 2026
** Features **
* [Feature] Add settings merge infrastructure with layered collect-then-merge flow
* [Feature] Add weak dependencies and disabled status to symcache
* [Feature] Add force-enable override for settings conflicts
* [Feature] Add dynamic block API to fuzzy storage worker
* [Feature] Allow custom response codes for fuzzy dynamic blocks
* [Feature] Expose ratelimit_whitelist check to Lua via worker method
** Bug fixes **
* [Fix] Keep original fd in proxy session after milter dup (fd leak since 4.0.0)
* [Fix] Use task_timeout instead of upstream timeout for proxy self-scan
* [Fix] Use LPeg grammar for AAR header parsing (#5963)
* [Fix] Use ev_now() instead of rspamd_get_ticks() for dynamic ban expiry
* [Fix] Enable deps in pre/postfilters and fix settings flow
* [Fix] Create rdeps for same-stage non-filter dependencies
[112 lines not shown]
devel/lua-cffi: import lua-cffi-0.2.4
Packaged by Yorick Hardy and myself in wip.
This is a portable C FFI for Lua, based on `libffi` and aiming to be mostly
compatible with LuaJIT FFI, but written from scratch. Compatibility is
preserved where reasonable, but not where not easily implementable (e.g.
the parser extensions for 64-bit `cdata` and so on). Thanks to `libffi`,
it works on many operating systems and CPU architectures. The `cffi-lua`
codebase itself does not contain any non-portable code (with the exception
of things such as Windows calling convention handling on x86, and some
adjustments for big endian architectures).
This release contains the fixes for the issues reported in today's security
advisory: https://lists.x.org/archives/xorg-announce/2026-April/003677.html
* CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap()
* CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom()
* CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence()
* CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap()
* CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes()
Additionally, it contains a number of other various fixes from the stable
xwayland-24.1 branch:
Alan Coopersmith (18):
xf86bigfont: fix -Wimplicit-function-declaration error
dix: Fix builds with meson -Dxace=false -Dwerror=true
meson: don't build xselinux if xace is disabled
xwayland: fix builds with xace disabled
panoramix: avoid null dereference in PanoramiXMaybeAddDepth()
panoramix: avoid null dereference in PanoramiXConsolidate()
[60 lines not shown]
moor: update to 2.12.0.
Support CTRL-f and CTRL-b for paging forward and backward, contributed
by @joshheyse in #395. Thanks!
Also in this release:
Accept ESC as the escape character in LESS_TERMCAP_* variables
Fix busy looping when reading from a pipe on Windows
dasel: update to 3.4.1.
## [v3.4.1] - 2026-03-30
### Fixed
- Escape characters in query strings now work as expected, e.g. `\n` will be treated as a newline character instead of the literal string `\n`.
- Fixed a typo in the `<=` token that could cause a display issue.
py-sphinx-autodoc-typehints: update to 3.10.1.
3.10.1
🐛 fix(resolver): surface hints for @no_type_check targets by @gaborbernat in #681
3.10.0
🔒 ci(workflows): add zizmor security auditing by @gaborbernat in #672
✨ feat(resolver): auto-inject :vartype: for annotated instance vars by @gaborbernat in #678
🐛 fix(intersphinx): skip union aliases in type mapping by @gaborbernat in #679
py-ruff: update to 0.15.10.
Preview features
[flake8-logging] Allow closures in except handlers (LOG004) (#24464)
[flake8-self] Make SLF diagnostics robust to non-self-named variables (#24281)
[flake8-simplify] Make the fix for collapsible-if safe in preview (SIM102) (#24371)
Bug fixes
Avoid emitting multi-line f-string elements before Python 3.12 (#24377)
Avoid syntax error from E502 fixes in f-strings and t-strings (#24410)
Strip form feeds from indent passed to dedent_to (#24381)
[pyupgrade] Fix panic caused by handling of octals (UP012) (#24390)
Reject multi-line f-string elements before Python 3.12 (#24355)
Rule changes
[ruff] Treat f-string interpolation as potential side effect (RUF019) (#24426)
[9 lines not shown]
py-rich: update to 15.0.0.
15.0.0
Changed
Breaking change: Dropped support for Python3.8
Fixed
Fixed empty print ignoring the end parameter #4075
Fixed Text.from_ansi removing newlines #4076
Fixed FileProxy.isatty not proxying #4077
Fixed inline code in Markdown tables cells #4079
14.3.4
Improved import time with lazy loading #4070
Changed link id generation to avoid random number generation at runtime #3845
py-puremagic: update to 2.2.0.
Version 2.2.0
-------------
- Adding Ogg scanner to distinguish Vorbis, Opus, Theora, FLAC, Speex, and OGM codecs
- Adding ASF scanner to distinguish WMV (video) from WMA (audio) files
- Adding EBML scanner to distinguish Matroska (.mkv) from WebM (.webm) files
- Adding MSI (Windows Installer) and MPP (Microsoft Project) detection to CFBF scanner
- Fixing #146 OOXML detection now uses `[Content_Types].xml` content types as primary method, correctly identifying docx/xlsx/pptx files from LibreOffice, Google Docs, and other non-Microsoft tools (thanks to jonasdeboeck79)
- Fixing ZIP deep scan now inspects all ZIP files instead of short-circuiting on .zip extension
- Fixing text scanner now treats files containing NUL bytes as binary data instead of misidentifying them as text
- Fixing mz5 HDF5 scanner typo in chromatogram dataset name
py-maturin: update to 1.13.1.
1.13.1
fix: fall back to placeholder for abi3 when found interpreters are too old by @messense in #3126
1,13
maturin 1.13.0 is a feature-rich release focused on better wheel
generation, improved packaging workflows, and smoother cross-platform
builds. This release adds new capabilities for stub generation and
PGO builds, significantly improves wheel repair support on macOS
and Windows, and includes a broad set of fixes for ABI tagging,
source distributions, and platform-specific build behavior.
