Update to dhcpsd-0.0.7 with the following changes:
* Add support for Darwin / macOS
* dhcpsd: -w waits for dynmically created interfaces
* sanitize_rfc1035: return early on error at start
Updated net/syncthing to 2.0.16
v.2.0.16
Fixes
fix(protocol): verify compressed message length before decompression by @calmh in #10595
fix(systemd): support overrides for syncOwnership by @Valloric in #10602
fix(systemd): add back chown allowed syscalls by @Valloric in #10605
Other
chore(config, connections): use same reconnection interval for QUIC and TCP (fixes #10507) by @marbens-arch in #10573
build(deps): update dependencies by @calmh in #10588
chore(sqlite): reduce max open connections, keep them open permanently (fixes #10592) by @calmh in #10596
v2.0.15
[128 lines not shown]
www/chromium: update to 147.0.7727.101
* 147.0.7727.101
This update includes 31 security fixes. Please see the
Chrome Security Page for more information.
[$90000][490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE.
Reported by cinzinga on 2026-03-05
[$10000][493628982] Critical CVE-2026-6297: Use after free in Proxy.
Reported by heapracer on 2026-03-17
[TBD][495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24
[N/A][497053588] Critical CVE-2026-6299: Use after free in Prerender.
Reported by Google on 2026-03-28
[TBD][497724498] Critical CVE-2026-6358: Use after free in XR.
Reported by Jihyeon Jeong (Compsec Lab, Seoul National University /
Research Intern) on 2026-03-30
[TBD][490251701] High CVE-2026-6359: Use after free in Video.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06
[54 lines not shown]
firefox140: update to 140.10
Mozilla Foundation Security Advisory 2026-32
Security Vulnerabilities fixed in Firefox ESR 140.10
Announced
April 21, 2026
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 140.10
#CVE-2026-6746: Use-after-free in the DOM: Core & HTML component
Reporter
Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
[278 lines not shown]
ldns drill: updated to 1.9.0
1.9.0
* Make ldns_calc_keytag() available for CDNSKEY RR
Thanks tgreenx and pnax
* Make ldns_key_rr2ds() available for CDNSKEY RR
Thanks tgreenx
* Make ldns_rr_compare_{ds,ds_dnskey}() available for
CDS and CDNSKEY RRs. Thanks tgreenx
* Make drill trace use IPv6 when used with -6
Thanks Paul Radford
* Unquoted "value" rdata for CAA records fail to validate.
Follows the long string unquoted syntax from RFC8659, section 4.1.1.
* ldns-read-zone -u fails if a type is the only type in a
window and the type modulo 256 is equal to zero.
* Intermittent build failure with multi-job
builds (make -j).
* Add ldns-verify-zone -s option. It checks all signature results,
[29 lines not shown]
mimalloc: updated to 3.3.1
3.3.1
various bug and security fixes
3.3.0
initial support for github (binary) releases, fix visiting of full pages during collection (performance), fix THP alignment (performance), fix arm64 cross-compilation on Windows, enable guard pages in debug mode, always use uncommitted areas between arenas (security), enable static overloading of malloc etc. on Windows with the static CRT
ansible-core: updated to 2.20.5
2.20.5
Minor Changes
- ansible-test - Generate ``dist_info`` when running tests.
- ansible-test - Replace the ``parallels`` managed macOS provider with a new ``mac`` provider.
- ansible-test - Switch managed macOS remotes from x86_64 to aarch64.
Bugfixes
- Fix ``validate_argspec`` when tags are defined on the play. The ``always`` tag is only added if the play has no tags.
- ``--start-at-task`` - fix starting at the requested task instead of starting at the next block or play. Play level tasks run first. (https://github.com/ansible/ansible/issues/86268)
- ansible-galaxy collection - Fix using the server configuration for ``validate_certs`` when downloading collections. (https://github.com/ansible/ansible/issues/86694)
- ansible_facts[os_*] - Contained wrong information, if ClearLinux parsing was tried before falling back to general os-release parsing
- templating - Fix traceback when using ``deepcopy`` on an imported template (https://github.com/ansible/ansible/issues/86723).
7-zip: updated to 26.00
7-Zip 26.00
improved code for ZIP, CPIO, RAR, UFD, QCOW, Compound.
7-Zip File Manager: improved sorting order of the file list. It uses file name as secondary sorting key.
7-Zip File Manager: improved Benchmark to support systems with more than 64 CPU threads.
the bug was fixed: 7-Zip could not correctly extract TAR archives containing sparse files.
some bugs were fixed.
py-redis: updated to 7.4.0
7.4.0
Bug Fixes
Fix AttributeError in cluster metrics recording when connection is None or ClusterNode object instance is used to extract the connection info
Fixing security concern in repr methods for ConnectionPools - passwords might leak in plain text logs
Refactored connection count and SCH metric collection
Experimental Features
-Refactored health check logic for MultiDBClient
redis: updated to 8.6.2
Redis 8.6.1 Released Mon 23 Feb 2026 10:00:00 IST
Upgrade urgency SECURITY: There is a security fix in the release
Security fixes
- A user can manipulate data read by a connection by injecting \r\n sequences into a Redis error reply
Bug fixes
- `HOTKEYS`: The `INFO` command may display module information, and the missing `HOTKEYS HELP` subcommand has been added
- Bug in RDB loading prevented hash table expansion, increasing load time
Redis 8.6 GA (8.6.0) Released Tue 10 Feb 2026 16:00:00 IST
This is the General Availability release of Redis 8.6 in Redis Open Source.
[10 lines not shown]
