luanti: update to 5.16.1
5.16.1:
Fixed bug introduced in 5.16.0 with water rendering
5.16.0:
Deprecations and compatibility notes
- Writing to mod directories is now disallowed
Client / Audiovisuals
- Texture pack override.txt now supports overriding overlay tiles
- Restore inventory cube (item mesh) shading
- Fixed incorrect animation state when placing nodes quickly
- Fixed a graphical issue where the fog incorrectly changed the
color of semi-transparent particles
- Support more mouse buttons (beyond X2)
- Add keybinds for camera movement
- Formspec: Bug fixes related to inventory list interactions
- Formspec: Focus behavior improvements
[44 lines not shown]
haproxy: updated to 3.3.9
3.3.9
- BUG/MINOR: sink: do not free existing sinks on allocation error
- BUG/MINOR: vars: make parse_store() return error on var_set() failure
- BUG/MINOR: vars: don't store the variable twice with set-var-fmt
- BUG/MINOR: vars: only print first invalid char in fill_desc()
- BUG/MINOR: hpack: validate idx > 0 in hpack_valid_idx()
- BUG/MEDIUM: cli: fix master CLI connection slot leak on client disconnect
- BUG/MINOR: acl: fix a possible arg corruption in smp_fetch_acl_parse()
- BUG/MINOR: map: do not leak a map descriptor on load error
- CLEANUP: map/cli: fix some map-related help messages
- BUG/MINOR: pattern: release the reference on failure to load from file
- CI: github: add DEBUG_STRICT=2 to ASAN jobs
- BUG/MEDIUM: mux-h2: fix the body_len to check when parsing request trailers
- BUG/MAJOR: mux-h2: preset MSGF_BODY_CL on H2_SF_DATA_CLEN in h2c_dec_hdrs()
- BUG/MINOR: dns: always validate the source address in responses
- BUG/MINOR: tcpcheck: Properly report error for http health-checks
- BUG/MINOR: resolvers: Free new requester on error when linking a resolution
[17 lines not shown]
ugrep: updated to 7.8.1
7.8.1
Fixed two issues:
fix 545 --disable-avx512 tested and working
fix 544 (same as 537) a bug in the ugrep v7.6 ~ v7.8 (since March 5, 2026) that can't handle very long lines in huge files properly, outputting uninitialized input file buffer contents as if part of the matching line or contents read after the input file buffer as if part of the matching line.
taglib: updated to 2.3
TagLib 2.3 (May 10, 2026)
* MP4: Support for chapters (Nero and QuickTime).
* WAV: Support for BEXT and iXML chunks.
* FLAC: Support for BEXT and iXML application blocks.
* Opus: New audio property `outputGain()`.
* Speed up Matroska reading by using seek head for element lookup.
* Speed up Matroska writing by offering multiple write style modes.
* More tolerant handling of files with oversized RIFF chunks, zero size ID3v2
frames and Matroska chapters without edition.
* Avoid wrong content-based detection as MPEG files.
* Fix bitrate calculations for MPEG ADTS and MP4 ESDS.
* Fix data race with multi-threaded use of `MP4::ItemFactory`.
* Fix unbounded recursion in EBML/Matroska `MasterElement` and MP4 atoms.
* Limit number of MP4 atoms at top level.
* Fix writing too many offsets when updating MP4 stco/co64 atoms.
* Fix k bounds in Shorten Rice-Golomb coding.
py-asyncssh: updated to 2.23.0
Release 2.23.0 (8 Feb 2026)
* Added support for "Match localnetwork". Thanks go to Théophile Bastian
for reporting this new match type, added in OpenSSH 9.4.
* Enabled support for RSA with SHA-2 signatures in ssh-agent and Pageant.
Thanks go to GitHub user Netzvamp for reporting this.
* Changed MAC algorithm negotation to be skipped when using AEAD ciphers.
Thanks go to GitHub user LilleCarl for reporting this issue and
suggesting a potential fix.
* Improved graceful termination when using ProxyCommand, waiting for
the ProxyCommand tunnel to close when cleaning up a connection. Thanks
go to Simon Liétar for reporting this issue and helping to investigate
possible solutions.
[20 lines not shown]
py-gssapi: updated to 1.11.1
1.11.1
Add Free-Threading and Limited API/Stable ABI
Fix up classifier from typo
1.11.0
Add Free-Threading and Limited API/Stable ABI
python314 py314-html-docs: updated to 3.14.5
Python 3.14.5
Security
gh-148178: Hardened _remote_debugging by validating remote debug offset tables before using them to size memory reads or interpret remote layouts.
Core and Builtins
gh-146270: Fix a sequential consistency bug in structmember.c.
gh-137293: Fix SystemError when searching ELF Files in sys.remote_exec().
Library
gh-149388: Make asyncio.windows_utils.PipeHandle closing idempotent.
gh-149377: Update bundled pip to 26.1.1
gh-138907: Support RFC 9309 in urllib.robotparser.
gh-148615: Fix pdb to accept standard – end of options separator. Reported by haampie. Patched by Shrey Naithani.
[12 lines not shown]
Mew 6.11 (2026-05-11)
* Supporting coming Emacs 31.
* Removing fallback code from the "submission" port to the "smtp" port.
* `mew-smtp-port` is now defined as `"submission"` instead of `"smtp"`.
* Remove STARTTLS parameters for non-STARTTLS connections with GnuTLS
[#212](github.com/kazu-yamamoto/Mew/pull/212)
* Fix: BIMI logo color
[#210](github.com/kazu-yamamoto/Mew/pull/210)
* Support "BIMI-Indicator:" Header
[#208](github.com/kazu-yamamoto/Mew/pull/208)
* Hiding UI- in Message Mode
[#204](https://github.com/kazu-yamamoto/Mew/pull/204)
* Fix master password issues / Add Asymmetric (public key) encryption support
[#201](https://github.com/kazu-yamamoto/Mew/pull/201)
sysbench: updated to 1.0.20
1.0.20
* build/CI/packaging: Add arm64 to Travis CI matrix
* build/CI/packaging: add Ubuntu Focal
* build/CI/packaging: remove Fedora Rawhide from CI matrix
* build/CI/packaging: fix regression tests to work with MySQL 8.0.19+
* build/CI/packaging: fix macOS builds in Travis
* build/CI/packaging: remove Ubuntu Disco (EOL)
py-traitlets: updated to 5.15.0
5.15.0
Enhancements made
- Moved definitions of K and V outside of TYPE_CHECKING condition
- Accept integer-valued numbers for Integer
- Update `__new__` method to use Self type for improved type hinting
- Fix whitespace formatting in CLI help.
Bugs fixed
- Fix `traitlets.__all__`
- The --config option with absolute paths will be loaded only once.
- Avoid using `return t.cast` which can prevent attribute access during process teardown
- Suppress exceptions when closing handlers during `__del__`
py-bidi: updated to 0.6.9
0.6.9
* Rust extension declares ``gil_used = false`` so it runs under free-threaded (no-GIL) Python [Meir Kriheli]
* Added concurrent stress test for ``get_display`` under free-threaded builds [Meir Kriheli]
* CI: optional cp313t/cp314t wheel builds when setup-python provides those interpreters; free-threaded test job prefers 3.14t with 3.13t fallback [Meir Kriheli]
* CI: Intel macOS wheels now built on macOS 15 (replacing macOS 13) [Meir Kriheli]
* Use ``uv`` for nox virtualenvs; add ``uv.lock`` and document uv-based dev setup in README and CONTRIBUTING [Meir Kriheli]
* Set ``requires-python = ">=3.9"`` explicitly in ``pyproject.toml`` [Meir Kriheli]
0.6.8
* Added missing 3.14 build for Linux
rsync: updated to 3.4.2
rsync 3.4.2 (28 Apr 2026)
Changes in this version:
SECURITY RELATED:
Several security-relevant defects were reported and fixed since 3.4.1. None were assigned a CVE — rsync's fork-per-connection design scopes the impact of each of these to the attacker's own connection, which is equivalent to the client closing the socket itself — but they are fixed here as a matter of hygiene and to reduce the chances of a future exploitable combination. Many thanks to the external researchers who reported these issues.
Fixed a signed integer overflow in the PROXY protocol v2 header parser: a negative len field could bypass the size check and cause a stack buffer overflow in read_buf(). Reported by John Walker of ZeroPath.
Fixed an invalid access to the files array. Reported by Calum Hutton of Rapid7.
Reject negative token values in the compressed-stream token decoder; a negative value could cause callers to misinterpret a missing data pointer as literal data. Reported by Will Sergeant.
Fixed the element count passed to the xattr qsort() (see https://www.openwall.com/lists/oss-security/2026/04/16/2).
Fixed a buffer underflow in clean_fname(), and added a regression test.
[60 lines not shown]
