ghostscript-agpl: updated to 10.07.1
Version 10.07.1 (2026-05-19)
Highlights in this release include:
The 10.07.1 release is a maintenance release:
This release addresses a number of potential security issues.
The wider adoption of "C99" and later features has reached the point where we must ease our policy on this area. The Ghostscript/GhostPDL codebase will remain "C89" plus widely supported extensions but, as of the 10.08.0 release, our included third party libraries will be permitted to use "C99" and potentially later features.
The 10.07.1 removes the non-standard operator ".tempfile", and removes the "temp" directory from the default file permission lists. By default, such access is now only available internally, not from "user level" PostScript
Our efforts in code hygiene and maintainability continue.
The usual round of bug fixes, compatibility changes, and incremental improvements.
py-zipp: updated to 4.1.0
v4.1.0
Features
- Path.iterdir now raises NotADirectoryError (formerly ValueError) when call on something that's not a directory.
v4.0.0
Deprecations and Removals
- Drop workaround for stacklevel bug on older PyPy releases.
py-yarl: updated to 1.24.2
v1.24.2
Contributor-facing changes
- Switched the aarch64 and armv7l wheel builds to GitHub's native ARM
runners. The aarch64 wheels now build without QEMU emulation, and
armv7l runs on aarch64 hosts so its 32-bit ARM execution is far
cheaper than the previous aarch64-on-x86_64 path
- Restored per-runner native arches in the Windows wheel matrix on tag
releases. The previous ``CIBW_ARCHS_WINDOWS=AMD64 ARM64`` setting made
both ``windows-latest`` and ``windows-11-arm`` cross-compile the other
arch, producing two artifacts with identically-named wheels whose
bytes differed; the deploy job's ``download-artifact ... merge-multiple``
step tore those writes together, yielding a wheel that PyPI rejected
with ``400 Invalid distribution file. ZIP archive not accepted:
Mis-matched data size`` during the 1.24.0 and 1.24.1 releases
wireshark: updated to 4.6.6
4.6.6
The following vulnerabilities have been fixed:
wnpa-sec-2026-51 ROHC protocol dissector crash. Issue 21243.
The following bugs have been fixed:
Wireshark crashes when run under Visual Studio on Windows. Work item 24787.
Welcome page slide preferences are now available in the preferences window.
vwr: Read of uninitialized memory in pntoh16. Issue 16460.
vwr: Read of uninitialized memory in find_signature. Issue 16461.
Upgrades on Windows do not retain existing optional features unless explicitly requested, resulting in accidental removal of features. Issue 18925.
Wireshark.exe version 4.6.5 is twice as large as version 4.6.4. Issue 21233.
MACsec dissector global-buffer-overflow. Issue 21235.
Wireshark 4.6.5 does not run on Windows 10 version 1809 (including Server 2019 and some LTSC versions) Issue 21237.
Fuzz job issue: fuzz-2026-05-02-14184750352.pcap. Issue 21240.
[2 lines not shown]
memcached: updated to 1.6.42
1.6.42
This is a major security focused release. Nearly all of the fixes are security
related for issues that can cause memory corruption, crashes, and so on.
Fixes
vendor: Instructively warn if vendor blob missing
proxy: fix write length in extstore miss
Fix timing side-channel in SASL password database authentication
proto: fix signed overflow in bodylen for binprot
proxy: fix underflow with 0 length values
auth: fix data race during reload
auth: fix crash when given huge token
proto: fix crash in binary protocol
core: fix crashes from slabs reassign
proxy: check result of buffer parse in match_res
[2 lines not shown]
py-sphinx-gallery: updated to 0.21.0
v0.21.0
Support for Sphinx 5 dropped in this release. Requirement is now Sphinx >= 6.
Implemented enhancements:
- Add support for dynamic filtering by tag
Fixed bugs:
- Fix subsection header sanitization when ``nested_sections=False``
- Fix ``generate_gallery_rst`` when ``nested_sections=False`` user provides own ``index.rst``
Documentation
- DOC Add v0.20.0 to CHANGES.rst
- DOC Note sphinx bump in changes
[3 lines not shown]
mdbook: updated to 0.5.3
mdBook 0.5.3
Changed
- Improve spacing in sidebar section headings.
- Updated cargo dependencies.
Fixed
- The "current" page highlighting in the sidebar now handles servers that redirect and strip the `.html` extension.
- Remove `?highlight=` from URL when highlights are dismissed via clicking.
- Fix global keypresses triggering when other elements are in focus.
- Fix download URL format for mdBook in CI guide.
- Improve error message for invalid Font Awesome icons.
- Fix nested admonitions that use wrong header colors.
[ELF] -r: Don't let a weaker offset-0 R_RISCV_ALIGN suppress ALIGN synthesis (#198147)
PR #151639 skipped synthesizing the section-start R_RISCV_ALIGN whenever
any R_RISCV_ALIGN existed at offset 0, regardless of its alignment. This
works with newer LLVM integrated assembler (#150816).
However, older MC and GNU Assembler as of today
(https://sourceware.org/bugzilla/show_bug.cgi?id=33236) can carry a weak
offset-0 R_RISCV_ALIGN (addend 2 => align 4) while its real alignment
requirement comes from a `.option norelax` .balign, which emits no
relocation.
Fix the condition to not suppress synthesis.
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=33236#c4
[lldb] Recheck connection state in webinspector-wasm EnsureConnected (#198701)
m_remote_platform_sp can be non-null while the remote is disconnected
(PlatformWasm::ConnectRemote installs the pointer before the connect
call). Also check IsConnected() so a prior failed connect doesn't make
EnsureConnected falsely report success.
[clang] Don't cutoff parsing when load C++ named module failed (#187858)
Since https://github.com/llvm/llvm-project/pull/173130, clang convert
module name pp-token sequence into a annot_module_name token for C++20
module/import directive. This PR follows the changes and correct the
module name handling in clangd.
This PR avoid parsing cutoff when hit an C++ named module loading.
Fixes https://github.com/llvm/llvm-project/issues/181358.
Signed-off-by: yronglin <yronglin777 at gmail.com>
[clang][tooling] Handle C++20 annot_module_name in syntax tokens (#198544)
The token collector will ignore all the annotation tokens, but IIUC, the
annot_module_name shoulde not be ignored.
Signed-off-by: yronglin <yronglin777 at gmail.com>
cyrus-sasl2: fix build with llvm22, ok ajacoutot naddy
Switch from hand-rolled memset(3) and memcpy(3) to the ones in libc.
The versions inherited from libdes abuse unsigned char * for void *
and [-Wincompatible-pointer-types] is now an error:
md5.c:400:14: error: incompatible pointer types passing 'unsigned char (*)[65]' to parameter of type 'POINTER' (aka 'unsigned char *') [-Wincompatible-pointer-types]
Switching POINTER to void * causes other problems.
[dsymutil] Update modules test for divergence between the two linkers (#198661)
The parallel linker keeps DW_AT_GNU_dwo_id on linked CUs while the
classic linker drops it. Gate the four `CHECK-NOT: DW_AT_GNU_dwo_id`
assertions to a CLASSIC-only prefix so the test reflects the actual,
intended behavior of each linker.
(devel/R-lazyeval) Updated 0.2.2 to 0.2.3
# lazyeval 0.2.3 (Time stamp of NEWS.md is 2026/04/03)
* Fixes for CRAN checks. The new implementation is now compliant with
the public C API of R and might differ from the historical one in
subtle ways.
[AMDGPU] Implement -amdgpu-spill-cfi-saved-regs
These spills need special CFI anyway, so implementing them directly
where CFI is emitted avoids the need to invent a mechanism to track them
from ISel.
Change-Id: If4f34abb3a8e0e46b859a7c74ade21eff58c4047
Co-authored-by: Scott Linder scott.linder at amd.com
Co-authored-by: Venkata Ramanaiah Nalamothu VenkataRamanaiah.Nalamothu at amd.com
[AMDGPU] Implement CFI for CSR spills
Introduce new SPILL pseudos to allow CFI to be generated for only CSR
spills, and to make ISA-instruction-level accurate information.
Other targets either generate slightly incorrect information or rely on
conventions for how spills are placed within the entry block. The
approach in this change produces larger unwind tables, with the
increased size being spent on additional DW_CFA_advance_location
instructions needed to describe the unwinding accurately.
Change-Id: I9b09646abd2ac4e56eddf5e9aeca1a5bebbd43dd
Co-authored-by: Scott Linder <scott.linder at amd.com>
Co-authored-by: Venkata Ramanaiah Nalamothu <VenkataRamanaiah.Nalamothu at amd.com>