Harden default dataset config for NAS storage
This commit changes our defaults for newly created filesystems
that are outside of namespaces for root filesystems for apps and
containers. Specifically, we're now setting noexec, nosuid, and
nodev by default to more closely align with storage industry
best practices. No migration is one for existing data.
The noexec property is exposed to users because there is
prior precedence for allowing users to toggle on/off (apps may
want to execute scripts provided on generic NAS storage), but
other options are not exposed directly to users in the
pool.dataset.create API.
Backport faf0e944008a8ce3182e11a2ee192b1589c5661a
libnotificationmanager: Return something of the correct type for most roles
from kde-distro-packagers at kde.org:
"we found a regression in Qt 6.11.1 that breaks the job tracker of
notifications, them not closing properly, among other things, which is a
quite high profile issue.
I would therefore suggest if you ship Qt 6.11.1 that you backport this
change for plasma-workspace [1] since Plasma 6.6.6 is still a couple of
weeks away. To our knowledge, Qt 6.11.0 and earlier are not affected. We
do not have a Qt fix yet afaik." -- Kai Uwe
See also https://bugs.kde.org/show_bug.cgi?id=520120
libxfce4windowing: update to 4.20.6
4.20.6 (2026-05-24)
======
- Add xfw_screen_get_monitor_for_gdk_monitor()
- Add missing "New in 4.20.6" docs section
- Add missing chain up to parent class
- I18n: Update po/LINGUAS list
- XfwMonitor: Fix (xdg_)output_done event handling
- XfwMonitor: Fix typo and initialize class member
- Ignore workarea/workspace count mismatches
- Fix incorrect max to clamp workspace number to
- Implement workspace geometry for wayland
- Add XfwWorkspace:geometry property
- Fix missing workspace signal connections in test program
- Add test program to enumerate workspaces
- Fix X11 workspace geometry and layout getting out of date
- Fix incorrect col & row ordering for Wayland workspace coordinates
- Fix width -> height typo for XfwWorkspaceX11 geometry
[6 lines not shown]
caddy: update to 2.11.3, containing some security improvements
2.10.1
This is probably our biggest patch release ever -- not that lots of
things were broken, but there's lots of refinement happening thanks to
broader adoption and contributions from many more people. Just look at
the New Contributors below!
Anyway, this release does contain some bug fixes and dependency upgrades
which we hope will serve you well. Let us know if there's any issues!
And thank you to all who contributed, especially our reliable maintainer
team!
2.10.2
This is a hotfix release to fix a couple critical issues from v2.10.1
2.11.1
[68 lines not shown]
sqlc: update to 1.31.1
1.31.1
- Remove go.mod replace directive that breaks go install ...@latest
- Downgrade github.com/ncruces/go-sqlite3 to v0.32.0
1.31.0
- Strip psql meta-commands from schema files
- Emit pointers for nullable enum columns when emit_pointers_for_null_types is set
- Map xid8 to pgtype.Uint64 for pgx/v5
- Rename :one return variable when it conflicts with a parameter
- Coerce SQLite JSONB output regardless of type casing
- Dedupe sqlc.arg parameters wrapped in a type cast for MySQL
- Preserve MySQL optimizer hints in generated query text
- Catch invalid ON CONFLICT DO UPDATE column references
- Replace manual loop with copy() builtin
- (native) Make MySQL connection check immediate on first attempt
[19 lines not shown]
eventhandler: Fix the NODEBUG build
Reported by: Michael Butler <imb at protected-networks.net>
Fixes: 735b16d490ae ("eventhandler: Fix a race when pruning eventhandlers")
(cherry picked from commit 3d8928114c4fec6cefbb1cd566ef8d1b3d2999e2)
at-spi2-core: explicitly disable dbus-broker and systemd.
This fixes the build on (Fedora) Linux.
There are two implementations of dbus: dbus-daemon and dbus-broker.
Fedora defaults to the latter, but it requires systemd. pkgsrc has no
support for linking against builtin libsystemd, so make at-spi2-core use
dbus-daemon from pkgsrc.
Suggested by wiz@ and prlw1@ in tech-pkg.
Update transformations sensitive to signaling NaNs
Previously exception handling behavior was uses as an indicator of sNaN
support. With introducing a special function attribute `signaling_nans`
the checks for sNaN support must be changed to use the function
attribute rather than the exception behavior.
[AtomicExpand] Support non-integer atomic loads. (#199310)
This is arguably an enhancement rather than a bugfix. But
AtomicExpandPass already tries to support some non-integer atomic ops
using cmpxchg by bitcasting to/from an integer type. We're just missing
this one path used by atomic load. Seems easy enough to support it.
This bug was found by a large run of Opus 4.7 looking for bugs in LLVM.
