kubectl: update to 1.36.0
Changes by Kind
Deprecation
* Renamed: AllowlistEntry.Name to AllowlistEntry.Command in the credential
plugin allowlist. [SIG API Machinery, Auth, CLI and Testing]
API Change
* Added SchedulingConstraints to express topology-aware scheduling (TAS)
constraints for PodGroup scheduling behind the
TopologyAwareWorkloadScheduling feature gate. Added the TopologyPlacement
plugin implementing the PlacementGenerate extension point to take
constraints into consideration during PodGroup scheduling. [SIG API
Machinery, Apps, Auth, CLI, Cloud Provider, Etcd, Node, Scheduling and
Testing]
* Added DisruptionMode, PriorityClassName, and Priority fields to the
[176 lines not shown]
mpg123: updated to 1.33.5
1.33.5
- mpg123: Fix generic control mode for largefile-sensitive builds, where 32 bit
off_t was used with mpg123 API calls expecting 64 bit off_t.
I am appalled that it took a user on 32 bit ARM and a specific https stream
to notice this (bug 385, regression since 1.32.0).
The security impact of this could be serious, with memory corruption including
segfault being observed.
- mpg123-id3dump, out123: Enable 64 bit offset usage on largefile-sensitive
platforms (regression since 1.32.0).
- libmpg123:
-- Announce support for shadow stack / IBT in x86-64 assembly.
-- Also announce PAC/BTI for non-accurate neon64 (aarch64) synth.
- libout123: Add a safeguard to ensure variable-length records from buffer
communication are always zero-terminated.
- libsyn123: Use union work buffer to avoid casts that may look like breaking
strict aliasing.
oracle-jdk25: added version 25.0.3
Java 25 LTS is the latest long-term support release for the Java SE platform.
JDK 25 binaries are free to use in production and free to redistribute, at no
cost, under the Oracle No-Fee Terms and Conditions (NFTC).
JDK 25 will receive updates under these terms, until at least September 2028.
py-pre-commit: update to 4.6.0
Features
* pre-commit hook-impl: allow --hook-dir to be missing to enable easier
usage with git 2.54+ git hooks.
Fixes
* pre-commit hook-impl: --hook-type is required.
iosevka-*: update to 34.4.0
* Add above-baseline variants for Greek Lower Chi (χ).
* Add tall variants for Cyrillic Lower Ze (з).
* Add cursive-interrupted and cursive-interrupted-tall variants for
Cyrillic Lower Ve (в).
* Optimize glyphs for original cursive and cursive-tall variants.
* Add rounded-top variants for Cyrillic Lower Ve (в).
minizip-ng: updated to 4.1.2
4.1.2
cmake: fix: mz_config.h was missing in install target
cmake: various clean ups
4.1.1
mz_strm_ppmd.c reader issue: it can't detect EOF
Add PPMd & Zstd zip files to the fuzz corpus
Document that mz_zip_tm_to_time_t requires a year-1900 indexed time struct.
build: avoid MIN macro for Windows
Document PPMD compression
Remove calls to add_subdirectory in CMakeLists.txt for lzma & zlib
update to use ppmd from 7zip 26.00
Set default value for MZ_SANITIZER to OFF in README.md
Replace ZLIB_ENABLE_TESTS with BUILD_TESTING
Fix integer overflow in split stream write for disk sizes > 2GB
[5 lines not shown]
libgpg-error: updated to 1.60
Noteworthy changes in version 1.60 (2026-04-24) [C42/A42/R0]
* New error codes.
* Fix a use-after-scope of a Windows handle array.
* Fix cross compiling for wasm32-unknown-emscripten.
* Interface changes relative to the 1.57 release:
GPG_ERR_PUBKEY_NON_COMPLIANT NEW.
GPG_ERR_CIPHER_NON_COMPLIANT NEW.
GPG_ERR_DIGEST_NON_COMPLIANT NEW.
mail/mutt: Update to version 2.3.2
This release fixes an assortment of issues, including a possible segv in
the GPGME code. For more details see the commits:
834c5a2e Fix IMAP auth_cram MD5 digest of secret to use memcpy().
12f54fe3 Check for embedded nul in url_pct_decode().
f547a849 Fix imap_auth_gss() security level size check and buf_size type.
fdc04a17 Fix infinite loop in gpgme data_object_to_stream().
ebfa2969 Fix NULL dereference in show_sig_summary().
py-peewee: updated to 4.0.5
4.0.5
* Fix bug where `db_value()` may not get called in subclasses of Postgres
JSONField / BinaryJSONField.
* Fix bug where indexes for table may be defined on multiple schema.
* Always fall-through to base exception class if exception is not recognized in
DB drivers. This simplifies checking driver-specific subclasses of standard
DB-API exceptions.
py-testfixtures: updated to 11.0.0
11.0.0 (9 Mar 2026)
- Moved to a `uv`__-based, ``pyproject.toml``-driven project layout, with ``main`` replacing
``master`` as the default git branch.
__ https://docs.astral.sh/uv/
- Move from Circle CI to Github Actions for continuous integration and releasing.
- Lots of documentation has been refreshed.
- Python versions between 3.11 and 3.14, inclusive, are now supported.
- Python versions 3.10 and earlier are no longer supported.
- :class:`TempDir` is now introduced as a :class:`~pathlib.Path`-based alternative to
:class:`TempDirectory`.
[27 lines not shown]
tcp: use RFC 6191 for connection recycling in TIME-WAIT
Implement the criteria specified in RFC 6191 for recycling TCP
connections in TIME-WAIT.
Reviewed by: rscheff, Marius Halden
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D56321
Event: Wiesbaden Hackathon 2026
(cherry picked from commit 3a54aa3b0911bef15e014b8a8185e116efb0a918)
bpf: fix handling the read timeout on ppc64
On platforms other than amd64, BIOCSRTIMEOUT is equal to
BIOCSRTIMEOUT32. Therefore, running the COMPAT_FREEBSD32 code
basically clears tv_usec on big endian platforms. When tcpdump is
used, the timeout requested is 100ms, which gets cleared to 0 on
ppc64 platforms. This results in tcpdump showing the packets only
when the read buffer is full.
Thanks to kib for guiding me to the correct fix.
Reported by: ivy
Reviewed by: adrian, kib
Differential Revision: https://reviews.freebsd.org/D56399
Event: Wiesbaden Hackathon 2026
(cherry picked from commit 04b994d19eec68a6b5d27ff4b0fa223a05f00e1f)
tcp: retire TF_SENTSYN
This TF_-flag is only used in the RACK stack and not really needed.
So replace it, since glebius@ needs a TF_ flag and right now all
of them are taken.
No functional change intended.
Reviewed by: rrs, glebius, rscheff, Nick Banks
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D56025
Event: Wiesbaden Hackathon 2024
(cherry picked from commit 32cc4beb0a8c3cadc0de4c255ba512fd7b196607)
virtio: add loader tunables to sysctl
virtio_pci uses two loader tunables that should be more visible.
This patch adds these loader tunables to sysctl and describes them
in the virtio(4) man page.
Reviewed by: imp (erlier version), tuexen
Differential Revision: https://reviews.freebsd.org/D55533
Event: Wiesbaden Hackathon 2026
(cherry picked from commit c70755bc0d8f703dbaa1520c15e8213a95847dd5)
arm64/pmap: fix pmap_is_valid_memattr()
The function pmap_is_valid_memattr(pmap, mode) checks whether the
given variable mode is between the two constant values
VM_MEMATTR_DEVICE and VM_MEMATTR_WRITE_THROUGH.
After the code for this function was written, the value of
VM_MEMATTR_DEVICE changed from 0 to 4. Since VM_MEMATTR_WRITE_THROUGH
is still 3, the condition is always false.
This patch changes the condition to check whether mode is equal to any
of the VM_MEMATTR* constants.
Reviewed by: andrew, tuexen
Differential Revision: https://reviews.freebsd.org/D55534
Event: Wiesbaden Hackathon 2026
(cherry picked from commit 0272359ada144aa540c28fefaf996afa30dc0aa5)
tcp: improve handling of segments in TIME WAIT
The check for excluding duplicate ACKs needs to consider only TH_SYN
and TH_FIN. We know that TH_ACK is set and TH_RST is cleared. All
other flags, in particular TH_ECE, TH_CWR, and TH_AE needs to be
ignored for the check.
PR: 292293
Reviewed by: rrs
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D55489
Event: Wiesbaden Hackathon 2026
(cherry picked from commit f3364d3c8c876074a9a6f68168e5eb8bd60207de)