py-acme py-certbot*: updated to 5.3.0
5.3.0
Added
A new command line flag, --ip-address, has been added. This requests certificates with IP address SANs when using the standalone or manual plugin. Note that for Let's Encrypt's implementation of IP address certificates, you'll also need to pass --preferred-profile shortlived.
Changed
Deploy directory hooks are now also run when using certbot certonly or certbot run to get a new cert. This change was made for pre and post directory hooks in our 3.2.0 release so this change unifies Certbot's behavior here.
A few largely unused functions/types have been deprecated in our effort to remove our pyOpenSSL dependency:
* Deprecated: certbot.crypto_util.get_sans_from_cert
* Deprecated: certbot.crypto_util.get_names_from_cert
* Deprecated: certbot.crypto_util.get_names_from_req
* Deprecated: certbot.crypto_util.import_csr_file (and replaced by certbot.crypto_util.read_csr_file)
* Deprecated: acme.crypto_util.Format
achallenges.KeyAuthorizationAnnotatedChallenge, achallenges.DNS, and achallenges.Other have a new field identifier, of type acme.messages.Identifier. This should be used in place of the domain field, which is now deprecated both as an attribute and during object creation.
Authenticator.get_chall_pref's argument has been renamed from domain to identifier, and can now receive string-formatted IP addresses in addition to domain names.
[6 lines not shown]
[CodeGen] Simplify ExpandPostRA::LowerSubregToReg. NFC. (#179634)
SUBREG_TO_REG always has a non-zero subreg index so DstSubReg can never
be the same as DstReg.
graphics/opencv: unbreak build on aarch64 (+)
Since 4.13.0, usage of KleidiCV (arm-specific acceleration library) is on by default which breaks aarch64 build.
Set it to OFF to mimics previous behavior until library will be ported to FreeBSD.
[AArch64][llvm] Remove `+xs` gating for `tlbip *nxs` instructions
A recent specification update has removed FEAT_XS gating for `tlbip *nxs`
instructions. It remains gated on FEAT_XS for `tlbi *nxs` instructions.
[AArch64][llvm] Gate some `tlbip` insns with +tlbid or +d128
Change the gating of `tlbip` instructions containing `*E1IS*`, `*E1OS*`,
`*E2IS*` or `*E2OS*` to be used with `+tlbid` or `+d128`. This is because
the 2025 Armv9.7-A MemSys specification says:
```
All TLBIP *E1IS*, TLBIP*E1OS*, TLBIP*E2IS* and TLBIP*E2OS* instructions
that are currently dependent on FEAT_D128 are updated to be dependent
on FEAT_D128 or FEAT_TLBID
```
[AArch64][llvm] Remove `+d128` gating on `sysp`, `msrr` and `mrrs` instructions
Remove `+d128` gating on `sysp`, `msrr` and `mrrs` instructions.
We removed gating for `sys`, `mrs` and `mrs` instructions previously,
on the basis that it doesn't add value, as it doesn't indicate that
any particular system registers or system instructions are available.
Therefore, remove `+d128` gating for these too.
(In an upcoming change, some `tlbip` instructions, which are `sysp` aliases
are allowed to be used with either `+d128` or `tlbid`. If we don't remove
this gating, then it would require some ugly work-arounds in the code to
support the relaxation mandated by the 2025 MemSys specification.
In this change, retain `+d128` gating for all `tlbip` instructions, which
will then be loosened to either `+d128` or `+tlbid` in a subsequent change)
[X86] Fold EXPAND(X,Y,M) -> SELECT(M,X,Y) when M is a lowest bit mask (#179630)
If a EXPAND node mask is just the lowest bits, then we can replace it
with a more general SELECT node, which can be cheaper and potentially
allow predication.
Fixes #179008
Improve rde_apply_set() performance by changing filter_sets in the RDE.
Switch away from a linked list of filter_set elements and instead use
an array of stripped down rde_filter_set_elm elements. As a result
rde_apply_set() becomes more efficent since the CPU is no longer waiting
all the time for memory accesses.
Introduce a new way to send and recv the imsgs for IMSG_FILTER_SET.
There is a send and receive function in the new bgpd_imsg.c file that
is also used by bgpctl. The receive function is a lot more strict
and on top of this add imsg_check_filterset() which validates messages
sent on the control socket before passing them on.
OK tb@
zlib-ng: updated to 2.3.3
2.3.3
Bug fixes
Make deflate output deterministic if stream is reused after deflateReset
minigzip: Fix integer overflow in gz_compress_mmap
Use GCC's may_alias attribute for access to buffers in crc32_chorba
Fix false-positive infinite loop warning detected by GCC-14 static analyzer
Fix warning for potentially uninitialized local variable ft used.
Tests
Fixed casting warning in benchmark_uncompress on MSVC
nodejs: updated to 25.6.0
25.6.0 (Current)
Notable Changes
- (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung)
- (SEMVER-MINOR) net: add setTOS and getTOS to Socket (Amol Yadav)
- (SEMVER-MINOR) src: add initial support for ESM in embedder API (Joyee Cheung)
- src: improve TextEncoder encode performance with simdutf (Mert Can Altin)
- (SEMVER-MINOR) stream: add bytes() method to node:stream/consumers (wantaek)
- (SEMVER-MINOR) test_runner: add env option to run function (Ethan Arrowood)
- url: update Ada to v3.4.2 and support Unicode 17 (Yagiz Nizipli)
[NFC][LLVM] Make `MachineInstrBuilder::constrainAllUses` return `void` (#179632)
This function always returns `true`; so we can transform it to return
`void` and simplify the code.
Follow up of https://github.com/llvm/llvm-project/pull/179501 .
