Firewall - fix interface sortng by value for live-log and groups, closes https://github.com/opnsense/core/issues/10348
We might consider moving the sorting logic to BaseListField at some point as most cases expect sort by value anyway and we only have a couple of exceptions to that logic.
py-paramiko: updated to 5.0.0
5.0.0
[Feature]: Added a new, optional file_format keyword argument to PKey.write_private_key and PKey.write_private_key_file to allow writing out OpenSSH-style private key files in addition to the legacy PEM format.
Warning
While the default format remains PEM in Paramiko 5, future major releases are likely to change that default to the OpenSSH format. We recommend updating any key-writing code you have to be explicit now, to insulate yourself from such an update.
[Bug]: Added a password kwarg to PKey.from_type_string so it can handle encrypted keys like most other PKey constructors already could.
[Bug]: Fix Ed25519Key’s internals such that it no longer throws AttributeError during calls to __repr__ when only partly initialized. This isn’t a normal runtime problem (it only happens inside error handling for fatal errors like “not a valid private key”) but was perennially complicating test failure diagnosis and similar scenarios.
[Support]: Removed the demos/ folder; they’ve become too big a support burden and we’ve wanted to remove them for years.
Users who enjoyed the client-side demos should look at our wrapper library, Fabric.
We suspect the most-used demo was demos/demo-server.py and may consider adding a variant of it to the actual Python package in future.
[Support]: Renamed PKey.from_path’s passphrase argument to password so it’s consistent with all the other methods of instantiating PKey objects.
[24 lines not shown]
[libc][NFC] Make LIBC_MATH safer and some minor improvements for floating point exception tests. (#199392)
- Wrap LIBC_MATH usages inside parentheses
- Skip clearing exceptions when not needed.
- Skip FE_INEXACT when testing FE_UNDERFLOW / FE_OVERFLOW for basic ops.
fabric: updated to 3.2.3
3.2.2
[Bug]: fabric.runners.Remote failed to properly deregister its SIGWINCH signal handler on shutdown; in rare situations this could cause tracebacks when the Python process receives SIGWINCH while no remote session is active. This has been fixed.
[Bug] 2204: The signal handling functionality added in Fabric 2.6 caused unrecoverable tracebacks when invoked from inside a thread (such as the use of fabric.group.ThreadingGroup) under certain interpreter versions. This has been fixed by simply refusing to register signal handlers when not in the main thread. Thanks to Francesco Giordano and others for the reports.
[X86] LowerFLDEXP: convert widened int exponent to FP before SCALEF (#199263)
For vector ldexp cases that LowerFLDEXP implements by widening to a
512-bit SCALEF operation, the code widened both X and Exp but passed
the widened integer exponent directly to SCALEF, which interprets
its inputs as IEEE-754 floats.
Convert the widened integer exponent to FP and pass that to SCALEF.
Reproducer (clang -O2 -mavx512f repro.c -o repro && ./repro):
```
#include <stdio.h>
typedef float v4f __attribute__((vector_size(16)));
typedef int v4i __attribute__((vector_size(16)));
__attribute__((noinline))
v4f ldexp_v4(v4f x, v4i e) {
return __builtin_elementwise_ldexp(x, e);
[22 lines not shown]
py-bumpver: updated to 2026.1132
2026.1132
- Add `allowed_branches` config option to restrict which branches can be released from. Accepts a comma-separated list of glob patterns (e.g. `master,main,release-*`). Empty (the default) allows any branch.